Posts: 0
Threads: 0
Joined: Sep 2018
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Hello, I got a virus if you want to know how I got it I will explain later. But right now I need someone to help me remove this forever.
Quote: (01-19-2022, 10:30 PM)karikarikari136 Wrote: [To see links please register here] Hello, I got a virus if you want to know how I got it I will explain later. But right now I need someone to help me remove this forever.
btw I think that sv.chost and my windows reg key got damaged or stolen till now. Ive seen worse but yea I still want to get back on my feet as I was before this libyan virus.
|
Posts: 0
Threads: 0
Joined: Jul 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-19-2022, 10:47 PM)DrangBrang Wrote: [To see links please register here] copy and pasted from article:
Neshta infects Windows system executable files, attaching malicious code to them. It also names itself "svchost.com" - Neshta's victims can find this process running in Task Manager and its executable file in "C:\Windows\". This malware modifies the Windows registry, so this process starts running each time an infected executable (.exe) file is launched.
I.e., Neshta creates a persistence mechanism. Note that it does not target .exe files that contain "%SystemRoot%", "%Temp%" or "\PROGRA~1\" in their paths. Additionally, this malware delivers two other files ("directx.sys" and "tmp5023.tmp"), storing them in the "%SystemRoot%\" and "%Temp%\" directories respectively.
link: [To see links please register here] .
What software did u download? ALso disconnect from wifi.
Okay this is so embarrasing for me but I was looking for configs and I saw this netflix checker, I downloaded it saw that its not a config but still clicked on it trying to run it just to see whats up and there when nothing showed I understood that I had fucked up!
PLS tell me what to do next, now I will turn off wifi on my pc and text from another device.
[/quote]
|
Posts: 0
Threads: 0
Joined: Nov 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
copy and pasted from article:
Neshta infects Windows system executable files, attaching malicious code to them. It also names itself "svchost.com" - Neshta's victims can find this process running in Task Manager and its executable file in "C:\Windows\". This malware modifies the Windows registry, so this process starts running each time an infected executable (.exe) file is launched.
I.e., Neshta creates a persistence mechanism. Note that it does not target .exe files that contain "%SystemRoot%", "%Temp%" or "\PROGRA~1\" in their paths. Additionally, this malware delivers two other files ("directx.sys" and "tmp5023.tmp"), storing them in the "%SystemRoot%\" and "%Temp%\" directories respectively.
link: [To see links please register here] .
What software did u download? ALso disconnect from wifi.
|
Posts: 0
Threads: 0
Joined: Jan 2021
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-19-2022, 11:13 PM)DrangBrang Wrote: [To see links please register here]
Quote: (01-19-2022, 10:52 PM)karikarikari136 Wrote: [To see links please register here]
Quote: (01-19-2022, 10:47 PM)DrangBrang Wrote: [To see links please register here] copy and pasted from article:
Neshta infects Windows system executable files, attaching malicious code to them. It also names itself "svchost.com" - Neshta's victims can find this process running in Task Manager and its executable file in "C:\Windows\". This malware modifies the Windows registry, so this process starts running each time an infected executable (.exe) file is launched.
I.e., Neshta creates a persistence mechanism. Note that it does not target .exe files that contain "%SystemRoot%", "%Temp%" or "\PROGRA~1\" in their paths. Additionally, this malware delivers two other files ("directx.sys" and "tmp5023.tmp"), storing them in the "%SystemRoot%\" and "%Temp%\" directories respectively.
link: [To see links please register here] .
What software did u download? ALso disconnect from wifi.
Okay this is so embarrasing for me but I was looking for configs and I saw this netflix checker, I downloaded it saw that its not a config but still clicked on it trying to run it just to see whats up and there when nothing showed I understood that I had fucked up!
PLS tell me what to do next, now I will turn off wifi on my pc and text from another device.
I’ll legit tell you that was dumb (Sorry for putting you down...). Anyway next time use sandboxie if you get curious! (Must be fate I just started a shop and I got config packs for $0.50)
Note: I don’t us’e an antivirus…just a heads up
Here’s what you should do:
Turn of Wifi
Get a USB or SD with a AV on it.
Plug it into infected computer and let it do its job.
And try to kill the virus to task manager (manually)!
If that doesn’t work Then you have to manually be quick at doing TASK KILL, then deleteing infected folder.
My virus story:
I had a virus that always turned on my computer! It never turned off (F'ed up big time). It took me 1-2hrs of task kill, and using a batch script(from the internet) to remove the virus. The good thing is that with all my virus experiences I don’t rely on AV anymore. I never use AV.
[/quote] Damn man your story is crazy. And alright I will try to do that but first I will try to start computer on Network mode or something like that I read the article that you sent. Thanks for that info I will rely to that tomorrow. Btw I wasnt and Im not in mood when I did clicked there and got the virus. I kinda knew where I was dragging myself fucking downloading and running every file that was coming up, I also got almost no sleep from the last night. Anyway do you think that resetting the pc and deleting all the files is a good choice too? Thanks for all.
|
Posts: 0
Threads: 0
Joined: Nov 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-19-2022, 10:52 PM)karikarikari136 Wrote: [To see links please register here]
Quote: (01-19-2022, 10:47 PM)DrangBrang Wrote: [To see links please register here] copy and pasted from article:
Neshta infects Windows system executable files, attaching malicious code to them. It also names itself "svchost.com" - Neshta's victims can find this process running in Task Manager and its executable file in "C:\Windows\". This malware modifies the Windows registry, so this process starts running each time an infected executable (.exe) file is launched.
I.e., Neshta creates a persistence mechanism. Note that it does not target .exe files that contain "%SystemRoot%", "%Temp%" or "\PROGRA~1\" in their paths. Additionally, this malware delivers two other files ("directx.sys" and "tmp5023.tmp"), storing them in the "%SystemRoot%\" and "%Temp%\" directories respectively.
link: [To see links please register here] .
What software did u download? ALso disconnect from wifi.
Okay this is so embarrasing for me but I was looking for configs and I saw this netflix checker, I downloaded it saw that its not a config but still clicked on it trying to run it just to see whats up and there when nothing showed I understood that I had fucked up!
PLS tell me what to do next, now I will turn off wifi on my pc and text from another device.
[/quote]
I’ll legit tell you that was dumb (Sorry for putting you down...). Anyway next time use sandboxie if you get curious! (Must be fate I just started a shop and I got config packs for $0.50)
Note: I don’t us’e an antivirus…just a heads up
Here’s what you should do:
Turn of Wifi
Get a USB or SD with a AV on it.
Plug it into infected computer and let it do its job.
And try to kill the virus to task manager (manually)!
If that doesn’t work Then you have to manually be quick at doing TASK KILL, then deleteing infected folder.
My virus story:
I had a virus that always turned on my computer! It never turned off (F'ed up big time). It took me 1-2hrs of task kill, and using a batch script(from the internet) to remove the virus. The good thing is that with all my virus experiences I don’t rely on AV anymore. I never use AV.
|
Posts: 0
Threads: 0
Joined: Jun 2020
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
You must send me a video of you twerking in your underwear it is essential for the virus to be removed.
|
Posts: 0
Threads: 0
Joined: May 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-19-2022, 11:32 PM)ballsinmyface445 Wrote: [To see links please register here] You must send me a video of you twerking in your underwear it is essential for the virus to be removed.
To be honest, Deleting the files could be good, however, the article states that it spreads to other software. And we don’t know if your specific virus attacked other things on your computer. Thereofore its possible for it to be silently collecting info. If there is nothing on your computer, just delete everything in my opinion.
if you have something you want to save move it to a usb, and carefully examine the files on another computer (without running them.)
good luck.
(better remove any saved chrome passwords.)
|
Posts: 0
Threads: 0
Joined: Dec 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:But right now I need someone to help me remove this forever.
If you have restore points available, hit a System Restore to a date of when your PC was functioning at Its optimal state.
|
Posts: 0
Threads: 0
Joined: Jan 2018
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-20-2022, 01:11 AM)mothered Wrote: [To see links please register here]
Quote:But right now I need someone to help me remove this forever.
If you have restore points available, hit a System Restore to a date of when your PC was functioning at Its optimal state.
Nope, I never created a system restore point. I was trying that thing what was said to remove the virus so there it said download Autoruns which is basically like Task Manager but better maybe, I downloaded Autoruns from my phone to not turn the wifi on on my pc, I extracted the file to my pc but when I tried to run Autoruns I couldn't because the virus Neshta loads the virus everytime you try to run a file .exe
Anyway now Im resetting my pc :smile:
After this reset I will just stick to learn coding and create my own config and other things, together with that I will create a System Restore point just in case.
Quote: (01-19-2022, 11:32 PM)ballsinmyface445 Wrote: [To see links please register here] You must send me a video of you twerking in your underwear it is essential for the virus to be removed.
My balls on your face.
Quote: (01-19-2022, 11:38 PM)DrangBrang Wrote: [To see links please register here]
Quote: (01-19-2022, 11:32 PM)ballsinmyface445 Wrote: [To see links please register here] You must send me a video of you twerking in your underwear it is essential for the virus to be removed.
To be honest, Deleting the files could be good, however, the article states that it spreads to other software. And we don’t know if your specific virus attacked other things on your computer. Thereofore its possible for it to be silently collecting info. If there is nothing on your computer, just delete everything in my opinion.
if you have something you want to save move it to a usb, and carefully examine the files on another computer (without running them.)
good luck.
(better remove any saved chrome passwords.)
Big thanks to you man, you were so helpful, I wish that you meet someone like you when your in a bad position. And that was a great tip too (removing chrome saved passwords) all this cracking thing learned me that already. I just want one more thing from you, can you tell me specifically which AV do you use and why or how do you prevent getting a virus?
|
Posts: 0
Threads: 0
Joined: Sep 2019
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(01-20-2022, 05:17 PM)DrangBrang Wrote: [To see links please register here] - I don’t use AV anymore so I don’t know what to say lol. Anyway After downloading a lot of applications I usually just check out the files it requires, and run it in VM or sandboxie (preferred) first. Also, it’s quite obvious where you download it from too. Some download sites just scream I’m a virus to begin with, so yeah. Overall, its my strong gut feeling mixed with a lot of knowledge and love for tech. Plus research your download thoroughly first. Once you find a download from a specific person just save their profile link or website.
- One more thing, I use to tinker with my windows a lot so I have a real good understanding of where everything is and the performance of my windows (Task manager: I always check this daily for some reason. It’s a habit. If something is out of the ordinary such as cpu or memory I investigate thoroughly)
- Conclusion: stick to Win defender if you already know your computer. If you don’t mess around with your computer a lot, go ahead and go find any AV, cuz they all gonna do the same thing(Make your computer run like shiot, especially with all the cracking and stuff it would really slow you down).
I love your response because that was me too I just followed always my instinct. Sometimes you can tell that the site or whatever your downloading from is sketchy. Where I downloaded the file was a telegram group with the sending messages option disabled now could you believe it there you cant even aware the other people that files there contain malwares! Now I guess I will just try to be more cautious.
|
|
