Hi,
I downloaded Wireshark a month or more ago to our Windows computer,
but I think I didn't install it -- I think I had an older version
already installed, and so left it as is in my Download folder.
This morning Malwarebytes detected the Wireshark installer (I believe
its the installer -- I'm getting this 2nd hand from home) as
containing TeslaCrypt. (I've also downloaded the latest WireShark
installer here at work as well and it passes the scan.)
I think the binary was removed, not quarantined, but I'll check in
more detail when I get home this evening. If I can find the actual
binary, I could submit it to Malwarebytes for false positive
verification.
I suspect its a false positive, but it seems important enough that I
ought to query here. Is it possible that Wireshark has TeslaCrypt
signatures embedded in it for its own TeslaCrypt traffic detection?
Rich