Wireshark Antivirus Removal

Wireshark Antivirus is one of the more dangerous fake anti-malware programs out there as it uses the name of a reputed software company to trick users. However, Wireshark has denied any affiliation with this rogue application. As any other fake anti-malware program would do, Wireshark Antivirus tries to trick users into purchasing a software license. This malware application installs itself on user systems thanks to dangerous Trojan known as Trojan.Zlob that gets downloaded from malicious websites on the Internet. Once installed, Wireshark Antivirus proceeds to perform endless fake antivirus scans on the system, returning false results that claim that the system is infected with a series of dangerous viruses. The malware also generates fake warning pop-ups from the Windows Taskbar, which helps with the illusion that this is legitimate software. Finally Wireshark Antivirus asks the user to purchase the ‘full’ version of the software, claiming that the currently installed ‘trial’ version is not sufficient to remove the detected ‘threats’. It is important to always remember that Wireshark Antivirus is a fake application that cannot scan or clean your computer under any circumstances.

Wireshark Antivirus Removal

If you should stumble upon an installation of this dangerous malware application on your computer, you should immediately take action to remove Wireshark Antivirus. In order to delete Wireshark Antivirus, you need to stop its processes, unregister its DLL files, delete its files and folders and remove its registry entries.

File Removal Procedures

The first step you need to take for Wireshark Antivirus removal is to stop the following processes from executing:

  • Wireshark Antivirus.exe
  • alggui.exe
  • svchost.exe
  • dbsinit.exe
  • ccsmn.exe
  • ccsrr.exe
  • wpp.exe

Next, it is necessary to unregister the following DLL files:

  • adc_w32.dll
  • adc32.dll

The next step in Wireshark Antivirus removal is the deletion of the following files and folders:

Windows XP:

  • C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\extra1.dat
  • c:\Program Files\extra2.dat
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\scdata
  • c:\Program Files\scdata\dbsinit.exe
  • c:\Program Files\scdata\wispex.html
  • c:\Program Files\scdata\images
  • c:\Program Files\scdata\images\i1.gif
  • c:\Program Files\scdata\images\i2.gif
  • c:\Program Files\scdata\images\i3.gif
  • c:\Program Files\scdata\images\j1.gif
  • c:\Program Files\scdata\images\j2.gif
  • c:\Program Files\scdata\images\j3.gif
  • c:\Program Files\scdata\images\jj1.gif
  • c:\Program Files\scdata\images\jj2.gif
  • c:\Program Files\scdata\images\jj3.gif
  • c:\Program Files\scdata\images\l1.gif
  • c:\Program Files\scdata\images\l2.gif
  • c:\Program Files\scdata\images\l3.gif
  • c:\Program Files\scdata\images\pix.gif
  • c:\Program Files\scdata\images\t1.gif
  • c:\Program Files\scdata\images\t2.gif
  • c:\Program Files\scdata\images\Thumbs.db
  • c:\Program Files\scdata\images\up1.gif
  • c:\Program Files\scdata\images\up2.gif
  • c:\Program Files\scdata\images\w1.gif
  • c:\Program Files\scdata\images\w11.gif
  • c:\Program Files\scdata\images\w2.gif
  • c:\Program Files\scdata\images\w3.jpg
  • c:\Program Files\scdata\images\word.doc
  • c:\Program Files\scdata\images\wt1.gif
  • c:\Program Files\scdata\images\wt2.gif
  • c:\Program Files\scdata\images\wt3.gif
  • c:\Program Files\Sysinternals Antivirus
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk

Windows Vista/ Windows 7:

  • C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
  • c:\Program Files\adc_w32.dll
  • c:\Program Files\alggui.exe
  • c:\Program Files\extra1.dat
  • c:\Program Files\extra2.dat
  • c:\Program Files\nuar.old
  • c:\Program Files\skynet.dat
  • c:\Program Files\svchost.exe
  • c:\Program Files\wp3.dat
  • c:\Program Files\wp4.dat
  • c:\Program Files\scdata
  • c:\Program Files\scdata\dbsinit.exe
  • c:\Program Files\scdata\wispex.html
  • c:\Program Files\scdata\images
  • c:\Program Files\scdata\images\i1.gif
  • c:\Program Files\scdata\images\i2.gif
  • c:\Program Files\scdata\images\i3.gif
  • c:\Program Files\scdata\images\j1.gif
  • c:\Program Files\scdata\images\j2.gif
  • c:\Program Files\scdata\images\j3.gif
  • c:\Program Files\scdata\images\jj1.gif
  • c:\Program Files\scdata\images\jj2.gif
  • c:\Program Files\scdata\images\jj3.gif
  • c:\Program Files\scdata\images\l1.gif
  • c:\Program Files\scdata\images\l2.gif
  • c:\Program Files\scdata\images\l3.gif
  • c:\Program Files\scdata\images\pix.gif
  • c:\Program Files\scdata\images\t1.gif
  • c:\Program Files\scdata\images\t2.gif
  • c:\Program Files\scdata\images\Thumbs.db
  • c:\Program Files\scdata\images\up1.gif
  • c:\Program Files\scdata\images\up2.gif
  • c:\Program Files\scdata\images\w1.gif
  • c:\Program Files\scdata\images\w11.gif
  • c:\Program Files\scdata\images\w2.gif
  • c:\Program Files\scdata\images\w3.jpg
  • c:\Program Files\scdata\images\word.doc
  • c:\Program Files\scdata\images\wt1.gif
  • c:\Program Files\scdata\images\wt2.gif
  • c:\Program Files\scdata\images\wt3.gif
  • c:\Program Files\Sysinternals Antivirus
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn.exe
  • %UserProfile%\AppData \Microsoft\Internet Explorer\ccsmn151.acf
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn151.ltd
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn151.lti
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn151_0.acb
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn151_0.aci
  • %UserProfile%\AppData\Microsoft\Internet Explorer\ccsmn151_0.mt
  • %UserProfile%\AppData Microsoft\Internet Explorer\ccsrr.exe
  • %UserProfile%\AppData\Microsoft\Internet Explorer\lleod150
  • %UserProfile%\AppData\Microsoft\Internet Explorer\wmharun.log
  • %UserProfile%\AppData\Microsoft\Internet Explorer\wmrun.log
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus
  • %UserProfile%\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk

Once the above steps have been completed, you no longer have Wireshark Antivirus files on your hard disk.

Registry Removal Procedures

File deletion alone is not sufficient to ensure that you completely remove Wireshark Antivirus. In order to ensure complete Wireshark Antivirus removal, you should remove the following settings and keys from the Windows Registry:

  • HKEY_CURRENT_USERSoftwareWireshark Antivirus
  • HKEY_CLASSES_ROOTCLSID{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAdbUpd
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavapp”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavappr

Now it is safe to say that your computer is completely devoid of anything to do with Wireshark Antivirus. However, in order to make sure that no other malicious or malware related registry keys remain in the system it is strongly recommended to scan the entire PC using antivirus software such as Spyware Doctor with Antivirus.

Conclusion

Manual Wireshark Antivirus removal is not recommended for inexperienced users, as any mistake made during removal could result in catastrophic damage being caused to your operating system, forcing you to re-install it. The best way for an inexperienced user to perform Wireshark Antivirus removal without hurting the computer is to use a web-based repair service such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus.