This is our old Q&A Site. Please post any new questions and answers at

My organization recently picked up the WireShark University disc set through a trusted retailer.

I loaded disk 4 and scanned it with symantec. The tftp.pcap file is infected with W32.spybot.ATEW.

Is this a threat?

Or is my A/V software detecting the signature of the spybot in the PCAP file and it's not a threat?

Disk 2 is also infected with W32.spybot.ATEW.


asked 16 Sep '10, 05:35

mdskier's gravatar image

accept rate: 0%

Hello - we created the original DVD set and, assuming you have that original set, the DVDs are not infected with W32spybot - the trace file you refer to contains signatures of the communications to and from a bot-infected host. It is a .pcap file (trace file) and not an executable so loading it in Wireshark does not pose a risk.

Interesting that the majority of spyware detection tools do not have a problem while some scream bloody murder. Some even tag Wireshark as a "hacktool virus."

If you have any other thoughts/concerns, please post again.

Laura Chappell

permanent link

answered 16 Sep '10, 08:07

lchappell's gravatar image

lchappell ♦
accept rate: 8%

Better safe then sorry.

Thanks Laura.

permanent link

answered 16 Sep '10, 12:22

mdskier's gravatar image

accept rate: 0%

I agree!!!

(16 Sep '10, 12:35) lchappell ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 16 Sep '10, 05:35

question was seen: 2,172 times

last updated: 16 Sep '10, 12:35

Related questions

p​o​w​e​r​e​d by O​S​Q​A