Wireshark-users: Re: [Wireshark-users] Trojans associate with Wireshark, WinPCap, etc

Date: Sun, 01 Nov 2015 09:46:35 -0800
Yes I am.  But these trojans were not present a on the 28th of October. 
Meaning that the database update since the 28th would have had to have
contained this misinformation. I have contacted ClamAV but they have not
responded yet.  SANS is involved in this issue as well.

On Sun, Nov 1, 2015, at 09:12 AM, Pascal Quantin wrote:
> 2015-11-01 17:58 GMT+01:00 <gedropi@xxxxxxxxxxx>:
> 
> >
> > After discovering the attached trojans during a scan on the 30th, I
> > removed infected files, scrubbed the registry, repeated the scan. Nada.
> > Then, I needed to replace the networking tools by downloading fresh
> > copies of the removed, infected exe files.  Upon downloading various
> > tools from their respective websites, I repeated the virus scan to be
> > sure. All newly downloaded exe files were again infected with the same
> > trojans.
> >
> > Since all the Wireshark & WinPCap files were affected, I was wondering
> > if any of you out there have had the same experience?
> >
> > I hope that someone can help me brainstorm for a fix.  I need to use the
> > tools of the trade.
> >
> > Thanks for any ideas.
> >
> 
> Hi,
> 
> Are you using ClamAV by any chance? as reported by Gerald Comb
> (Wireshark's
> leader) on the development list (
> https://www.wireshark.org/lists/wireshark-dev/201510/msg00125.html) this
> seems to be a false positive reported to clamav.net.
> 
> Best regards,
> Pascal.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe