This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is ExecDos.dll a valid part of your install ?

0

I downloaded and attempted to install WireShart / WinpCap.

I am using Malwarebytes and it picks up one of your install files as being Malware - ExecDos.dll,

Hmmm - Is this program part of your normal install (and it is safe to install) or did some malware get into your build /install ??

asked 29 Sep '10, 12:28

Gordzilla's gravatar image

Gordzilla
1222
accept rate: 0%


One Answer:

1

Did MalwareBytes identify ExecDos.dll in Wireshark (note the spelling and capitalization) or WinPcap? NSIS, the installer system used by both WinPcap and Wireshark has a plugin named ExecDos. The Wireshark installer doesn't use it, but the WinPcap installer does.

What version of Wireshark and WinPcap are you trying to install? Wireshark 1.4.0 for Win32, Wireshark 1.4.0 for Win64, and WinPcap 4.1.2 are all clean according to VirusTotal.

answered 29 Sep '10, 13:32

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

I was using the wireshark-win32-1.4.0 install and it was during the WinPcap install. Basically malwarebytes picks it up as a piece of potential Spyware with the Prompt "Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below." The options are Disable Protection, Ignore, Quarintine. The file ExecDos.dll is labeled by them as a Trojan.

What do you think ? It this file supposed to be in the install and is it Trojan???

(29 Sep '10, 14:00) Gordzilla

It's likely a false positive. NSIS has certainly had its fair share: http://nsis.sourceforge.net/NSIS_False_Positives

Would it be possible to submit Wireshark and/or WinPcap to Malwarebytes to be analyzed again?

(29 Sep '10, 14:03) Gerald Combs ♦♦

I would imagine so. They have an email address on their "Support Page". Thanks and I am going to assume that it is OK.

(29 Sep '10, 14:22) Gordzilla