What is Wacatac trojan?
According to security experts, Wacatac (Trojan:Win32/Wacatac) is a malware, which is a trojan designed to steal banking credentials and debit/credit card details. It may also perform other malicious actions, such as monitoring the user’s web browsing behavior, connecting to remote servers and so on. Typically, criminals use phishing emails and ‘hacked software’ to spread this malware.
Wacatac trojan virus (process)
QUICK LINKS
Trojans, and Wacatac in particular, can do great harm to users, since they are capable of collecting user data (for example, logins and passwords) and banking information. The criminals behind this malware do it for the purpose of generating revenue. User monitoring and data collection can lead to significant financial losses; Criminals can use stolen bank information for transfers and purchases. They can also monetize the victim’s contacts, social media accounts, and email addresses in one way or another.
Any malware is a serious threat. Trojans usually infect a computer with other types of malware. Trojans can download and run other very dangerous malware such as ransomware and cryptominers. Especially dangerous are ransomware that secretly encrypt the victim’s files and then demand a ransom to decrypt them. The recovery of encrypted files becomes impossible in most cases. Ransomware can lead to the loss of personal documents and important data. Cryptominers are malware that uses computer resources to secretly mine cryptocurrency. This process uses up a lot of system resources, which means that it slows down the speed of the computer. Moreover, cryptominers can lead to overheating of the main components of the computer and their failure.
VirusTotal flagged Wacatac trojan as malware
Trojans are also used to infect computers with browser hijackers and adware. This malicious software is less dangerous than ransomware or cryptominers, but it causes intrusive ads and unwanted browser redirects. In some cases, Trojans have capabilities that allow criminals to remotely control the infected computer. Thus, the presence of Trojans on a computer can lead to serious problems, loss of personal data, large financial losses, damage to computer parts, and much more.
Threat Summary
| Name | Wacatac trojan (Trojan:Win32/Wacatac) |
| Type | Trojan, Banking malware, Password stealing virus, Spyware |
| Associated malicious files (email attachments) | DHL Shipment Notification, DHL Shipment Notification 3300777400-Delivery for 10 july 2019_pdf.gz |
| Detection Names | Win-Trojan/VBKrypt.RP09.X1977, Trojan/Generic.ASMalwS.2C0269E, Win32:CrypterX-gen [Trj], HEUR/AGEN.1238977, Trojan.Zmutzy.Pong.2, Trojan.Win32.VBKryjetor.bzrz, PWS:Win32/Fareit, Gen:Heur.PonyStealer.Pm0@fyTz8Iji, Win.Malware.Midie-7056083-0, Win32/PSW.Fareit.A, Trojan.VB.Agent, BehavesLike.Fareit.dc |
| Distribution methods | Spam mails that contain malicious links. Malicious downloads that happen without a user’s knowledge when they visit a compromised webpage. Social media, such as web-based instant messaging applications. |
| Removal | Wacatac trojan removal guide |
Trojans Examples
On the Internet, users can come across many Trojans that perform various malicious actions. Among them there are such as YTStealer Trojan, AnarchyGrabber Stealer and DPD Delivery Email virus, although, of course, there are many more. Some of them collect user data, others install malware on computers, and still others add infected computers to botnets, and so on. In any case, each Trojan is a huge threat to both user privacy and computer security. Therefore, Trojans must be removed immediately after detection; using an infected computer is very dangerous.
How does Wacatac trojan get on computers
Most often, malware such as Wacatac trojan gets installed when users open a file attached to a phishing email, visit a scam site and click an Install button, or when users download and run a malicious program, or when users install freeware that includes a bundled program.
Sometimes it is possible to avoid the setup of any malware: run only reputable software which download from reputable sources, never install any unknown and suspicious apps, keep internet browser updated (turn on automatic updates), use good antivirus software, double check freeware before install it (do a google search, scan a downloaded file with VirusTotal), avoid malicious and unknown web pages
How to remove Wacatac trojan (Virus removal guide)
If you accidentally run the file attached to a spam email, or suspect that your computer is infected with the Wacatac trojan, then you need to follow the steps, which are given below. You may find some minor differences in your MS Windows install. No matter, you should be okay if you follow the steps outlined below: kill Wacatac process, remove Wacatac file, scan computer for malware. Some of the steps will require you to reboot your personal computer or close this web-site. So, read this guidance carefully, then bookmark this page or open it on your smartphone for later reference.
To remove Wacatac trojan, use the following steps:
- Kill Wacatac trojan process
- Disable Wacatac trojan start-up
- Uninstall Wacatac trojan related software
- Scan computer for malware
- Reset Google Chrome
- Reset Internet Explorer
- Reset Firefox
Kill Wacatac trojan process
Press CTRL, ALT, DEL keys together.
Click Task Manager. Select the “Processes” tab, look for Wacatac trojan then right-click it and select “End Task” or “End Process” option. If your Task Manager does not open or the Windows reports “Task manager has been disabled by your administrator”, then follow the guide: How to Fix Task manager has been disabled by your administrator.
This malware masks itself to avoid detection by imitating legitimate Microsoft Windows processes. A process is particularly suspicious: it’s taking up a lot of memory (despite the fact that you closed all of your applications), its name is not familiar to you (if you’re in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).
Disable Wacatac trojan start-up
Select the “Start-Up” tab, look for something suspicious that is the Wacatac virus, right click to it and select Disable.
Close Task Manager.
Uninstall Wacatac trojan related software
Check the list of installed apps on your computer and remove all unknown and recently installed apps. If you see an unknown program with incorrect spelling or varying capital letters, it have most likely been installed by malware and you should clean it off first with a malware removal utility such as MalwareBytes Anti-Malware.
 Windows 7 |
 Windows 8 |
|---|---|
|
|
 Windows 10 |
 Mac OS |
|
|
Scan computer for malware
We recommend using MalwareBytes which will completely remove Wacatac trojan from your computer. This tool is an advanced malicious software removal program created by (c) Malwarebytes lab. It uses the world’s most popular anti malware technology. MalwareBytes Antimalware is able to help you remove spyware, PUPs, trojans, worms, adware, toolbars, and other security threats from your computer for free.
MalwareBytes can be downloaded from the following link. Save it on your Desktop.
327129 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the download is complete, close all software and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named MBSetup such as the one below.
When the install begins, you will see the Setup wizard that will help you install Malwarebytes on your computer.
Once installation is done, you will see window such as the one below.
Now press the “Scan” button to perform a system scan with this tool for the Wacatac virus and other security threats. This procedure can take quite a while, so please be patient. While the MalwareBytes program is scanning, you can see number of objects it has identified as threat.
When the scan get completed, it will display the Scan Results. When you’re ready, press “Quarantine” button.
In order to be 100% sure that the computer no longer has the Wacatac trojan malware, we recommend using the Kaspersky virus removal tool (KVRT). It can remove ransomware, adware, spyware, trojans, worms, potentially unwanted programs, malicious software and other security threats from your computer. You can use this tool to search for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool by clicking on the following link. Save it directly to your Windows Desktop.
129253 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is complete, double-click on the KVRT icon. Once initialization procedure is complete, you’ll see the KVRT screen as displayed below.
Click “Change Parameters” and set a check near all your drives. Click OK to close the Parameters window. Next click “Start scan” button to scan your computer for the Wacatac virus and other known infections. This task can take quite a while, so please be patient. While the tool is scanning, you can see how many objects and files has already scanned.
As the scanning ends, Kaspersky virus removal tool will create a list of malware found, as displayed in the figure below.
All detected threats will be marked. You can delete them all by simply clicking Continue.
Reset Google Chrome
Malware such as Wacatac trojan can make changes to your web-browser settings, add toolbars and unwanted extensions. By resetting Chrome settings you will reset unwanted changes caused by malicious software. However, your saved passwords and bookmarks will not be changed, deleted or cleared.
First launch the Chrome. Next, click the button in the form of three horizontal dots (
).
It will open the Google Chrome menu. Select More Tools, then press Extensions. Carefully browse through the list of installed addons. If the list has the extension signed with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following steps: Remove Google Chrome extensions installed by enterprise policy.
Open the Chrome menu once again. Further, press the option named “Settings”.
The web browser will display the settings screen. Another method to display the Chrome’s settings – type chrome://settings in the internet browser adress bar and press Enter
Scroll down to the bottom of the page and click the “Advanced” link. Now scroll down until the “Reset” section is visible, as shown in the following example and click the “Reset settings to their original defaults” button.
The Google Chrome will display the confirmation dialog box as displayed on the image below.
You need to confirm your action, click the “Reset” button. The web browser will run the process of cleaning. Once it is finished, the internet browser’s settings including search provider by default, home page and newtab back to the values which have been when Google Chrome was first installed on your personal computer.
Reset Firefox
If your Firefox web browser is hijacked by Wacatac trojan, then it may be time to perform the browser reset. Keep in mind that resetting your web-browser will not remove your history, bookmarks, passwords, and other saved data.
Start the Firefox and click the menu button (it looks like three stacked lines) at the top right of the internet browser screen. Next, click the question-mark icon at the bottom of the drop-down menu. It will open the slide-out menu.
Select the “Troubleshooting information”. If you are unable to access the Help menu, then type “about:support” in your address bar and press Enter. It bring up the “Troubleshooting Information” page as displayed in the following example.
Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page. Select “Refresh Firefox” in the confirmation prompt. The Firefox will start a process to fix your problems that caused by the Wacatac virus. Once, it is finished, click the “Finish” button.
How to stay safe online
If you are browsing the Internet, then you cannot avoid malicious ads and scam sites. But you can protect your internet browser from this. Download and use an ad blocker. AdGuard is an ad blocker that can filter out a huge amount of malicious ads by blocking dynamic scripts from loading malicious content.
- First, visit the following page, then click the ‘Download’ button in order to download the latest version of AdGuard.
Adguard download
26856 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018
- When the downloading process is complete, start the downloaded file. You will see the “Setup Wizard” window. Follow the prompts.
- After the installation is complete, press “Skip” to close the installation program and use the default settings, or press “Get Started” to see an quick tutorial which will help you get to know AdGuard better.
- In most cases, the default settings are enough and you don’t need to change anything. Each time, when you run your computer, AdGuard will launch automatically and stop unwanted advertisements, block harmful and misleading webpages. For an overview of all the features of the program, or to change its settings you can simply double-click on the icon called AdGuard, which can be found on your desktop.
Finish words
We suggest that you keep Malware Anti-Malware (to periodically scan your computer for new malware) and AdGuard (to help you stop malicious pop-ups and scam sites). Moreover, to prevent any malware, please stay clear of unknown and third party programs, make sure that your antivirus software, turn on the option to search for potentially unwanted programs.
If you need more help with Wacatac virus related issues, go to here.
