Wireshark-users: Re: [Wireshark-users] Trojans associate with Wireshark, WinPCap, etc

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Sun, 1 Nov 2015 18:12:39 +0100
2015-11-01 17:58 GMT+01:00 <gedropi@xxxxxxxxxxx>:

After discovering the attached trojans during a scan on the 30th, I
removed infected files, scrubbed the registry, repeated the scan. Nada. 
Then, I needed to replace the networking tools by downloading fresh
copies of the removed, infected exe files.  Upon downloading various
tools from their respective websites, I repeated the virus scan to be
sure. All newly downloaded exe files were again infected with the same
trojans.

Since all the Wireshark & WinPCap files were affected, I was wondering
if any of you out there have had the same experience?

I hope that someone can help me brainstorm for a fix.  I need to use the
tools of the trade.

Thanks for any ideas.

Hi,

Are you using ClamAV by any chance? as reported by Gerald Comb (Wireshark's leader) on the development list (https://www.wireshark.org/lists/wireshark-dev/201510/msg00125.html) this seems to be a false positive reported to clamav.net.

Best regards,
Pascal.