Home Blog

W32.Waledac.C!gen2 Removal – How to Remove W32.Waledac.C!gen2 from Your Computer

Posted by in Blog Worm
on November 27th, 2012 | Leave a comment

W32.Waledac.C!gen2 can be classified as a worm. It is a disaster for the compromised computer. Hackers send spam emails containing malicious links and when a user click on the link the worm can infect the computer immediately. Like other worm virus, it will infect all removable drives connected to the compromised computer. Moreover, W32.Waledac.C!gen2 can give hackers remote access to the system and allow them to monitor or control the computer. If your computer is infected and you do not remove it in time, your computer will probably be infected by other pc threats. It is detected that such back door is widely used to distribute rogue software like Personal Protector 2013. If you are one of the victims of the infection, you can learn how to remove W32.Waledac.C!gen2 completely here.

Problems caused by W32.Waledac.C!gen2
Antivirus program is blocked
Web browser is redirected
Pop-up or advertisement show up
Online account is stolen

How to remove W32.Waledac.C!gen2 manually
Manual way is to stop malicious processes, delete malicious files and remove related registry entries. When the worm gets into the computer, it will drop copies of itself and change registry values. It is necessary to wipe off all traces of the infection.
1. Run task manager and kill related processes

2. Delete following files

%System%\Packet.dll
%System%\drivers\npf.sys
%System%\wpcap.dll

3. Delete registry entries created by W32.Waledac.C!gen2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”MozillaAgent” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe”
HKEY_CURRENT_USER\Software\Mozilla\”AppID” = “[RANDOM CHARACTERS]”
HKEY_CURRENT_USER\Software\Mozilla\”ID” = “[RANDOM NUMBER]”
HKEY_CURRENT_USER\Software\Mozilla\”ID2″ = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\Mozilla\”ID3″ = “[BINARY DATA]“

How to remove W32.Waledac.C!gen2 easily
If manual way is too difficult for you and you want an easier way to get rid of the worm, your best choice is to use a virus removal program, which can scan the computer thoroughly, find out infection and remove it completely. Are you looking for such a W32.Waledac.C!gen2 removal program? If your antivirus program can not remove the worm even in safe mode with networking, try Spyware Cease, a professional antispyware program. This program is recommended to deal with various pc threats including Trojans, adware, spyware and malware. If W32.Waledac.C!gen2 brings other threats to your computer, I believe Spyware Cease will pick them up at the same time.

Leave a Reply