W32.spybot.ATEW on disks 2 and 4 of WSU

My organization recently picked up the WireShark University disc set through a trusted retailer.

I loaded disk 4 and scanned it with symantec. The tftp.pcap file is infected with W32.spybot.ATEW.

Is this a threat?

Or is my A/V software detecting the signature of the spybot in the PCAP file and it's not a threat?

Disk 2 is also infected with W32.spybot.ATEW.

Thanks

w32.spybot.atew

asked 16 Sep '10, 05:35

mdskier
1●1●1●1
accept rate: 0%

2 Answers:

oldest newest most voted

Hello - we created the original DVD set and, assuming you have that original set, the DVDs are not infected with W32spybot - the trace file you refer to contains signatures of the communications to and from a bot-infected host. It is a .pcap file (trace file) and not an executable so loading it in Wireshark does not pose a risk.

Interesting that the majority of spyware detection tools do not have a problem while some scream bloody murder. Some even tag Wireshark as a "hacktool virus."

If you have any other thoughts/concerns, please post again.

Laura Chappell

link

answered 16 Sep '10, 08:07

lchappell ♦
1.1k●2●7●26
accept rate: 8%

0	Better safe then sorry. Thanks Laura. link answered 16 Sep '10, 12:22 mdskier 1●1●1●1 accept rate: 0% I agree!!! (16 Sep '10, 12:35) lchappell ♦

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

w32.spybot.atew ×1

Asked: 16 Sep '10, 05:35

Seen: 676 times

Last updated: 16 Sep '10, 12:35

W32.spybot.ATEW on disks 2 and 4 of WSU

Follow this question

Too Many Packets?

Don't have Wireshark?

Related questions