Wireshark Antivirus

Wireshark Antivirus is a bogus security application that will install itself on computers without user’s permission. Wireshark Antivirus is different and not developed by CACE Technologies as assumed by some victims. Instead, it is a rogue program developed to mislead computer users. Other potentially unwanted application that comes from the same group of fraud software includes Sysinternals Antivirus and Your PC Protector. Several studies shows that Wireshark Antivirus can easily penetrate a computer and secretly configures itself to run each time Windows starts. It can accomplish by modifying the registry and adding its own entry.

Fake antivirus web sites and Trojans are responsible in propagating Wireshark Antivirus via Internet and email messages. This malware may also disguise as legitimate software update for Adobe programs.

Commonly, unwanted program such as Wireshark Antivirus will attempt to trick and convince user to purchase the registered version. However, since it was fake, expect that having the full version will have no benefits for end users. We advise an immediate removal of Wireshark Antivirus as soon as a presence is detected on the computer. Make sure to remove all hidden malicious file related to this unwanted program. This can be done by running both legitimate anti-virus and anti-malware software.

Screen Shot Image:

Wireshark Antivirus Image

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

Malware Behavior
Wireshark Antivirus will produce many fake security warnings. It also disturbs computer operation by constantly displaying system tray alerts stating several infections are detected. Additionally, this malware will prohibit execution of installed programs and shows up the following warning:

Security Warning:
The file C:\Program Files\[program name] is infected.
Running of application is impossible.
Please activate your antivirus software.

[cf]regis[/cf] [cf]files[/cf]

How to Remove Wireshark Antivirus

This rogue security product will invade the computer by means of a Trojan. Therefore, it is important that both the Trojan and Wireshark Antivirus are eliminated from the compromised computer.

Wireshark Antivirus Removal Tool

1. Download removal software and save it on your Desktop.

2. After downloading, double-click on the file to install the application.

3. Follow the prompts and install as “default” only.

4. Before the installation completes, you need to update the database.- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.

6. Scan your computer thoroughly.

7. When scanning is finished, click on the “Show Results.”

8. Make sure that all detected threats are marked, click on Remove Selected.

9. Restart the computer.

10.Additionally, you may proceed with more tools below to ensure that no remnants of Wireshark Antivirus are left in the computer.

Scan with Portable Antivirus:

Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. It can be downloaded for free.

Remove Wireshark Antivirus with Portable SuperAntiSpyware:

To thoroughly clean a computer, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be removed as well. Click here to download and run SAS Portable Scanner.

1. Download removal software and save it on your Desktop.

2. After downloading, double-click on the file to install the application.

3. Follow the prompts and install as “default” only.

4. Before the installation completes, you need to update the database.- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.

6. Scan your computer thoroughly.

7. When scanning is finished, click on the “Show Results.”

8. Make sure that all detected threats are marked, click on Remove Selected.

9. Restart the computer.

10. Additionally, you may proceed with more tools below to ensure that no remnants of Wireshark Antivirus are left in the computer.

Scan with Portable Antivirus:

Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. It can be downloaded for free.

Alternative Removal Method for Wireshark Antivirus

Option 1 : Use Windows System Restore to return Windows to previous state

If Wireshark Antivirus enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Wireshark Antivirus infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Wireshark Antivirus manual uninstall guide

IMPORTANT! Manual removal of Wireshark Antivirus requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Wireshark Antivirus.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Wireshark Antivirus files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Wireshark Antivirus.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries: