My organization recently picked up the WireShark University disc set through a trusted retailer. I loaded disk 4 and scanned it with symantec. The tftp.pcap file is infected with W32.spybot.ATEW. Is this a threat? Or is my A/V software detecting the signature of the spybot in the PCAP file and it's not a threat? Disk 2 is also infected with W32.spybot.ATEW. Thanks asked 16 Sep '10, 05:35  mdskier |
2 Answers:
Hello - we created the original DVD set and, assuming you have that original set, the DVDs are not infected with W32spybot - the trace file you refer to contains signatures of the communications to and from a bot-infected host. It is a .pcap file (trace file) and not an executable so loading it in Wireshark does not pose a risk. Interesting that the majority of spyware detection tools do not have a problem while some scream bloody murder. Some even tag Wireshark as a "hacktool virus." If you have any other thoughts/concerns, please post again. Laura Chappell answered 16 Sep '10, 08:07  lchappell ♦ |
Better safe then sorry. Thanks Laura. answered 16 Sep '10, 12:22 mdskier |
I agree!!!