McAfee VirusScan False Positive

February 13, 2007

Since the release of Wireshark 0.99.5, several users that McAfee VirusScan detected adware (Adware-Softomate.dll) in the version of WinPcap that comes with the Wireshark installer. The WinPcap project has been receiving similar reports.

McAfee has confirmed that this is a false positive:

Thank you for submitting your suspicious file. Our Senior Virus Research Engineers have examined the file in question and no virus was found.

Solution -

Attached is an extra.dat with correct detection. This correction will be included in the next DAT update.

[ DAT file instructions deleted ]

Warm Regards,
[ Name witheld ]
Virus Researcher
McAfee Avert Labs - Bangalore

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More