Severity scale:  
  (67/100)

WhatsApp virus. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Malware

WhatsApp virus a set of cyber infections and scams that target a wide range of WhatsApp users

WhatsApp scam
WhatsApp virus is a cyber infection that affects WhatsaApp users. It is a scam that targets their personal details or aims to infect victims devices with malware.

Questions about WhatsApp virus

WhatsApp virus is a name that describes a wide range of computer threats and scams related to the social network. There is a lot of different scammer campaigns that rely on misleading messages and warnings trying to make users click on links, register on suspicious websites, enter private information or inject malware directly into their device. WhatsApp is one of the most used communication apps in the world which provides end-to-end encryption for private messaging. Sadly, bad actors are quick to abuse it. Most recently, the list of WhatsApp viruses was filled with the “Martinelli” warning scam. Just like the horrific “Olivia hoax” that targeted children and showed them the pornographic picture via the app, it should be terminated.

Name WhatsApp virus
Type Scam, malware
Distribution Infiltrates systems together with fake apps or via infected links/messages
Dangerous activity Slowdowns the device, causes system crashes, steals personal information, causes redirects
redirects to domain w.whatsaappp.com
Removal To eliminate the threat from your device, use Reimage. You should also reinstall WhatsApp app on your device

The original WhatsApp messaging application is NOT malicious or dangerous. It does not belong to the category of computer viruses. WhatsApp is a popular free messaging application compatible with iPhone, Android, BlackBerry, Windows, and other mobile operating systems. Currently, its user database reaches over 1.2 billion users,[1] so there’s no wonder that scammers and malware creators are inventing ways to benefit from that.

At the moment, there are several types of WhatsApp viruses acting almost in the same way. In most of the cases, cybercriminals seek to trick their victims into installing malware, Trojan,[2] etc. or swindle confidential information. For this reason, they display fake alerts filled with bank logos and similar details that look genuine.

Typically, WhatsApp virus infects the system as an additional component and then starts illegal activity behind user's back. Therefore, it is not enough to simply remove WhatsApp from the computer in order to solve the problem. And security flaws in the program’s code are not helping the situation.

Last year, University of California researcher Tobias Boalter detected a backdoor which enabled unauthorized and unmonitored access to the app. This vulnerability allowed decrypting the secure end-to-end message encryption, making it possible for hackers to read through victims’ conversations.[3] Of course, the flaw was quickly patched up but is there any guarantee that such zero-day will not emerge in the future?

Even if WhatsApp deals with its security issues, there are numerous other ways to use the app for malicious purposes. In this article, we will introduce some of the currently active threats, try to determine how they reach devices and, finally, discuss WhatsApp virus removal options. If you are a user of Android, you should be able to find useful information in the Android virus elimination guide as well.

WhatsApp viruses:

WhatsApp GhostCtrl virus

GhostCtrl is a Trojan which may disguise itself as a variety of different programs, including WhatsApp. When installed, the fake WhatsApp app will take over the control of the device. Hackers may then start collecting any information they want, be it call logs, text messages, numbers on your contacts list, phone’s GPS location or web browsing history.

On top of that, WhatsApp GhostCtrl virus has the ability to enable/disable phone’s microphone and camera, meaning that you can be spied on both online and in real life. The fake app looks like a regular application. Thus it might be difficult to detect. Thus, you should always download apps only from reputable sources.

WhatsApp voice message Trojan virus

If you received a voice message from WhatsApp in your email, it is most likely that you are being targeted by scammers. The subject name of such spam emails says “Missed voicemail,” while the letter itself contains fabricated information on when the message was received and a link to play it.

Unfortunately, clicking the “Play” button will not get you anywhere but a malicious website which will try to trick you into installing one of WhatsApp viruses, such as Browser 6.5. Such programs are likely to be infected with ransomware or similar viruses, so you should be extremely careful!

WhatsApp Gold scam

It is yet another fraud scheme designed to trick credulous users into downloading malicious software disguised as a new WhatsApp feature. In particular, scammers have been spreading around messages urging victims to upgrade their accounts to WhatsApp Gold[4] premium version. The problem is that such a version does not exist.

When users click on the link indicated in the message, it immediately redirects them to malware-ridden sites and exposes users to a great risk of getting their devices infected.

WhatsApp Gold scam
WhatsApp Gold scam offers users to download a so-called WhatsApp Gold - an improved version of the app, which will allow to use extra emojis.

WhatsApp trial service scam

Similar to the previously mentioned scam, WhatsApp trial service fraud is based on a sending victims fake messages claiming that their one-year trial has expired and that the user must subscribe to extend it.

To get users hooked on this bogus offer, scammers encourage victims to connect to a “customer portal” and sign in using your WhatsApp login details. Then victims are then asked to provide their banking details to purchase a monthly or yearly subscription of the service. Of course, the submitted information lands in the hands of hackers which may charge you immense amounts of money for the services that don’t exist.

“Update WhatsApp” Messenger virus

On November 2017, security experts reported about malicious Update WhatsApp Messenger available on Google Play.[5] The application has been downloaded more than million times. Fortunately, it was removed.

Cybercriminals created a visually similar app and managed to bypass Google's security. They used the name of the developer, logo and other credentials in order to trick Android users that it’s the original app. However, there was a difference. Criminals added Unicode character space after the WhatsApp Inc. name. However, this minor change is hard to detect for ordinary users.

However, later unknown malware developers changed the name of the app to “Dual Whatsweb Update.” Additionally, the name of the developer was also removed. Though, it did not help to remain on Google Play store.

This WhatsApp virus version was used for displaying ads and installing other applications on the user’s Android phone. Users who downloaded WhatsApp updates from Google Play are suggested to check their smartphones’ security using anti-virus or anti-malware program. The malicious app may have installed spyware or other dangerous components on the system.

Free Adidas trainer scam

Free Adidas shoes scam is another cleverly engineered hoax that targeted users worldwide, combing two big names – Adidas and WhatsApp. Users could get a message at any time via the app, promising a free pair of shoes. It stated:

Adidas is giving away 3,000 Free Pair of Shoes to celebrate its 93rd anniversary. Get your free shoes at: Adidas.com/shoes

Users were promised 3,000 shows for free, all they had to do is follow what seemed like a legitimate link to the official website. However, it is just a scam aiming at harvesting personal data of unsuspecting users.

Adidas was quick to deny these claims, saying that genuine giveaways are only available on the official website. However, researchers reported that the spoofed site was relatively popular considering Alexa rank, which means that thousands of victims could have had their personal details stolen without realizing.[6]

Free Adidas shoes scam
WhatsApp users were promised a free pair of Adidas shoes to allegedly celebrate 93rd anniversary.

“Olivia” message with the pornographic picture

The second week of September 2018 came with the news of WhatsApp scammers returning with a new campaign that targets children specifically. The first message appears to be from a person that claims to have a changed number and later on calls themselves “Olivia.” Children who receive the message have no clue who that is, and when asked, criminals offer to send the picture of themselves. Suddenly, a link is dropped to pornographic content. 

This incident came to light when Cheshire police in the UK asked people to check the phones of their children if they are using WhatsApp. This number from overseas concerned Halton Brook Police too and people replied to their Twitter post with various screenshots containing the same pattern of Olivia messages. 

WhatsApp Martinelli warning

The most recent WhatsApp Martinelli scam showed up in early November 2018. The anonymous message warns about the Martinelli video, which allegedly will wipe their phone and it will be unfixable. Users are then asked to forward the message as the sign of courtesy – a typical statement playing on humans' emotions. The message reads as follows:

If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word. If you receive a message to update the Whatsapp to Whatsapp Gold, do not click !!!!!
Now said on the news this virus is difficult and severe

Pass it on to all

While Martinelli video is a hoax and does not exist, the warning about Whatsapp Gold is actually accurate. Nevertheless, security experts from Sophos[7] ask users to discard the message entirely and not to pass it on to anybody.

The origins of WhatsApp Martinelli warning are unknown, although it was first spotted in Spain back in 2017. Additionally, there are several variants of the text message, but the content remains the same.

Cybercriminals use multiple ways to spread smartphone virus

There are a variety of different ways to get infected with malware:

  • You may click on an infectious add or link while browsing the web
  • Download malicious applications from sources outside official app stores
  • Receive a malicious link inside WhatsApp application itself
  • Receive a spam email containing a malicious link

To stay safe, you have to learn to be more skeptical about things. Security experts from Norway[8] suggests no to hurry to click on suspicious links, stay away from shady ads, be careful when opening email attachments and remember that WhatsApp will never contact you outside the app. If they do, it’s probably a scam.

The elimination of the WhatsApp viruses

Depending on a type of virus, you might need to employ different techniques to remove WhatsApp virus from your device.
In some cases, it might be enough to eliminate the parasite using antivirus software such as Reimage, while for the elimination of other malware, you should be prepared to work a bit harder. You might need to restore the phone’s default settings or reinstall the application to complete full WhatsApp virus removal. Additionally, take a look at our useful tips on how to remove the virus from the Android device on our site.

You can remove virus damage automatically with a help of one of these programs: Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove WhatsApp virus, follow these steps:

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Get rid of WhatsApp from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall WhatsApp and related programs
    Here, look for WhatsApp or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for WhatsApp or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Uninstall WhatsApp from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for WhatsApp and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete WhatsApp removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Eliminate WhatsApp virus from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, WhatsApp should be removed from your Microsoft Edge browser.

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Erase WhatsApp from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select WhatsApp and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete WhatsApp removal. Click on 'Reset Firefox' button for a couple of times
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Delete WhatsApp from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select WhatsApp and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete WhatsApp removal. Click on 'Reset' button to complete your removal
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Get rid of WhatsApp from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for WhatsApp or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete WhatsApp removal process. Select all options and click on 'Reset' button

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

References

Removal guides in other languages