This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I downloaded and attempted to install WireShart / WinpCap.

I am using Malwarebytes and it picks up one of your install files as being Malware - ExecDos.dll,

Hmmm - Is this program part of your normal install (and it is safe to install) or did some malware get into your build /install ??

asked 29 Sep '10, 12:28

Gordzilla's gravatar image

Gordzilla
1222
accept rate: 0%


Did MalwareBytes identify ExecDos.dll in Wireshark (note the spelling and capitalization) or WinPcap? NSIS, the installer system used by both WinPcap and Wireshark has a plugin named ExecDos. The Wireshark installer doesn't use it, but the WinPcap installer does.

What version of Wireshark and WinPcap are you trying to install? Wireshark 1.4.0 for Win32, Wireshark 1.4.0 for Win64, and WinPcap 4.1.2 are all clean according to VirusTotal.

permanent link

answered 29 Sep '10, 13:32

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

I was using the wireshark-win32-1.4.0 install and it was during the WinPcap install. Basically malwarebytes picks it up as a piece of potential Spyware with the Prompt "Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below." The options are Disable Protection, Ignore, Quarintine. The file ExecDos.dll is labeled by them as a Trojan.

What do you think ? It this file supposed to be in the install and is it Trojan???

(29 Sep '10, 14:00) Gordzilla

It's likely a false positive. NSIS has certainly had its fair share: http://nsis.sourceforge.net/NSIS_False_Positives

Would it be possible to submit Wireshark and/or WinPcap to Malwarebytes to be analyzed again?

(29 Sep '10, 14:03) Gerald Combs ♦♦

I would imagine so. They have an email address on their "Support Page". Thanks and I am going to assume that it is OK.

(29 Sep '10, 14:22) Gordzilla
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×27
×1

question asked: 29 Sep '10, 12:28

question was seen: 2,931 times

last updated: 30 Sep '10, 10:11

p​o​w​e​r​e​d by O​S​Q​A