Wireshark-users: Re: [Wireshark-users] Conflicker GenB! Killed Wireshark
From: "Deneen Wardell" <dwardell@xxxxxxxxxxxxxx>
Date: Thu, 2 Apr 2009 21:53:38 -0500
Thanks again for your input...
I am currently monitoring the system remotely and watching the traffic through the firewall (like most of us here I have no life) and I am fairly certain the infection has been cleaned... I have ran the MS Malicious Software Removal Tool (which by the way was one of the few that picked it up initially)..  AVG virus scans are clean... Avast scan is clean... McAfee Stinger is clean... Symantec wouldn't even detect it when MS, AVG and Avast would initially and I haven't tried it since...  But again... That was the .b variant..  I'm not sure if the .c has a grasp or not... I haven't seen anything unusual come across the firewall yet...  I can't do the safe mode thing until I can get in there tomorrow, but I will try that and let you know.... Thanks again for your help...
Deneen
 
----- Original Message -----
Sent: Thursday, April 02, 2009 8:58 PM
Subject: Re: [Wireshark-users] Conflicker GenB! Killed Wireshark

Can you boot into safe mode, then rename the executable. Conficker.c does effect wireshark in that it opens then shuts down the program. It also effects

other pieces of troubleshooting software. The reboot in safe boot mode should fix your wireshark issue. I would then run a major vendor, i.e.,  any of the av

vendors conficker removal tools to clean the infection. Let me know how things go as I can probably help you further offline privately.

 

Robert

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Deneen Wardell
Sent: Thursday, April 02, 2009 8:47 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Conflicker GenB! Killed Wireshark

 

Hi Robert,

Thanks for your input... I have a VPN connection to the site and changed the executable...  wireshark.exe to TestWS.exe and tried it... Same results... Still will not load.

Deneen

 

----- Original Message -----

From: Robert Ayers

Sent: Thursday, April 02, 2009 7:33 PM

Subject: Re: [Wireshark-users] Conflicker GenB! Killed Wireshark

 

Rename the wireshark executable. Then you can run the program.

 

Robert

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Deneen Wardell
Sent: Thursday, April 02, 2009 7:18 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Conflicker GenB! Killed Wireshark

 

I have a client that did not keep up with the updates on a Windows 2000 server and was infected a couple of weeks ago with the Conficker GenB! virus.  The server had WireShark Installed on it and it appears that the virus killed it.  When they told me it had problems I tried to run WireShark it would just come up with a the splash screen showing "Initializing dissectors..." and it would do nothing else.  I cannot do anything with it.  If I try to right click on the button in the status line and close it, it will simply tells me that the program is not responding.  The only way to clear it is to reboot the machine.  I tried uninstalling the older version and installing the newest release, but it reacts the same way. 

 

I didn't get the possible connection between the virus and the failure until I saw the news release that said Conficker was attacking WireShark.

Anyone have any ideas?

Thanks


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe