Revision history [back]

The message is generated by the Wireshark installer and is nothing to do with WinPcap or USBPcap.

The program named in the message is the one causing the issue. The installer attempts to open a mutex that is hard-coded into the executable Wireshark executable, and if it can, that indicates a copy of Wireshark is running somewhere, or at least a process has created the "Wireshark" mutex.

To find the errant process, you need to install a tool that can search for mutexes. I use Process Explorer, run it as Administrator, from the menu choose "Find", then "Find Handle or DLL..." and in the substring field enter Wireshark-is-running-{9CA78EEA-EA4D-4490-9240-FC01FCEF464B} and click "Search".

Hopefully the display will eventually update to show you the process with the mutex. Each Wireshark process creates 2 copies of the process, one for the user session and one global for the whole machine. You can double click on the process to make the main display highlight the process which you can then terminate by hitting Delete or right-clicking the process and choosing "Kill" from the menu.

Please report back if you find anything running, especially if it's a process named other than Wireshark.

The message is generated by the Wireshark installer and is nothing to do with WinPcap or USBPcap.

The program named in the message is the one causing the issue. The installer attempts to open a mutex that is hard-coded into the executable Wireshark executable, and if it can, that indicates a copy of Wireshark is running somewhere, or at least a process has created the "Wireshark" mutex.

To find the errant process, you need to install a tool that can search for mutexes. I use Process Explorer, run it as Administrator, from the menu choose "Find", then "Find Handle or DLL..." and in the substring field enter Wireshark-is-running-{9CA78EEA-EA4D-4490-9240-FC01FCEF464B} and click "Search".

Hopefully the display will eventually update to show you the process with the mutex. Each Wireshark process creates 2 copies of the process, one for the user session and one global for the whole machine. You can double click on the process to make the main display highlight the process which you can then terminate by hitting Delete or right-clicking the process and choosing "Kill" from the menu.

Please report back if you find anything running, especially if it's a process named other than Wireshark.