WinPcap - Who installed it?

[glennc]

Howdy fellow members,
While attempting to delete a program (still pending), I came across the application WinPcap 4.1.2 installed on my machine. I don't recall installing it, or even have hearing of it until I saw it. What program might have installed that as part of a package (don't have Wireshark) and is it necessary. Want to delete if not.
Hoping for some good info the program and really appreciate y'alls help.
glennc

 

[mikedl]

If you don't want it, I don't see where it would be an issue to uninstall it.

More on WinCap...

As to what application installed it without your knowledge, I don't know...


Also, look here to see if you have installed any of the listed programs you might want to keep.

Been Wardriving lately?

 

[mindinka]

In my knowledge such application could be installed by many other applications that has anything to do with monitoring/reading/downloading Internet Packets, my guess would be if you had installed program that would say download video clips from Youtube as example, then chances are that you going to have WinPcap installed as support application.

 

[glennc]

Thanks Gentlemen,
I don't have any of those programs. But if it is doing no harm, maybe I should leave it?
Appreciate your help.
glennc

 

[mikedl]

I dunno. If it were me and I didn't know why the program is on my computer and I don't use it...I'd uninstall it.

 

[mckillwashere]

That's like I randomly had a nokia cellphone driver install on my computer..... It was reimaged 2 days ago and the driver was installed yesterday... No one in my appt has a Nokia cell phone.... Very simple solution remove it. That happened to me a while back... I honestly think it gets installed when I install one of my asus support apps....

 

[glennc]

All Right, it is getting off now. Now we will see the consequences. Heck it is a learning experience. Thanks all!
glennc

 

[Jacee]

See what WinPcap is ... WinPcap Software Informer: version 4.1 information

 

[glennc]

See what WinPcap is ... WinPcap Software Informer: version 4.1 information

Well Jaycee,
If I understood what that meant, I might be really convinced of it's value. I don't and haven't ever run WinPcap knowingly. Just noticed it in the programs while deleting another. In your opinion is it worth keeping, even if I don't use it manually and maybe some software is using it??? Thanks for your help.
glennc

 

[lavEy]

I don't know much about it, but some programs use it without you even knowing about it.. I play around with educational hacking stuff and the program Cane and Abel is bundled with it, so you may have downloaded something and not even noticed!

 

[glennc]

Hey lavEy,
It appears so. Don't know where, don't know when (Dr. Strangelove reference). The pictures of it running have never been seen. You must be correct.
glennc

 

[JungleGuru]

Sorry to bump such an old thread.

But am slightly concerned about just finding WinPcap 4.1.2 on my laptop.

It looks like it was installed with the software Powerline Utility, that came with TP-Link PA411KIT AV500 500 Mbps Powerline Adapter, last week.

It did not say anything in the documentation about this, unless there is some sort of hidden documentation lols.

I realise that it is most likely necessary for packet capture & encryption over the power-line in my home, but, I cannot find this program anywhere on my KIS 2012 firewall.

What with them being a Chinese company, albeit a very popular one, I am slightly concerned it could be used for packet capture / transmitting to Chinese servers somewhere.

Should I be concerned? If I should be, then 100,000s of others should be. Thank-you in advance.

 

[rshewmaker]

Freemake or a flash video downloader program

My WinPcap folder was created when I downloaded one of the following: IE add-ons Video Capture, Freemake's Video Downloader or some similar type download. I ditched Realplayer and was looking for a 'right-click to download' video app.

 

[edee]

My WinPcap folder was created when I downloaded one of the following: IE add-ons Video Capture, Freemake's Video Downloader or some similar type download. I ditched Realplayer and was looking for a 'right-click to download' video app.

It's from one of the Freemake Video software downloads, I downloaded and installed Freemake Video downloader and WinPcap appeared on my system, it is safe to uninstall, actually you SHOULD uninstall it, you'll see why below.

When you download Freemake products you are essentially just downloading the downloader, after you double click the file and go through the process of denying all the garbage that it comes with and setting a install destination folder, Freemake then downloads the installer from the web and automatically installs the product, in the process it sneaks WinPcap onto your system. Basically what WinPcap is, is a network sniffer, read below from Yahoo Answers ......

"WinPcap is software that allows your network interface card to (NIC) operate in "promiscuous" mode. Normally if a NIC sees traffic addressed to another NIC on the network, it ignores it. If you are running a network sniffer application, you may have a need to capture that traffic for inspection. Putting a NIC in promiscuous mode allows your NIC to capture traffic addressed to another machine and pass it to the sniffer application.

Normally you should not find WinPcap on your machine unless you also have a network sniffer such as WireShark also installed. If the machine was previously used by a network administrator or a network engineer they may have simply forgot to uninstall it when they uninstalled the sniffer app.

It is also possible that it is there for some nefarious purpose. It's conceivable that your machine may have been hijacked in order to sniff other network traffic on your network and report that to an outside attacker. This would be an advanced case of cracking and while I've never seen it personally, it's conceivable -- and rather scary.

Unless you are also running a network sniffer application or other network analysis tools, you have no need for WinPcap. Remove it from your machine if you can. It should be listed in the Add & Remove Programs listing. If it isn't, you can just delete the parent folder (unless it's residing in a system folder!) or delete the executable itself. It's a Unix port application and does not normally weave itself into the Windows OS very deeply."

After uninstalling the program you may want to run a malware scan and hijackthhis just to make sure everything is on the up and up.