I downloaded and attempted to install WireShart / WinpCap. I am using Malwarebytes and it picks up one of your install files as being Malware - ExecDos.dll, Hmmm - Is this program part of your normal install (and it is safe to install) or did some malware get into your build /install ?? asked 29 Sep '10, 12:28  Gordzilla |
One Answer:
Did MalwareBytes identify ExecDos.dll in Wireshark (note the spelling and capitalization) or WinPcap? NSIS, the installer system used by both WinPcap and Wireshark has a plugin named ExecDos. The Wireshark installer doesn't use it, but the WinPcap installer does. What version of Wireshark and WinPcap are you trying to install? Wireshark 1.4.0 for Win32, Wireshark 1.4.0 for Win64, and WinPcap 4.1.2 are all clean according to VirusTotal. answered 29 Sep '10, 13:32  Gerald Combs ♦♦ |
I was using the wireshark-win32-1.4.0 install and it was during the WinPcap install. Basically malwarebytes picks it up as a piece of potential Spyware with the Prompt "Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below." The options are Disable Protection, Ignore, Quarintine. The file ExecDos.dll is labeled by them as a Trojan.
What do you think ? It this file supposed to be in the install and is it Trojan???
It's likely a false positive. NSIS has certainly had its fair share: http://nsis.sourceforge.net/NSIS_False_Positives
Would it be possible to submit Wireshark and/or WinPcap to Malwarebytes to be analyzed again?
I would imagine so. They have an email address on their "Support Page". Thanks and I am going to assume that it is OK.