How To Remove Wpad.dat Malware?


How To Remove Wpad.dat Malware?

Wpad.dat malware is running under windows environment and consumes the system memory, it will install into windows some dll file that create wpad configuration file as a xml folder which located at c:\windows\winsxs\{guid} as 

C:\WINDOWS\SYSTEM32\{F741A8EF-5B49-4374-8C77-EBB6557317CF}\RP931\A0037874\. This xml configuration can be used by hackers to control your computer remotely.

The installation process will create a service as windows system by renaming sppsvc.exe to svchost.com, it will install the 7zip self extracting exe file to windows directory and start the virus automatically, this operation will change your registry entry to run the virus every time you log on or boot your computer. The next time you login or boot up your pc, it will block all anti-virus software from running and download other viruses from remote servers.

Removal Wpad.dat Malware

1) Automatic Solution

If you have an automatic solution to protect your pc from this kind of adware infections, please update it and let it clean up Wpad.dat virus for you (If you don’t have an automatic solution, please skip step 1). Note: If the Wpad.dat file located in c:\windows\winsxs\{guid}, please rename Wpad.dat to Wpad_Backup.exe and Wpad_Backup.exe to Wpad.dat or Wpad2.dat so that your antivirus program will not delete it again when you scan the file in next time.

2) Manual Solution

If you happen to catch Wpad.dat adware infection, please do the following steps to remove Wpad.dat manually .

Please print out these instructions as you may need to shut down your computer and follow these steps. If you have a malware/adware infected computer with slow internet connection, it’s better if you do it using pen and paper. Note: Please by aware that Wpad.dat malware, Wpad2.dat or Wpad_Backup.exe can reinstall itself multiple times on your computer if you don’t delete its core files on each installation, so scan your pc for Wpad.dat adware infections regularly to avoid the Wpad.dat adware re-installed to your computer after you manually removed it.

Step1

1) Disable Wpad.dat Adware Add-on/Extension:

2) Chrome : Click the Wrench icon  on the browser toolbar select “Tools” and click again “Extensions”. Find out Wpad.dat entries , disable them by clicking on the recycle bin button next to it.

3) Firefox : Type in URL bar ‘ about:addons ‘, find Wpad.dat entries, disable them .

4) Internet Explorer : Click Tools icon on the browser toolbar select “Manage add-ons”, delete Wpad.dat entry.

Step2

  1. Reset Browser Settings (homepage/new tab page/default search): 
  2. Chrome Users Can Try Wrench Icon -> Options -> Under the hood ‘Reset browser settings’ button Firefox 
  3. Type in URL bar about:config, search for keywords.simplyredirect.com, double click this preference to reset it’s value to empty and restart your browser. 
  4. In Internet Explorer type in URL bar http://www.iereset.com
  5. Check ‘ Delete personal settings ‘ option and click ‘Reset’ Button Please close all opened chrome, firefox and IE windows after you have completed Wpad.dat manual removal, then reopen your web browser again..

Step3

Scan Wpad.dat Files on PC with ESET Online Scanner

1) Open your internet browser, click the Wrench icon  on the browser toolbar select “Tools” and click again “Internet Options”.

2) Go to the “Advanced” tab and hit the “Reset” button. (See screenshot below)

3) Check “Delete personal settings”, check “Empty Personal Settings : Click ‘Reset’ Button”, then click on the ‘Reset’ button . (See screenshots below).

4) After completing Wpad.dat manual removal, restart your computer again to check if Wpad.dat ads are still popups on your computer.

Removal Instructions Of Wpad.dat Malware

Steps of Removal

1st Step

Restart your computer into Safe Mode with Networking. You can do this any time by pressing F8 key as your pc reaches to the boot selection menu, after you see window information about safe mode and others, choose safe mode with networking as shown below picture.

2nd Step

In safe mode with networking press “Start” button -> Type “appwiz.cpl” without quotes -> Choose wpad from programs list and Press Uninstall button.

3rd Step

Press Ctrl+Shift+Esc keys together and Task Manager will be opened (use this in case step 2 doesn’t work), find all files related to wpad malware and kill them.

4th Step

Go to the start menu, type “regedit” without quotes and open the registry editor (click yes on UAC alert box), find all entries related to wpad malware and delete them all.

5th Step

Restart your computer normally, download a trusted anti malware tool and remove any infection or suspicious file inside your computer.

For more custom or advance task you can use this program to remove wpad.dat malware easily called Malwarebytes anti malware where I get a lot of help while writing this removal guide, below picture shows how to download and install it:

6th Step

Run Malwarebytes anti malware software, update first then perform a full scan, select all items detected by the antimalware tool and remove them all.

7th Step

Restart your computer normally, for the final step you will need to initialize system restore from safe mode with networking again. To do this follow instruction in step 1 but choose “Safe Mode with Command Prompt” instead of safe mode with networking as shown in the picture below:

8th Step

Type ” rstrui.exe” without quotes and run system restore, choose any date before the wpad.dat malware is running under your computer, after that apply all available options in this window then restart your computer normally.

Following these steps One can easily protect their environment from impact of Wpad.dat Malware.

Impact of Wpad.dat Malware

  1. Wpad.dat malware will download and install other harmful software without permission.
  2. Wpad.dat Malware can block anti-virus programs from running properly, you may not be able to run anti-virus software or your computer is getting slower than before.
  3. Wpad.dat malware will disable firewall settings from windows security center automatically.

Conclusion:

Wpad.dat malware is a dangerous adware, it can popup infected websites on your computer and hijack your internet browser and track your online activities and sensitive information like password, credit card number and etc, Wpad.dat can collect all this information and send to remote hackers for their illegal purposes.

Wpad.dat infection come with the software bundle and you can’t avoid Wpad.dat installation if you don’t uncheck the bundled software, so its better for you to install a trusted antivirus or antimalware tool on your computer before Wpad.dat get chance to run under your computer, because Wpad.dat malware start automatically when you login into Windows operating system, but Wpad.dat is easy to remove by following Wpad.dat Removal Instructions above, Wpad.dat malware will not damage your PC but Wpad.dat installation in PC is not recommended because Wpad.dat can cause many strange behaviors on your computer and if you don’t remove Wpad.dat in time it can make Wpad.dat infection very hard to remove later. 

Recent Posts