I have been infected by Virus:Win32/Neshta.A, and I’ve been unable to open any executable file(except Windows 10 apps, as they seem to have a different approach).
Virus:Win32/Neshta.A is the name reported by Windows Defender, while Avast reports Win32:Dh-A[Heur]. I’m not so sure if they are the same. I’ve also had more than 10 pop-up of Avast declaring onedrive.exe, flux.exe, svchost.com as threats because of Win32:Crypt-SKC[Trj].
Currently, I cannot open any exe, and a refresh did not work. I’m afraid that I might(hopefully not) need to format my computer.
Only one of my machines have WinDef, the rest have Avast, so I took information from both machines to see what the problem was. I was afraid after reading about Win32:Crypt-SKC, so I had to look at the other machines affected on the network.
I cannot confirm if I will be able to install Malwarebytes.
Avast doesn’t report anything, which is weird. It was showing pop-ups like crazy for Win32:Crypt-SKC[Trj].
For my sanity, I ran the scans again, with an internet connection this time. I disconnected the machine to avoid infecting other devices and also uploading of information(as Nestha is a virus that steals information, no?). I hope you can spot something.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.