This is a static archive of our old Q&A Site. Please post any new questions and answers at

W32.spybot.ATEW on disks 2 and 4 of WSU


My organization recently picked up the WireShark University disc set through a trusted retailer.

I loaded disk 4 and scanned it with symantec. The tftp.pcap file is infected with W32.spybot.ATEW.

Is this a threat?

Or is my A/V software detecting the signature of the spybot in the PCAP file and it's not a threat?

Disk 2 is also infected with W32.spybot.ATEW.


asked 16 Sep '10, 05:35

mdskier's gravatar image

accept rate: 0%

2 Answers:


Hello - we created the original DVD set and, assuming you have that original set, the DVDs are not infected with W32spybot - the trace file you refer to contains signatures of the communications to and from a bot-infected host. It is a .pcap file (trace file) and not an executable so loading it in Wireshark does not pose a risk.

Interesting that the majority of spyware detection tools do not have a problem while some scream bloody murder. Some even tag Wireshark as a "hacktool virus."

If you have any other thoughts/concerns, please post again.

Laura Chappell

answered 16 Sep '10, 08:07

lchappell's gravatar image

lchappell ♦
accept rate: 8%


Better safe then sorry.

Thanks Laura.

answered 16 Sep '10, 12:22

mdskier's gravatar image

accept rate: 0%

I agree!!!

(16 Sep '10, 12:35) lchappell ♦