Wireshark Antivirus Antivirus is the latest variant of rogue security application ascending from the family of Sysinternals Antivirus and Your PC Protector. The developer of Wireshark Antivirus makes it easy to plant itself on computers without a notice. In fact, it can disable any running antivirus application on victims computer. Additional annoyances such as browser redirection, blocking of internet and pop-up advertisements are purposely made to endorse Wireshark Antivirus as the one who can fix it. A prompt to acquire the registered version of the program is displayed from time-to-time and when executed, a new browser window containing payment processing is displayed. Users may input the credit card details and confidential information. Gathered details will be used by malware authors for other online illegal activities.
Avoid this malicious program by avoiding web sites that endorse unknown security application or automatically running a virus scan once visited. Disconnect immediately your internet connection to hamper the downloading of Wireshark Antivirus on to the computer. Do a full scan of computer to remove any remaining Wireshark Antivirus files. Install and update your antivirus application to prevent future infections and catch the latest threats before it penetrates a computer.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Wireshark Antivirus Infection?
It will modify Windows Registry and add the following entry/entries:
HKEY_CURRENT_USER\Software\Wireshark Antivirus
HKEY_CLASSES_ROOT\CLSID{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplorerBrowser Helper Objects{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetServicesAdbUpd
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavapp”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavappr”
The threat will drop the following malicious file/files:
%Program Files%\Wireshark Antivirus
%Program Files%\Wireshark Antivirus\Wireshark Antivirus.exe
%Program Files%\adc_w32.dll
%Program Files%\alggui.exe
%Program Files%\extra1.dat
%Program Files%\extra2.dat
%Program Files%\nuar.old
%Program Files%\skynet.dat
%Program Files%\svchost.exe
%Program Files%\wp3.dat
%Program Files%\wp4.dat
%Program Files%\scdata
%Program Files%\scdata\dbsinit.exe
%Program Files%\scdata\wispex.html
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\lleod150
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmharun.log
%Documents and Settings%\[User Name]\Application Data\Microsoft\Internet Explorer\wmrun.log
%Documents and Settings%\[User Name]\Start Menu\Programs\Wireshark Antivirus
%Documents and Settings%\[User Name]\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk
How to Remove Wireshark Antivirus Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Wireshark Antivirus
1. Download and run Removal Tool to remove this computer threat.