W32.Waledac.D
W32.Waledac.D is a computer worm that mainly spread over the Internet via email. On this page is a detailed report and removal procedure to extract the worm from your PC.
W32.Waledac.D is a computer worm that may open a backdoor on the infected system. Through this process, remote attacker may gain illegal access and control the PC. W32.Waledac.D will spread via email messages. It uses the compromised computer to mass-send a copy of itself.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Once executed, W32.Waledac.D will create numerous files on different vital locations of the infected PC. Some of these files are harmful and other is just simply a support file to get the task done.
The worm will also add registry entry to make itself load on every Windows start-up. Once running on the computer, the worm will create a backdoor that will serve as doorway for the following actions:
- Receive commands from a remote attacker
- Download and run another threat
- Send emails to addresses gathered from the computer
- Steal confidential data from the affected PC
W32.Waledac.D also monitors network traffic. It will try to gather sensitive information like Bitcoin wallet account, File Transfer Protocol (FTP) user name and password, and other similar online accounts. Next, it will connect to a remote server to download and execute other files that has other functions.
Distribution
The worm typically spreads via email. It will gather email address from the infected PC and sends an email to each of them. Email body contains a link that will lead to a copy of the worm placed on a distant server. The same scheme runs on every computer that was infected with W32.Waledac.D.
How to Remove W32.Waledac.D
Restore Windows Components
During an infection, W32.Waledac.D drops various files. The worm intentionally hides system files by setting options in the registry. With these accomplishments, the best solution is to return Windows to previous working state is trough System Restore. If previous restore point is saved, you may proceed with Windows System Restore.Manual Removal Procedure
1. If an anti-virus program is present, update the definition file. Each anti-virus program has its own way to update the database. Please refer to your software manufacturer’s manual.
2. Reboot Windows in Safe Mode to ensure that only minimal Windows components are loaded.
- After turning on the power of the computer, press F8 on your keyboard.
- It will display the Boot Options menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected files related to W32.Waledac.D.
4. Delete or modify any values added by W32.Waledac.D to the registry if present. Please see the reference.
- To edit the registry, click on Start > Run and type regedit.exe in the field.
- Alternatively, you may press Windows Key + R on your keyboard to open the RUN command.
5. Exit registry editor when done. You may now restart the computer.
Removal Tool
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses and Trojans.Alternative Removal Method for W32.Waledac.D
Option 1 : Use Windows System Restore to return Windows to previous state
If W32.Waledac.D enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32.Waledac.D infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : W32.Waledac.D manual uninstall guide
IMPORTANT! Manual removal of W32.Waledac.D requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to W32.Waledac.D.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for W32.Waledac.D files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by W32.Waledac.D.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.