On 3 March 2016 at 17:50, Rich Rauenzahn <[email protected]> wrote: > Hi, > > I downloaded Wireshark a month or more ago to our Windows computer, > but I think I didn't install it -- I think I had an older version > already installed, and so left it as is in my Download folder. > > This morning Malwarebytes detected the Wireshark installer (I believe > its the installer -- I'm getting this 2nd hand from home) as > containing TeslaCrypt. (I've also downloaded the latest WireShark > installer here at work as well and it passes the scan.) > > I think the binary was removed, not quarantined, but I'll check in > more detail when I get home this evening. If I can find the actual > binary, I could submit it to Malwarebytes for false positive > verification. > > I suspect its a false positive, but it seems important enough that I > ought to query here. Is it possible that Wireshark has TeslaCrypt > signatures embedded in it for its own TeslaCrypt traffic detection? > > Rich > > Likely to be another false positive, see the wiki page here for more info: https://wiki.wireshark.org/FalsePositives
Wireshark, to my knowledge, doesn't have dissectors for malware so is unlikely to have their signatures in the binaries. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
