You may encounter the term “Trojan Horse” in a lot of websites dedicated to computer security and malware protection. This is because this type of malware is one of the most common computer threats that the web users may get infected with and is usually quite challenging to deal with such infections.
About Wacatac Virus
A Trojan (or a Trojan Horse) is a term used in computing to refer to type of extremely stealthy infections that have a very versatile nature and can be used for a number of cyber crimes. Speaking about this, a new Trojan-based infection, named Wacatac, has recently been set loose on the Internet, and is currently claiming new victims. According to the information that our “How to remove” team has, this malware sneaks in the system of the web users with the help of various transmitters, but most commonly, with the help of email attachments, infected links, and ads that look harmless and appealing. When executed, those transmitters immediately deliver the Trojan into the system without any visible symptoms or red flags. An infection such as Wacatac can be extremely harmful because it may be used to provide remote access to the affected computer to whoever created the Trojan. In other words, it may allow another person (a hacker with malicious intentions) to access the information on the computer and control the processes in the system.
The purposes of a Trojan like Wacatac will depend on the person who created the software. However, such threats are almost always created to steal personal data, to damage something, or to weaken the system’s security in order to insert other viruses and malware, including Ransomware and Spyware.
Some of the most common purposes of the Trojans are:
- Distribution of spam or viruses through the infected computer;
- Secret installation of other malicious programs;
- System shutdowns and/or restarts, corruption, modification of registry entries;
- Espionage through the victim’s webcam, or mic;
- Collection of personal data – keystrokes, passwords, banking credentials, credit or debit card numbers;
- Data corruption – deletion or damage to the hard drive;
Trojans such as Wacatac are widely used by cyber criminals to access confidential data, to steal user accounts, and to carry out banking frauds. Unfortunately, there aren’t many visible symptoms which can help you detect and remove the infection on time, especially if you don’t have reliable antivirus software which can recognize the malicious processes that the Trojan may run in the background.
Still, some of the possible red flags that may indicate that a computer has been infected with a Trojan may include:
- The computer may restart on its own;
- The system may work very slowly;
- The operating system may not start;
- You may notice that files disappear or get corrupted;
- You may get frequent system error messages or software bugs;
How can Wacatac be removed?
The first thing to do is download and install an updated malware removal tool. Such software can run a full system scan and detect any malicious activities that may be happening in the background without your knowledge. If the Trojan is detected, it is advisable to follow the removal instructions of the security program to safely delete it. Alternatively, you can use the manual removal steps shown in the removal guide below, but make sure that you follow them carefully and double-check before you delete anything from your system.
SUMMARY:
| Name | Wacatac |
| Type | Trojan |
| Danger Level | High (Trojans are often used as a backdoor for Ransomware) |
| Symptoms | Sometimes, Trojans may cause unusual system behavior, software errors, sudden crashes and lags. |
| Distribution Method | Spam, fake ads, infected email attachments, misleading links, pirated software, fake program update requests. |
Wacatac Virus Removal
1: Preparations
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: IP related to Wacatac
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Wacatac.
[add_forth_banner]
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Wacatac , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data – Wacatac
Type each of the following locations in the Windows search box and hit enter to open the locations:
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
%Temp%
Delete everything you see in Temp linked to Wacatac. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
