Not what you were looking for? Ask our experts!
Reply
Contributor
ukbobboy
Posts: 57
Registered: ‎11-16-2010

How did WinPcap 4.1.2 get on my PC?

Dear Forum Members

 

As a very security minded person, I use a number of security products such as NIS2011, Spybot, Ad-Aware, etc. all kept scrupulously up to date and run regularly to ensure my PC is kept as clean as possible.

 

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2", which surpised me because I did not download or install in, I did a bit of research and found out that it was a windows network capture utility that works with most versions of  Windows O/S.  While there was no hint that this WinPcap was either spyware or a form of malware, still I can't help but wonder how did it get installed on my PC.

 

For example, did it come in as one of Microsoft's updates (I'd just completed this month's (December) security updates) or did it come in via something else.

 

If anyone knows a bit more about this utility please enlighten me.

 

 

 

UK Bob

Super Virus Trouncer
bjm_
Posts: 2,192
Registered: ‎09-07-2008

Re: How did WinPcap 4.1.2 get on my PC?

[ Edited ]

 


ukbobboy wrote:

Dear Forum Members

 

As a very security minded person, I use a number of security products such as NIS2011, Spybot, Ad-Aware, etc. all kept scrupulously up to date and run regularly to ensure my PC is kept as clean as possible.

 

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2", which surpised me because I did not download or install in, I did a bit of research and found out that it was a windows network capture utility that works with most versions of  Windows O/S.  While there was no hint that this WinPcap was either spyware or a form of malware, still I can't help but wonder how did it get installed on my PC.

 

For example, did it come in as one of Microsoft's updates (I'd just completed this month's (December) security updates) or did it come in via something else.

 

If anyone knows a bit more about this utility please enlighten me.

 

 

 

UK Bob


 

Ad-Aware Free / Pro  Internet Security and Total Security features real-time protection that will/may conflict with Norton

Spybot's active real-time protection Tea Timer and SD Helper will/may conflict with Norton

Spybot's Immunize is passive protection and as such will not conflict with Norton

Spybot does however offer old information regarding compatibilty with Norton

In general it is never a good idea to have two real-time security applications in use simultaneously.  System performance can be adversely impacted and your protection can actually be lessened, as the two programs can seriously interfere with each other's proper functioning and blocking of malicious things that try to run on your PC.

huwyngr
Posts: 21,004
Topics: 1,001
Kudos: 2,718
Solutions: 368
Registered: ‎04-13-2008

Re: How did WinPcap 4.1.2 get on my PC?

Bob,

 

Google will tell you a lot about WinPCap ....

 

<< , WinPcap is the packet capture and filtering engine of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Some of these tools, like Wireshark, Nmap, Snort, ntop are known and used throughout the networking community. >>

 

Have you had a problem that might have involved someone asking your for a "dump" of data from when something went wrong?



Hugh
Super Spyware Scolder
JRosenfeld
Posts: 103
Registered: ‎11-02-2008

Re: How did WinPcap 4.1.2 get on my PC?

It certainly did not come with any MS updates. It is not a Microsoft product.

 

It appears to be used by quite a few software packages, as listed here:

 

http://www.winpcap.org/misc/links.htm#tools

 

See whether anything you have is on that list. If so that might be what installed it. As it is open source it may also be used by others.

 

Otherwise look for its files under C:\program files (or equivalent depending on your version of Windows) and look at the date created and/or modified. That would give you a clue when you (or someone or something) installed it.

 

If you don't want it, and it is not needed by any other app you have and need, just uninstall it.

AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: How did WinPcap 4.1.2 get on my PC?

HI ukbobboy,

 

First, please take note of bjm_'s response that you should have have more than one security software installed if it has a real-time component. I understand this is not the question you originally asked but bjm_ was correct to point this out. It is highly recommended that you uninstall any other software which has a real-time component. It is also recommended to use a removal tool provided by that company to ensure all remnants of it are removed.

 

There are a couple of free on-demand scanners such as MalwareBytes and Super Antispyware that we generally recommend as they do no interfere with NIS.

 


On to your original question.

 

WinPcap as you have found is a capturing engine for capturing packets. In general this is not typically installed as a standalone product, though it can be.

 

Most commonly it is installed as a seperate utility which is needed for software such as Wireshark to name but one popular program. You can find a more comprehensive list at the following URL.

 

http://www.winpcap.org/misc/links.htm

 

Have you ever installed any of the software listed above? If so that is where Winpcap came from.

 

Windows update would not have installed this.

 

Hope this helps.

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: How did WinPcap 4.1.2 get on my PC?

LOL, three of us responding at the same time! :smileyhappy:

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
Super Virus Trouncer
bjm_
Posts: 2,192
Registered: ‎09-07-2008

Re: How did WinPcap 4.1.2 get on my PC?

[ Edited ]

 


ukbobboy wrote:

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2"

 


 

Is WinPcap listed with your startup services

Does a system search WinPcap 4.1.2 point to another application

If used for packet sniffing or other malicious things.... wouldn't it have to run in conjunction with another application.


 

AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: How did WinPcap 4.1.2 get on my PC?

[ Edited ]

bjm_ wrote:

 


ukbobboy wrote:

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2"

 


 

Is WinPcap listed with your startup services

Does a system search WinPcap 4.1.2 point to another application

If used for packet sniffing or other malicious things.... wouldn't it have to run in conjunction with another application.

 


 


Hi bjm_

 

It could be malware which installed WinPcap but the first step is to determine if the OP installed any of the other applications. If so I would consider the presence of WinPcap as normal.

 

If none of the other programs are or ever were installed then it is possible that malware could have installed this, in which case some scans with NIS and MalwareBytes would be warranted along with removing WinPcap.

 

The OP can uninstall WinPcap but if any of those other programs are also installed, they will become non-functional as well. So best to search through add/remove programs list and determine if any of the others are installed as well. If they are then all of them should be removed or none of them.

 

If WinPcap is there by itself then it can be safely uninstalled.

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: How did WinPcap 4.1.2 get on my PC?

Hi Folks,

 

WinPcap has heard of instances where it was installed by malware but indicated that typically WinPcap will NOT be listed in add/remove programs for what should be obvious reasons.

 

See: http://www.winpcap.org/misc/faq.htm and search for the word malware on the page.

 

At this point of course it would be premature to assume that it is malware. Let's see what the OP says about whether any of the referenced programs were ever installed.

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
Super Virus Trouncer
bjm_
Posts: 2,192
Registered: ‎09-07-2008

Re: How did WinPcap 4.1.2 get on my PC?

[ Edited ]

re >  If WinPcap is there by itself then it can be safely uninstalled.

Along with OP .... (quote) still I can't help but wonder how did it get installed on my PC.

Hopefully, OP will determine and post back as to how ......

Cheers