How to Remove / Uninstall the Wireshark Antivirus (Removal Guide)

October 7, 2010, By Fouad Bajwa

There are tons of websites out there that make money online by tricking users to download and install their malicious software.

Wireshark is a fake Antivirus, which uses the name of a legitimate company to obtain the trust of users. Interestingly the name Wireshark belongs to a company that clearly and publicly issued a warning informing the public that they do not create or have ever created any kind of an Antivirus software.

How-to Remove Wireshark Antivirus

Thus this misleading malicious application titled Wireshark Antivirus spreads through trojans that can infiltrate your computer undetected. Once inside the system, the Wireshark Antivirus creates a registry entry, which will ensure its implementation every time the windows starts so unless treated at the core, this infection keeps re-enabling itself each time your system boots up.

How to Remove / Uninstall the Wireshark Antivirus

The following files are usually associated with Wireshark Antivirus:

  • C:\Program Files\adc_w32.dll
  • C:\Program Files\alggui.exe
  • C:\Program Files\nuar.old
  • C:\Program Files\skynet.dat
  • C:\Program Files\svchost.exe
  • C:\Program Files\wp3.dat
  • C:\Program Files\wp4.dat
  • C:\Program Files\wpp.exe
  • C:\Program Files\Wireshark Antivirus\
  • C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
  • %UserProfile%\Local Settings\Temp\win1.tmp
  • %UserProfile%\Local Settings\Temp\win2.tmp
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus\

Wireshark Antivirus creates the following registry entries:

  • HKEY_CURRENT_USER\Software\Wireshark Antivirus
  • HKEY_CLASSES_ROOT\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd

Wireshark Antivirus has sometimes reported to mask its name under the title of Shield Safeness but still it causes the same damage to your system. Remember, Wireshark Antivirus is a misleading title and it will neither protect or improve your computer security and is destined to damage it. You need to know that everything that is associated with Wireshark Antivirus a false representation including the associated system scanner, results and notifications etc.

Removal Instructions:

  1. In order to remove Wireshark Antivirus, in your system click Start > “cmd” >  “Search programs and files” and press Enter.
  2. In the command prompt, type “notepad”.
  3. Copy all the following text and paste into Notepad:
    Windows Registry Editor Version 5.00
    @=”\”%1\” %*”
  4. Save file as regfix.reg to your Desktop. Don’t forget to select save as type: All files.
  5. Double-click on regfix.reg file to run it. Click “Yes” for Registry Editor prompt window and then click OK.
  6. You can also download one of the following anti-malware applications:
    – Malwarebytes’ Anti-Malware from here,
    – SUPERAntiSpyware from here.
  7. Install and scan your entire computer to find any files that may have been left behind and finally restart your computer.
How-to Remove Wireshark Antivirus
© 2008-2012 - All rights reserved | Privacy Policy