Severity scale:  

WhatsApp virus. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Malware

WhatsApp malware: numerous viruses and scams target popular chatting app users

WhatsApp virus

WhatsApp virus is a term used to describe various cyber threats and scams that target WhatsApp users. The original messaging app is NOT malicious or dangerous. It does not belong to the category of the computer viruses. However, cybercriminals aim at the users in order to trick them installing malware or swindle sensitive information.

WhatsApp is a popular free messaging application compatible with “iPhone,” “Android,” “BlackBerry,” “Windows” and other mobile operating systems. Currently, its user database reaches over 1.2 billion users [1], so there’s no wonder that scammers and malware creators are inventing ways to benefit from that.

There are several versions of the WhatsApp virus. However, the majority of them act the same. Criminals want to manipulate unsuspecting victims into downloading Trojan [2] or giving up their confidential information.

Typically, these programs install as additional components on the infected device; therefore it is not enough to simply remove WhatsApp from the computer in order to solve the problem. And security flaws in the program’s code are not helping the situation.

At the beginning of this year, University of California researcher Tobias Boalter has detected a backdoor which enabled unauthorized and unmonitored access to the app. This vulnerability allowed decrypting the secure end-to-end message encryption, making it possible for hackers to read through victims’ conversations [3].

Of course, the flaw was quickly patched up but can there be any guarantees such zero-day will not emerge in the future?

Even if WhatsApp deals with its security issues, there are numerous other ways to use the app for malicious purposes. In this article, we will introduce some of the currently active threats, try to determine how they reach devices and, finally, discuss WhatsApp virus removal options. If you are a user of Android, you should be able to find useful information in the Android virus elimination guide as well.

The variants of WhatsApp virus:

WhatsApp GhostCtrl virus

GhostCtrl is a Trojan which may disguise itself as a variety of different programs, including WhatsApp. When installed, the fake WhatsApp app will take over the control of the device. Hackers may then start collecting any information they want, be it call logs, text messages, numbers on your contacts list, phone’s GPS location or web browsing history.

On top of it, all GhostCtrl has the ability to enable/disable phone’s microphone and camera, meaning that you can be spied on both online and in real life.

The fake app looks like a regular WhatsApp application. Thus it might be difficult to detect. Thus, you should always download apps only from the reputable sources.

WhatsApp voice message Trojan virus

If you have received a voice message from WhatsApp in your email, it is most likely that you are being targeted by scammers. The subject name of such spam emails says “Missed voicemail,” while the letter itself contains fabricated information on when the message was received and a link to play it.

Unfortunately, clicking the “Play” button will not get you anywhere but a malicious website where criminals will try to trick you into installing malicious programs, such as Browser 6.5.

Such programs are likely to be infected with ransomware or similar viruses, so you should be extremely careful!

WhatsApp Gold scam

It is yet another fraud scheme designed to trick credulous users into downloading malicious software disguised as a new WhatsApp feature.

In particular, the scammers have been spreading around messages urging victims to upgrade their accounts to WhatsApp Gold premium version. The problem is that such version does not exist.

When users click on the link indicated in the message, it immediately redirects them to malware-ridden sites and exposes users to a great risk of getting their devices infected.

WhatsApp trial service scam

Similar to the previously mentioned scam, WhatsApp trial service fraud is based on a sending victims fake messages claiming that their one-year trial of WhatsApp has expired and that the user must subscribe to extend it.

To get users hooked on this bogus offer, scammers encourage victims to connect to a “customer portal” and sign in using your WhatsApp login details.

Then victims are then asked to provide their banking details to purchase a monthly or yearly subscription of the service.

Of course, the submitted information lands in the hands of hackers which may charge you immense amounts of money for the services that don’t exist.

“Update WhatsApp” Messenger virus

On November 2017, security experts reported about malicious Update WhatsApp Messenger available on Google Play.[4] The application has been downloaded more than million times. Fortunately, it was removed.

Cybercriminals created a visually similar app and managed to bypass Google's security. They used the name of the developer, logo and other credentials in order to trick Android users that it’s the original app. However, there was a difference. Criminals added Unicode character space after the WhatsApp Inc. name. However, this minor change is hard to detect for ordinary users.

However, later unknown malware developers changed the name of the app to “Dual Whatsweb Update.” Additionally, the name of the developer was also removed. Though, it did not help to remain on Google Play store.

The Fake WhatsApp virus was used for displaying ads and installing other applications on user’s Android phone. Users who downloaded WhatsApp updates from Google Play are suggested to check their smartphones’ security using anti-virus or anti-malware program. The malicious app may have installed spyware or other dangerous components on the system.

Cybercriminals use multiple ways to spread smartphone virus

There are a variety of different ways to get infected with WhatsApp virus:

  • You may click on an infectious add or link while browsing the web
  • Download malicious applications from sources outside official app stores
  • Receive a malicious link inside WhatsApp application itself
  • Receive a spam email containing a malicious link

To stay safe, you have to learn to be more skeptical about things. Security experts from Norway[5] suggests no to hurry to click on suspicious links, stay away from shady ads, be careful when opening email attachments and remember that WhatsApp will never contact you outside the app. If they do, it’s probably a scam.

The elimination of the WhatsApp malware

Depending on a type of virus, you might need to employ different techniques to remove WhatsApp virus from your device.
In some cases, it might be enough to eliminate the parasite using antivirus software such as Reimage, while for the elimination of other malware, you should be prepared to work a bit harder. You might need to restore the phone’s default settings or reinstall the application to complete full WhatsApp virus removal.

Look for useful tips how to remove the virus in Android virus removal guide on our site.

You can remove WhatsApp automatically with a help of one of these programs: Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware. We recommend these applications because they can easily delete potentially unwanted programs and viruses with all their files and registry entries that are related to them.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove WhatsApp virus you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall WhatsApp virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual WhatsApp virus Removal Guide:

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall WhatsApp and related programs
    Here, look for WhatsApp or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for WhatsApp or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for WhatsApp and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete WhatsApp removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp virus from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, WhatsApp should be removed from your Microsoft Edge browser.

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select WhatsApp and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete WhatsApp removal. Click on 'Reset Firefox' button for a couple of times
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select WhatsApp and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete WhatsApp removal. Click on 'Reset' button to complete your removal
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove WhatsApp from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for WhatsApp or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete WhatsApp removal process. Select all options and click on 'Reset' button
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of WhatsApp registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Removal guides in other languages