How do I rid my PC of Wireshark Antivirus?

Andrew

2010-08-04 13:08:54 UTC

Its a rouge antivirus. Reboot your computer and while its turning on press f8. Then arrow over to Safe Mode With Networking. Go to www.Malwarebytes.org and download the free version. Update Malwarebytes and run a full scan. There you go your Wireshark Antivirus is gone!

2014-08-16 06:07:32 UTC

The best way is to download Ccleaner here http://bitly.com/UrALrK

Or you can go on Windows operating system locate the command prompt and go there to do the following:

Create a Recovery file of system and date it today.

Then begin by;

delete the 'Temp' folders..they have hidden subfolders so you need to set the attributes in order to bypass this. For each subfolder delete all cookies and rubbish left behnd after install-uninstalled programs. Do a 'dir' command to check your progress. Make sure the 'Temp' file is empty.

goto c:\windows\prefetch and delete everything in there..no exceptions

goto c:\windows folder and delete all the '$' files that have been installed by updates. They can all be succesfully deleted and just take up disk space.

Locate the Internet Temporary Files..Check to see how high the saving level is..some have it set at 30 days..but that stores faaaar tooo much data..though it slows down the system overal. Keep this to a minimum..suggest 2 or 5 at most.

Delete all 'cookies' all those you don't need.

Locate the windows directory and go through the folders you know and those you don't need. Check this once a week at least. Some programs will install under XP as NT and older systems where there is no check of systems weight.

Check to see that system files have not changed since last booting. Things like .ini files or .bat are important items.

Check for 'Hidden Directories' all over the disk...do this at the command prompt:

dir *.* /ah wil show these hidden directories

Check the 'dir' command for all parameters

Vaughn

2016-08-22 23:20:15 UTC

2

David

2010-08-05 05:34:18 UTC

I got rid of it yesterday, fairly easily since I'm not a computer expert at all. I experienced many of the same symptoms: couldn't install and run AVG, couldn't do a system restore, couldn't launch Add/Remove Programs, etc. My son said he thought it happened while watching youtube videos. So...

First I opened Task Manager and selected Applications, where it showed Wireshark running. Then I opened My Computer and clicked my way down into the Program Files until I found a folder called Wireshark. (couldn't delete it there; access denied, can't turn it off while it's running, etc.) So I quickly closed the Wireshark windows that kept popping up, either clicking on the X in the corner or right clicking in the system tray to get them closed, and repeatedly selecting End Task in Task Manager. It was a lot of clicking. As soon as it appeared to be closed, and before it could restart itself, I right-clicked on its folder in My Computer and selected delete, where it quickly disappeared.

I didn't think it could have been deleted so quickly/easily, but I immediately did a successful system restore to about a month ago, then downloaded and installed the AVG update. So far, so good one day later! Good luck with your efforts.

2010-08-04 13:49:43 UTC

NOTE: Wireshark is the brand name of a company that does NOT make any type of anti-virus software. The cool name has been stolen and abused by a malware author.

Infection seems to be new today, 11/4/10

Pops up 1 or two windows claiming your PC is infected and asking approval.

I managed to stop it manually, using alt-f4 repeatedly

here's what I learned:

It hides in "C:\Users\UserName\AppData\Roaming"

- creates a folder called wireshark with wireshark.exe inside

- creates svchost.exe 25K

- creates another file (probably randomly) named alggui.exe 42K

- another copy later found in: "C:\Users\UserName\AppData\Roaming\Micro… Menu\Programs\Startup\svchost.exe"

using procexp: (downloadable from Microsoft, looks like Task Manager on steroids

Find 2 processes alggui (or whatever) and svchost running under user context (not as service)

kill em with procexp )

Since it's new, rename the files and folders to something like zzz-svchost.exe

then use msconfig to disable at start and allow immediate reboot

This is not guaranteed to be a full fix, but it at least gets your PC back for a while (4 boots/6 hours so far)

run scans every day for the next week until your AV program gets the update and finds infectious files zzz... .

more details at: http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_26380170.html

update:

Looks like a new variant.

According to VirusTotal, here's the scanners that are detecting it, and their names for it:

Avast Win32:Genome-IO

Avast5 Win32:Genome-IO

ClamAV HTML.Trojan.FakeAV

DrWeb Trojan.Fakealert.18615

eTrust-Vet Win32/SillyDl.VFY

GData Win32:Genome-IO

McAfee Generic Downloader.x!dxb

McAfee-GW-Edition New Malware.x

Microsoft Trojan:Win32/FakeScanti

NOD32 a variant of Win32/Adware.PCProtector.D

Rising Trojan.Win32.Generic.5203A5E2

Sophos Mal/Emogen-Y

VBA32 suspected of Embedded.Trojan-Downloader.Win32.Small.a

?

2010-08-04 13:38:10 UTC

Hi, I'm the lead developer of the Wireshark network protocol analyzer. Please be aware that we do not and have never made antivirus software. Early this morning we started getting calls about "Wireshark Antivirus". Unfortunately we don't have much information about this other than that some jackass is using our name. The only reference to this I've found with any information is this forum post: http://www.bleepingcomputer.com/forums/topic337180.html

Can you see if you have a file called "C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe" on your system? If so, can you reboot to safe mode as Andrew described and submit it Malwarebytes and/or Microsoft at https://www.microsoft.com/security/portal/Submission/Submit.aspx and/or Spybot Search & Destroy at http://www.safer-networking.org/en/contact/detections.html ?

@michael s: The link in your answer shows how to delete the Wireshark network protocol analyzer, not the "Wireshark Antivirus" trojan. WTF?

Jamie

2010-08-04 13:14:46 UTC

If you are unable to download or run programs, I would suggest that you boot your computer into Safe Mode with Networking by pressing F8 while your computer is booting up and then try to download and run both an antivirus scan, as well as an antispyware or antimalware scan.

If you need a free antivirus program, I would suggest that you try using Microsoft Security Essentials, which can be downloaded from the link below.

http://Microsoft.com/Security_Essentials

If you need a free antimalware program, perhaps you should try using MalwareBytes, which can be downloaded from the link below.

http://MalwareBytes.org

Both of these programs are free and don't require that you pay in order to renew any subscriptions.

Also, perhaps you should consider trying Mozilla FireFox, which is a free browser that is safer than Internet Explorer and can also be customized with a variety of different add-ons and themes. If you'd like to try using Mozilla FireFox, you can download it from the link below.

http://Mozilla.com

If you're still unable to remove this computer virus, perhaps you should consider reformatting your computer's hard drive.

However, if you choose to reformat your computer's hard drive, you will lose all of your files and data, so I would suggest that you back up all of the files and data that you would like to keep before you reformat.

If you choose to reformat your computer's hard drive, you may be able to do so by using the system recovery CD that came with your computer.

If your computer did not come with a system recovery CD, perhaps you should contact your computer's manufacturer and ask if they would be able to send you one.

Another way that you may be able to reformat your computer's hard drive would be to purchase a copy of Windows from a store, such as Best Buy, and then try to use that CD to reformat your computer's hard drive.

Good luck and I hope I helped you!

?

2010-08-05 07:28:50 UTC

Wireshark Antivirus is a rogue antispyware application, which should be removed from the infected system ASAP!

Check out this link below for easy to understand removal instructions:

http://www.pcthreat.com/parasitebyid-10221en.html

Bianca

2010-08-04 16:11:22 UTC

OMG this just happened to me around the same time you posted this question. I've tried system restore but of course it won't let me open that. I tried logging off and logging back on while pressing F8 but idk if i'm supposed to choose safe mode of enable bootlegging or what. there's a few options there and im confused which one to choose. i really need to use windows movie maker and it won't let me. what did you do. anything working for you yet?

AWAISS

2010-08-04 20:48:07 UTC

Hello

here is website where you can find open source Anti virus

http://mayrapakistan.com/software.html

Mike S

2010-08-04 13:17:59 UTC

http://www.spy-emergency.com/research/W/WireShark.html