Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, August 7, 2010

How to remove Wireshark Antivirus (Uninstall Instructions)

Tell your friends:
Wireshark Antivirus is a fake anti-virus program. It reports false system security threats on the computer. The main goal of this rogue program is to make you think that your computer is infected with all sorts of malware. Wireshark Antivirus then prompts to pay for a full version of the program to remove the threats. Don't purchase it! If you have already bought this rogue program then please contact your credit card company as soon as possible and dispute the charges. WiresharkAntivirus flags Windows OS (or other harmless) files as malware. It's obvious that legitimate anti-virus or anti-spyware programs don't do that. Do not delete those files because otherwise Windows OS may not operate properly. Instead, please remove Wireshark Antivirus from your computer as soon as possible. This can be done either manually or with anti-malware programs. Of course, we recommend using anti-malware programs because the rogue program may come bunlded with other viruses that you may not be able to remove manually. Please follow the removal instructions below.

Wireshark Antivirus is from the same family as XJR Antivirus, AKM Antivirus 2010 Pro and Your PC Protector. Please note that this rogue program has nothing to do with Wireshark which is a very helpful packet analyzer made by CACE Technologies Inc. They made a public announcement about this issue. It's not the first time when rogue programs abuses reputable software names.

Once Wireshark Antivirus is installed, it will pretend to scan your computer and display a list of infected files that can be cleaned or removed only with a full version of the program. This is nothing more but a scam. The worst thing is that this fake program blocks legitimate anti-malware software and security related websites. It may even display adult icons on your Desktop and redirect you to various misleading websites. It will block Task Manager, registry editor and other useful tools too. Furthermore, it will constantly display fake security alerts and pop ups about non-existent infections or system security threats. If you attempt to run a program (let's say Notepad) Wireshark Antivirus blocks it and display the following warning:
Running of application is impossible.
The file C:\Windows\System32\notepad.exe is infected.
Please activate your antivirus program.

Some of the other fake alerts you may see on your computer screen:

Wireshark Antivirus is one of those very annoying rogue security products. It uses various misleading methods to trick you into purchasing the program. Besides, it's promoted through the use of Trojans and other malware. It's a virus itself. If your computer got infected with this rogue program please follow the removal instructions below to remove Wireshark Antivirus for free using legitimate anti-malware programs. You should also purge all system restore points and make a new one after you successfully remove this virus from your PC. Last, but not least, if you have any additional information or questions about this malware please leave a comment. Good luck and be safe!

UPDATE: you may use this key: significantother to activate the rogue program and make the removal procces a bit easier. Many thanks to S!Ri.URZ.

Wireshark Antivirus removal instructions:

1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.

2. In the command prompt window type "notepad". Notepad will come up.

3. Copy all the text in blue color below and paste into Notepad.

Windows Registry Editor Version 5.00
@="\"%1\" %*"

4. Save file as regfix.reg to your Desktop. NOTE: (Save as type: All files)

5. Double-click on regfix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download one of the following anti-malware applications:
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Wireshark Antivirus associated files and registry values:

  • C:\Program Files\adc_w32.dll
  • C:\Program Files\alggui.exe
  • C:\Program Files\nuar.old
  • C:\Program Files\skynet.dat
  • C:\Program Files\svchost.exe
  • C:\Program Files\wp3.dat
  • C:\Program Files\wp4.dat
  • C:\Program Files\wpp.exe
  • C:\Program Files\Wireshark Antivirus\
  • C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
  • %UserProfile%\Local Settings\Temp\win1.tmp
  • %UserProfile%\Local Settings\Temp\win2.tmp
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus\
Registry values:
  • HKEY_CURRENT_USER\Software\Wireshark Antivirus
  • HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
Share this information with other people: