How to remove Wacatac trojan from computer (Virus removal guide)

What is Wacatac trojan?

According to security experts, Wacatac (Trojan:Win32/Wacatac) is a malware, which is a trojan designed to steal banking credentials and credit/debit card details. It may also perform other malicious actions, such as monitoring the user’s web browsing behavior, connecting to remote servers and so on. Typically, criminals use phishing emails and ‘cracks’ to spread this malware.

43 security vendors and no sandboxes flagged Wacatac file as malicious

Trojans, and Wacatac in particular, can do great harm to users, since they are capable of collecting user data (for example, logins and passwords) and banking information. The criminals behind this malware do it for the purpose of generating revenue. User monitoring and data collection can lead to significant financial losses; Criminals can use stolen bank information for transfers and purchases. They can also monetize the victim’s contacts, social media accounts, and email addresses in one way or another.

Any malware is a serious threat. Trojans usually infect a computer with other types of malware. Trojans can download and run other very dangerous malware such as ransomware and cryptominers. Especially dangerous are ransomware that secretly encrypt the victim’s files and then demand a ransom to decrypt them. The recovery of encrypted files becomes impossible in most cases. Ransomware can lead to the loss of personal documents and important data. Cryptominers are malware that uses computer resources to secretly mine cryptocurrency. This process uses up a lot of system resources, which means that it slows down the speed of the computer. Moreover, cryptominers can lead to overheating of the main components of the computer and their failure. Trojans are also used to infect computers with browser hijackers and adware. This malicious software is less dangerous than ransomware or cryptominers, but it causes intrusive ads and unwanted browser redirects. In some cases, Trojans have capabilities that allow criminals to remotely control the infected computer. Thus, the presence of Trojans on a computer can lead to serious problems, loss of personal data, large financial losses, damage to computer parts, and much more.

Threat Summary

Name	Wacatac trojan (Trojan:Win32/Wacatac)
Type	Trojan, Banking malware, Password stealing virus, Spyware
Associated malicious files (email attachments)	DHL Shipment Notification, DHL Shipment Notification 3300777400-Delivery for 10 july 2019_pdf.gz
Detection Names	Win-Trojan/VBKrypt.RP09.X1977, Trojan/Generic.ASMalwS.2C0269E, Win32:CrypterX-gen [Trj], HEUR/AGEN.1238977, Trojan.Zmutzy.Pong.2, Trojan.Win32.VBKryjetor.bzrz, PWS:Win32/Fareit, Gen:Heur.PonyStealer.Pm0@fyTz8Iji, Win.Malware.Midie-7056083-0, Win32/PSW.Fareit.A, Trojan.VB.Agent, BehavesLike.Fareit.dc
Distribution methods	Spam mails that contain malicious links. Malicious downloads that happen without a user’s knowledge when they visit a compromised webpage. Social media, such as web-based instant messaging applications.
Removal	Wacatac trojan removal guide

On the Internet, users can come across many Trojans that perform various malicious actions. Among them there are such as AnarchyGrabber Stealer and DPD Delivery Email virus, although, of course, there are many more. Some of them collect user data, others install malware on computers, and still others add infected computers to botnets, and so on. In any case, each Trojan is a huge threat to both user privacy and computer security. Therefore, Trojans must be removed immediately after detection; using an infected computer is very dangerous.

How to remove Wacatac trojan (Malware removal guide)

If you accidentally run the file attached to a spam email, or suspect that your computer is infected with the Wacatac trojan, then you need to follow the steps, which are given below. You may find some minor differences in your MS Windows install. No matter, you should be okay if you follow the steps outlined below: kill Wacatac process, remove Wacatac file, scan computer for malware. Some of the steps will require you to reboot your personal computer or close this web-site. So, read this guidance carefully, then bookmark this page or open it on your smartphone for later reference.

The below guidance for devices using Microsoft Windows, for Android phones, use How to remove virus from Android phone, and for Apple computers based on Mac OS use How to get rid of browser hijacker, pop-ups, ads from Mac

To remove Wacatac trojan, complete the steps below:

Kill Wacatac trojan
Disable Wacatac trojan start-up
Scan computer for malware

Kill Wacatac trojan

Press CTRL, ALT, DEL keys together.

Click Task Manager. Select the “Processes” tab, look for something suspicious that is the Wacatac trojan then right-click it and select “End Task” or “End Process” option. If your Task Manager does not open or the Windows reports “Task manager has been disabled by your administrator”, then follow the guide: How to Fix Task manager has been disabled by your administrator.

In most cases, malicious software masks itself to avoid detection by imitating legitimate Microsoft Windows processes. A process is particularly suspicious: it’s taking up a lot of memory (despite the fact that you closed all of your applications), its name is not familiar to you (if you’re in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).

Disable Wacatac trojan start-up

Select the “Start-Up” tab, look for something suspicious that is the Wacatac trojan, right click to it and select Disable.

Close Task Manager.

Scan computer for malware

We suggest using the Zemana Anti-Malware that are completely clean your computer of the Wacatac trojan. The utility is an advanced malicious software removal program developed by (c) Zemana lab. It’s able to help you remove PUPs, viruses, adware, malware, toolbars, ransomware and other security threats from your computer for free.

Installing the Zemana is simple. First you will need to download Zemana Anti Malware from the following link. Save it on your MS Windows desktop or in any other place.

Zemana AntiMalware
154944 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

Once downloading is finished, start it and follow the prompts. Once installed, the Zemana will try to update itself and when this task is done, click the “Scan” button to begin scanning your PC for the Wacatac trojan, other malicious software and trojans.

A system scan can take anywhere from 5 to 30 minutes, depending on your PC system. Review the report and then press “Next” button.

In order to be 100% sure that the computer no longer has the Wacatac trojan, we recommend using MalwareBytes . This free utility is an advanced malicious software removal application designed by (c) Malwarebytes lab. This tool uses the world’s most popular anti-malware technology. It’s able to help you remove spyware, trojans, worms, adware, toolbars, ransomware and other malware.

MalwareBytes can be downloaded from the following link. Save it to your Desktop.

Malwarebytes Anti-malware
310338 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

After the downloading process is complete, run it and follow the prompts. Once installed, MalwareBytes will try to update itself and when this procedure is finished, click the “Scan” button to perform a system scan with this utility for the Wacatac trojan, other malware and trojans. Make sure to check mark the threats which are unsafe and then press “Quarantine” button.

MalwareBytes is a free malware removal tool that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we advise you to read and follow the step-by-step guide or the video guide below.

How to stay safe online

Using an adblocker such as AdGuard will protect you from harmful websites, misleading ads and phishing content. Moreover, you can find that AdGuard have an option to protect your privacy and stop spam web pages. Additionally, ad blocking software will help you to avoid unwanted pop-ups and unverified links that also a good way to stay safe online.

Visit the following page to download AdGuard. Save it on your Desktop.

When downloading is finished, double-click the downloaded file to start it. The “Setup Wizard” window will show up on the computer screen as shown on the screen below.

Follow the prompts. AdGuard will then be installed and an icon will be placed on your desktop. A window will show up asking you to confirm that you want to see a quick guidance as shown on the screen below.

Click “Skip” button to close the window and use the default settings, or click “Get Started” to see an quick guide that will allow you get to know AdGuard better.

Each time, when you run your PC, AdGuard will start automatically and stop unwanted advertisements, block phishing websites, as well as other harmful or misleading web-pages. For an overview of all the features of the program, or to change its settings you can simply double-click on the AdGuard icon, that is located on your desktop.

Finish words

Now your computer should be clean of the Wacatac trojan. We suggest that you keep AdGuard (to help you block unwanted pop-up advertisements and unwanted malicious webpages) and Zemana (to periodically scan your device for malware, browser hijackers and adware). Make sure that you have all the Critical Updates recommended for Microsoft Windows OS. Without regular updates you WILL NOT be protected when new trojans, ransomware and malware are released.

If you are still having problems while trying to remove Wacatac from your computer, then ask for help here.