---

ukbobboy wrote:

Dear Forum Members

 

As a very security minded person, I use a number of security products such as NIS2011, Spybot, Ad-Aware, etc. all kept scrupulously up to date and run regularly to ensure my PC is kept as clean as possible.

 

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2", which surpised me because I did not download or install in, I did a bit of research and found out that it was a windows network capture utility that works with most versions of  Windows O/S.  While there was no hint that this WinPcap was either spyware or a form of malware, still I can't help but wonder how did it get installed on my PC.

 

For example, did it come in as one of Microsoft's updates (I'd just completed this month's (December) security updates) or did it come in via something else.

 

If anyone knows a bit more about this utility please enlighten me.

 

 

 

UK Bob

---

Ad-Aware Free / Pro  Internet Security and Total Security features real-time protection that will/may conflict with Norton

Spybot's active real-time protection Tea Timer and SD Helper will/may conflict with Norton

Spybot's Immunize is passive protection and as such will not conflict with Norton

Spybot does however offer old information regarding compatibilty with Norton

In general it is never a good idea to have two real-time security applications in use simultaneously.  System performance can be adversely impacted and your protection can actually be lessened, as the two programs can seriously interfere with each other's proper functioning and blocking of malicious things that try to run on your PC.

Bob,

Google will tell you a lot about WinPCap ....

<< , WinPcap is the packet capture and filtering engine of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Some of these tools, like Wireshark, Nmap, Snort, ntop are known and used throughout the networking community. >>

Have you had a problem that might have involved someone asking your for a "dump" of data from when something went wrong?

It certainly did not come with any MS updates. It is not a Microsoft product.

It appears to be used by quite a few software packages, as listed here:

http://www.winpcap.org/misc/links.htm#tools

See whether anything you have is on that list. If so that might be what installed it. As it is open source it may also be used by others.

Otherwise look for its files under C:\program files (or equivalent depending on your version of Windows) and look at the date created and/or modified. That would give you a clue when you (or someone or something) installed it.

If you don't want it, and it is not needed by any other app you have and need, just uninstall it.

HI ukbobboy,

First, please take note of bjm_'s response that you should have have more than one security software installed if it has a real-time component. I understand this is not the question you originally asked but bjm_ was correct to point this out. It is highly recommended that you uninstall any other software which has a real-time component. It is also recommended to use a removal tool provided by that company to ensure all remnants of it are removed.

There are a couple of free on-demand scanners such as MalwareBytes and Super Antispyware that we generally recommend as they do no interfere with NIS.

On to your original question.

WinPcap as you have found is a capturing engine for capturing packets. In general this is not typically installed as a standalone product, though it can be.

Most commonly it is installed as a seperate utility which is needed for software such as Wireshark to name but one popular program. You can find a more comprehensive list at the following URL.

http://www.winpcap.org/misc/links.htm

Have you ever installed any of the software listed above? If so that is where Winpcap came from.

Windows update would not have installed this.

Hope this helps.

Best wishes.

Allen

LOL, three of us responding at the same time!

Best wishes.

Allen

---

ukbobboy wrote:

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2"

 

---

 

Is WinPcap listed with your startup services

Does a system search WinPcap 4.1.2 point to another application

If used for packet sniffing or other malicious things.... wouldn't it have to run in conjunction with another application.

---

---

bjm_ wrote:

 

---

ukbobboy wrote:

However, when checking "Add or Remove Programs" in Control Panel I came across a small program/utility called "WinPcap 4.1.2"

 

---

 

Is WinPcap listed with your startup services

Does a system search WinPcap 4.1.2 point to another application

If used for packet sniffing or other malicious things.... wouldn't it have to run in conjunction with another application.

 

---

 

---

Hi bjm_

It could be malware which installed WinPcap but the first step is to determine if the OP installed any of the other applications. If so I would consider the presence of WinPcap as normal.

If none of the other programs are or ever were installed then it is possible that malware could have installed this, in which case some scans with NIS and MalwareBytes would be warranted along with removing WinPcap.

The OP can uninstall WinPcap but if any of those other programs are also installed, they will become non-functional as well. So best to search through add/remove programs list and determine if any of the others are installed as well. If they are then all of them should be removed or none of them.

If WinPcap is there by itself then it can be safely uninstalled.

Best wishes.

Allen

Hi Folks,

WinPcap has heard of instances where it was installed by malware but indicated that typically WinPcap will NOT be listed in add/remove programs for what should be obvious reasons.

See: http://www.winpcap.org/misc/faq.htm and search for the word malware on the page.

At this point of course it would be premature to assume that it is malware. Let's see what the OP says about whether any of the referenced programs were ever installed.

Best wishes.

Allen

re >  If WinPcap is there by itself then it can be safely uninstalled.

Along with OP .... (quote) still I can't help but wonder how did it get installed on my PC.

Hopefully, OP will determine and post back as to how ......

Cheers