Hi, I installed wireshark on windows 8 64bit. Everytime I try to run it, it crashes. So I tried to uninstall it, but doesn't allow it as some resources are in use. From processes I see there is 2 instances running even though I just powered computer on; wireshark.exe and dumpcap.exe. I can't taskkill them even with administrator rights. There is something weird going with the taskkill command in windows 8 64bit (I can't kill anything that isn't running all right - if that makes any sense). Really frustrating. Regards, Tom the Wombat asked 06 Dec '13, 02:48 Tom the Wombat edited 29 Jun '17, 06:56 cmaynard ♦♦ |
3 Answers:
I think it's a windows issue. Maybe check your permission, seems like you losed your admin permission. Another solution is to not start wireshark and dumpcap at windows start. I know you can do that in win7 but not sure for win8. answered 06 Dec '13, 03:20 Afrim edited 06 Dec '13, 03:30 |
Why is dumpcap installed as an autostarting service? The standard Wireshark install definitely doesn't do that. Where did you get your Wireshark install from? Can you install Process Explorer, run that as an Administrator, and then examine the Wireshark.exe and dumpcap.exe processes. With the processes displayed in the default "tree" order, dumpcap should be a child of Wireshark. Right click on each of the processes and select "Properties", and on the resulting dialog "Image" tab, the program name should be displayed along with "(Verified) Wireshark Foundation". Report back your findings as comment, not an "answer". answered 08 Dec '13, 05:00 grahamb ♦ |
Hello. It seems that the problem was my firewall (Zonealarm), dont ask why, but after I uninstalled zonealarm, I could remove wireshark. I had problem with the firewall so I was removing it anyways, and tried to remove wireshar after that and it worked nicely. No more Zonealarms for me. Thanks from your help. answered 14 Dec '13, 00:26 Tom the Wombat |
How can I lose admin permission when I'm running it as administrator, and if I did lose it, where I can check it back on?
I removed dumpcap from starting on boot up, but still refuses to uninstall. Still claiming it is in use, even thou it is in stopped state in services. Wireshark seems to work like malware...double v t f, mate? Do I need to start to fiddle with regitery keys to get rid of wireshark?