How to Remove Wireshark Antivirus Rogue Anti-Spyware?
Wireshark Antivirus Information:
Wireshark Antivirus is a new member from the same rogue family as Sysinternals Antivirus and Your PC Protector. It’s trickily rogue anti-spyware application taking advantage of the good name of the legit software company which has developed many effective and useful solutions. Wireshark has denied having any relationship with Wireshark Antivirus scam. Wireshark Antivirus is downloaded and installed by Trojan:Win32/FakeScanti virus. Once inside, Wireshark Antivirus will immediately create and add new registry entries which can force your system load its executables process. That’s to say whenever you turn on your machine, you will encounter bogus system scanner that displays a list of fabricated malware infections and tons of security alerts claiming that your system is under serious remote attack. Then Wireshark Antivirus will mislead you to remove the imaginary infections by first purchasing its licensed copy. Please beware that Wireshark Antivirus has no ability to do what it promises. Don’t buy this useless piece of scamware. You can use the following removal instruction and remove Wireshark Antivirus once you find its existence in your PC.
Manual Removal
Note: If you are not proficient with computer, it’s suggested that you backup your registry before manually removing Wireshark Antivirus Rogue Anti-Spyware. And double check the entries that you are going to delete, or your computer can’t work for missing some files.
Step 1: End its process by opening Task Manager.
Wireshark Antivirus.exe
alggui.exe
svchost.exe
Sysinternals Antivirus.exe
dbsinit.exe
ccsmn.exe
ccsrr.exe
Step 2: The registry entries you need to delete:
HKEY_CURRENT_USERSoftwareSysinternals Antivirus
HKEY_CLASSES_ROOTCLSID{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAdbUpd
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavapp”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “novavappr”
Step 3: DLL files you need to unregister:
adc_w32.dll
adc32.dll
Step 4: Files you need to delete:
C:\Program Files\Wireshark Antivirus\Wireshark Antivirus.exe
c:\Program Files\adc_w32.dll
c:\Program Files\alggui.exe
c:\Program Files\extra1.dat
c:\Program Files\extra2.dat
c:\Program Files\nuar.old
c:\Program Files\skynet.dat
c:\Program Files\svchost.exe
c:\Program Files\wp3.dat
c:\Program Files\wp4.dat
c:\Program Files\scdata
c:\Program Files\scdata\dbsinit.exe
c:\Program Files\scdata\wispex.html
c:\Program Files\scdata\images
c:\Program Files\scdata\images\i1.gif
c:\Program Files\scdata\images\i2.gif
c:\Program Files\scdata\images\i3.gif
c:\Program Files\scdata\images\j1.gif
c:\Program Files\scdata\images\j2.gif
c:\Program Files\scdata\images\j3.gif
c:\Program Files\scdata\images\jj1.gif
c:\Program Files\scdata\images\jj2.gif
c:\Program Files\scdata\images\jj3.gif
c:\Program Files\scdata\images\l1.gif
c:\Program Files\scdata\images\l2.gif
c:\Program Files\scdata\images\l3.gif
c:\Program Files\scdata\images\pix.gif
c:\Program Files\scdata\images\t1.gif
c:\Program Files\scdata\images\t2.gif
c:\Program Files\scdata\images\Thumbs.db
c:\Program Files\scdata\images\up1.gif
c:\Program Files\scdata\images\up2.gif
c:\Program Files\scdata\images\w1.gif
c:\Program Files\scdata\images\w11.gif
c:\Program Files\scdata\images\w2.gif
c:\Program Files\scdata\images\w3.jpg
c:\Program Files\scdata\images\word.doc
c:\Program Files\scdata\images\wt1.gif
c:\Program Files\scdata\images\wt2.gif
c:\Program Files\scdata\images\wt3.gif
c:\Program Files\Sysinternals Antivirus
c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.acf
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.ltd
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151.lti
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.acb
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.aci
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsmn151_0.mt
%UserProfile%\Application Data\Microsoft\Internet Explorer\ccsrr.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\lleod150
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmharun.log
%UserProfile%\Application Data\Microsoft\Internet Explorer\wmrun.log
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
Please, be aware that manual removal of Wireshark Antivirus Rogue Anti-Spyware is a cumbersome task and can not always ensure complete removal of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. That’s why it’s strongly recommended automatic removal of Wireshark Antivirus Rogue Anti-Spyware, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.
Automatic Wireshark Antivirus Rogue Anti-Spyware Removal:
1. Restart your computer and keep pressing F8 Key before Windows launches. Use the arrow keys to select the “Safe Mode with Networking” option, and then hit ENTER Key to continue.
2. Download Wireshark Antivirus Virus Remover, install it and update its database to the latest. After that, restart your computer so as to make Wireshark Antivirus Virus Remover fully functional. Repeat Step 1 into Safe Mode and run an Online Scan of your computer so that Wireshark Antivirus Virus Remover can detect all potential malware in your system.
NOTE: If you have problem installing Wireshark Antivirus Virus Remover, you can download this correction script, unzip it and then double click to run it. It will correct your registry settings that the virus has modified. Then double click the program and finish the installation.
3. After the Online Scan finishes, click “Details” for the malware detected to make sure that your important data are not infected and removed. Ignore or select the scan result and click “Remove” to remove the threats. Reboot your computer and let Wireshark Antivirus Virus Remover delete all detected virus.
4. Click to repair your corrupted registry
Why should you need to repair the registry?
As we all know, virus and Trojans modify and destroy system registry and make the computer malfunction so that the computer will not perform normally. Even if the virus and Trojans are removed, the registry is still destroyed or modified, so the computer still has problems. That’s the very reason why you need to repair the registry. At the meanwhile, some virus and Trojans leave some DLL files in the registry and this will cause strange DLL errors and affect the computer performance.
To make your computer run as perfectly as before or much faster than before:
1. Download and install Multi-Awarded Registry Tool.
2. Run a full scan of your registry.
3. Click “Repair Problems” and repair all errors detected.
After these 3 easy steps, your computer will run much faster than before within minutes!
Related posts:
Step by Step Remove "Warning: Infection is Detected" Virus | Security-Wire.com on August 15th, 2010
[…] is Detected” is a bogus alert message produced by a rogue anti-spyware program called Wireshark Antivirus. “Warning: Infection is Detected” may be displayed on the screen of the compromised […]