Wireshark Antivirus is from the same family as XJR Antivirus, AKM Antivirus 2010 Pro and Your PC Protector. Please note that this rogue program has nothing to do with Wireshark which is a very helpful packet analyzer made by CACE Technologies Inc. They made a public announcement about this issue. It's not the first time when rogue programs abuses reputable software names.
Once Wireshark Antivirus is installed, it will pretend to scan your computer and display a list of infected files that can be cleaned or removed only with a full version of the program. This is nothing more but a scam. The worst thing is that this fake program blocks legitimate anti-malware software and security related websites. It may even display adult icons on your Desktop and redirect you to various misleading websites. It will block Task Manager, registry editor and other useful tools too. Furthermore, it will constantly display fake security alerts and pop ups about non-existent infections or system security threats. If you attempt to run a program (let's say Notepad) Wireshark Antivirus blocks it and display the following warning:
Warning!
Running of application is impossible.
The file C:\Windows\System32\notepad.exe is infected.
Please activate your antivirus program.
Some of the other fake alerts you may see on your computer screen:
Wireshark Antivirus is one of those very annoying rogue security products. It uses various misleading methods to trick you into purchasing the program. Besides, it's promoted through the use of Trojans and other malware. It's a virus itself. If your computer got infected with this rogue program please follow the removal instructions below to remove Wireshark Antivirus for free using legitimate anti-malware programs. You should also purge all system restore points and make a new one after you successfully remove this virus from your PC. Last, but not least, if you have any additional information or questions about this malware please leave a comment. Good luck and be safe!
UPDATE: you may use this key: significantother to activate the rogue program and make the removal procces a bit easier. Many thanks to S!Ri.URZ.
Wireshark Antivirus removal instructions:
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.
2. In the command prompt window type "notepad". Notepad will come up.
3. Copy all the text in blue color below and paste into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
4. Save file as regfix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on regfix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download one of the following anti-malware applications:
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Wireshark Antivirus associated files and registry values:
Files:
- C:\Program Files\adc_w32.dll
- C:\Program Files\alggui.exe
- C:\Program Files\nuar.old
- C:\Program Files\skynet.dat
- C:\Program Files\svchost.exe
- C:\Program Files\wp3.dat
- C:\Program Files\wp4.dat
- C:\Program Files\wpp.exe
- C:\Program Files\Wireshark Antivirus\
- C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
- %UserProfile%\Local Settings\Temp\win1.tmp
- %UserProfile%\Local Settings\Temp\win2.tmp
- %UserProfile%\Start Menu\Programs\Wireshark Antivirus\
- HKEY_CURRENT_USER\Software\Wireshark Antivirus
- HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
No comments:
Post a Comment