Wireshark Antivirus

5 August 2010 Rogue 3 Comments

Wireshark Antivirus is a bogus security application that will install itself on computers without user’s permission. Wireshark Antivirus is different and not developed by CACE Technologies as assumed by some victims. Instead, it is a rogue program developed to mislead computer users. Other potentially unwanted application that comes from the same group of fraud software includes Sysinternals Antivirus and Your PC Protector. Several studies shows that Wireshark Antivirus can easily penetrate a computer and secretly configures itself to run each time Windows starts. It can accomplish by modifying the registry and adding its own entry.

Fake antivirus web sites and Trojans are responsible in propagating Wireshark Antivirus via Internet and email messages. This malware may also disguise as legitimate software update for Adobe programs.

Commonly, unwanted program such as Wireshark Antivirus will attempt to trick and convince user to purchase the registered version. However, since it was fake, expect that having the full version will have no benefits for end users. We advise an immediate removal of Wireshark Antivirus as soon as a presence is detected on the computer. Make sure to remove all hidden malicious file related to this unwanted program. This can be done by running both legitimate anti-virus and anti-malware software.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

Malware Behavior
Wireshark Antivirus will produce many fake security warnings. It also disturbs computer operation by constantly displaying system tray alerts stating several infections are detected. Additionally, this malware will prohibit execution of installed programs and shows up the following warning:

Security Warning:
The file C:\Program Files\[program name] is infected.
Running of application is impossible.
Please activate your antivirus software.

Added Registry Entries:

HKCU\Software\Wireshark Antivirus
HKCR\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKLM\SYSTEM\ControlSet001\Services\AdbUpd 

Associated Files and Folders:

c:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
c:\Program Files\adc_w32.dll
c:\Program Files\alggui.exe
c:\Program Files\nuar.old
c:\Program Files\skynet.dat
c:\Program Files\svchost.exe
c:\Program Files\wp1.dat
c:\Program Files\wpp.exe
%UserProfile%\Desktop\Wireshark Antivirus.lnk
%UserProfile%\Local Settings\Temp\win1.tmp
%UserProfile%\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk 

This rogue security product will invade the computer by means of a Trojan. Therefore, it is important that both the Trojan and Wireshark Antivirus are eliminated from the compromised computer.

Wireshark Antivirus Removal Tool

1. Download removal software and save it on your Desktop.

2. After downloading, double-click on the file to install the application.

3. Follow the prompts and install as “default” only.

4. Before the installation completes, you need to update the database.- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.

6. Scan your computer thoroughly.

7. When scanning is finished, click on the “Show Results.”

8. Make sure that all detected threats are marked, click on Remove Selected.

9. Restart the computer.

10.Additionally, you may proceed with more tools below to ensure that no remnants of Wireshark Antivirus are left in the computer.

Scan with Portable Antivirus:

Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. It can be downloaded for free.

Remove Wireshark Antivirus with Portable SuperAntiSpyware:

To thoroughly clean a computer, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be removed as well. Click here to download and run SAS Portable Scanner.

1. Download removal software and save it on your Desktop.

2. After downloading, double-click on the file to install the application.

3. Follow the prompts and install as “default” only.

4. Before the installation completes, you need to update the database.- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.

6. Scan your computer thoroughly.

7. When scanning is finished, click on the “Show Results.”

8. Make sure that all detected threats are marked, click on Remove Selected.

9. Restart the computer.

10. Additionally, you may proceed with more tools below to ensure that no remnants of Wireshark Antivirus are left in the computer.

Scan with Portable Antivirus:

Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. It can be downloaded for free.