NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Waledac. Description and removal instructions

 
Title: Waledac
 Also known as: Trojan Waledac, Trojan.Spambot.4202, Trojan.Waledac.B, Trojan:Win32/Waledac.A
Type: Trojans
Severity scale:Waledac severity is 38  (38 / 100)
 
Waledac is a trojan virus that uses events such as Christmas, Valentine’s day or Independence Day to spread itself and to infect as many computers as possible. The main purpose of this virus is to create a botnet which later can be used to execute even more dangerous attacks. This parasite may also enter the system through fake holiday e-cards and greetings videos. When running, Waledac will scan your computer for targeted email addresses in:

- Hard drives, flash drives
- Remote network drives
- CD and floppy drives, flash card readers

These email addresses will be later used to send spam messages.

Waledac is serious threat to your privacy. It may eventually download additional parasites including adware, spyware and other trojans. Trojan Waledac is also capable of providing PC access to remote cyber-thieves, enabling hackers to access confidential data like account user names and passwords or even credit card details. The virus uses a peer-to-peer (P2P) network to send encrypted information to a web server. Trojan Waledac should be removed as soon as possible if detected, otherwise this parasite may cause even more damage to the system. Please use the remove guide below to completely remove Waledac from your computer.

FORUM:
Discuss Waledac in
spyware removal forum

Related files: loader[1].exe, ~tmpa.exe, Hyves_Browser.exe, Hyves_Browser_Instalation.exe, i386si.sys, winlogin.exe, tem8.tmp.exe, agent.exe, pc.exe, softjopa[1].exe, sp.dll, swapdm.dll, card[1].exe, ert51791.exe, SSEngine.dll, StartApp.exe, 1[1].exe, sysguardn.exe, free_scan.exe, ntos.exe, load[1].exe, test.exe, oqarib.dll, usp10.dll, Omahonafazeq.dll, new23[1].exe, gr[2].exe, adv111[1].exe, new26[1].exe, Card.exe, cardviewer.exe, devkit.exe, download.exe, ecard.exe, install.exe, lovecard.exe, lovekit.exe, loveprogramm.exe, Loveu.exe, Luv.exe, Programm.exe, vcard.exe, viewer.exe

Waledac properties:
• Allows remote user connection
• Changes browser settings
• Hides from the user
• Stays resident in background

Waledac snapshot:
Waledac removal

Automatic Waledac removal:

remover for Waledac

Waledac manual removal:

Kill processes:
new26[1].exe adv111[1].exe gr[2].exe new23[1].exe Test.exe load[1].exe ntos.exe free_scan.exe sysguardn.exe 1[1].exe StartApp.exe ert51791.exe card[1].exe softjopa[1].exe pc.exe agent.exe tem8.tmp.exe winlogin.exe Hyves_Browser_Instalation.exe Hyves_Browser.exe ~tmpa.exe loader[1].exe Card.exe cardviewer.exe devkit.exe download.exe ecard.exe install.exe lovecard.exe lovekit.exe loveprogramm.exe Loveu.exe Luv.exe Programm.exe vcard.exe viewer.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\agent.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hyves Browser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Privacy components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg = ""
HKCU\Software\Microsoft\Windows\CurrentVersion\RList = ""
HKCU\Software\Microsoft\Windows\CurrentVersion\MyID = ""
HKCU\Software\Microsoft\Windows\CurrentVersion\FWDone = ""
HKCU\Software\Microsoft\Windows\CurrentVersion\LastCommandId = ""
HELP:
how to remove registry entries

Unregister DLLs:
Omahonafazeq.dll usp10.dll oqarib.dll SSEngine.dll swapdm.dll sp.dll
HELP:
how to unregister malicious DLLs

Delete files:
new26[1].exe adv111[1].exe gr[2].exe new23[1].exe Omahonafazeq.dll usp10.dll oqarib.dll Test.exe load[1].exe ntos.exe Card.exe cardviewer.exe devkit.exe download.exe ecard.exe install.exe lovecard.exe lovekit.exe loveprogramm.exe Loveu.exe Luv.exe Programm.exe vcard.exe viewer.exe free_scan.exe sysguardn.exe 1[1].exe StartApp.exe SSEngine.dll ert51791.exe card[1].exe swapdm.dll sp.dll softjopa[1].exe pc.exe agent.exe tem8.tmp.exe winlogin.exe i386si.sys Hyves_Browser_Instalation.exe Hyves_Browser.exe ~tmpa.exe loader[1].exe
HELP:
how to remove harmful files

Other programs to remove Waledac:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 08/04/09
Information updated: 03/07/09

Additional resources related to Waledac:

Attention: If you know or you have a website or page about Waledac removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Waledac parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2009-05-24 13:05:48
Malewarebytes finds this after several cleanings, the files and locations were not found on an infected XP machine with IE8. None of the processes listed were running when the Trojan was found.perhaps there is a new variant amidst...
Related news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.