Wajam is an adware program that displays advertisements in search engine result pages and possibly other social sites that you visit. In order to inject these ads, Wajam will install browser extensions and Windows drivers that allow it to inject these advertisements when you browse the web.

How to remove the Wajam Rootkit (Removal Guide)

• Wed, 08 Jun 2016 21:10:25 EDT
• Read 529 times

Wajam is an adware program that displays advertisements in search engine result pages and possibly other social sites that you visit. In order to inject these ads, Wajam will install browser extensions and Windows drivers that allow it to inject these advertisements when you browse the web. These injected advertisements look similar to the ones shown in the image below.
What is most concerning, though, is that Wajam also installs a rootkit onto the computer in order to hide a random named folder in the C:\Program Files folder. As shown below, if a user opens the C:\Program Files folder, they will not see Wajam's folder as it will be hidden by the Wajam Rootkit driver.
When you run a scan using the Gmer Rootkit Scanner, though, you can see that there is a folder hidden by the rootkit in the C:\Program Files folder. Once you remove the rootkit, this folder would be visible like any other.
It goes without saying that the use of a rootkit to hide folders from a computer owner is unacceptable. In my opinion, anything that goes to these lengths to hide a folder is extremely suspect and should be immediately removed.
How did the Wajam Rootkit get on my computer?

It is important to note that Wajam is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, in the future it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers youÂ*CustomÂ*orÂ*AdvancedÂ*installation options, you should select these options as they will typically disclose what other 3rd party software will also be installed. Furthermore, if the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.
Last, but not least, Wajam constantly changes the filenames, folder names, and registry entries associated with the adware. My guess is it does this to avoid detection by security scanners. does this to avoid detection by security programs. Some of the different folder names that it has used are Wajam, WajaNetEn, WNetEnhance, WajaIEnhancer, WWebE, and WajWebEnhance.
Even without a rootkit, the ads injected by Wajam are a nuisance. If you take into account that it also uses a rootkit to hide its presence, in my opinion, you should remove the program immediately. To remove Wajam Rootkit, please use the free removal guide below.
Array
View Associated Wajam Rootkit Files C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWebE\ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWebE\Settings.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWebE\SignIn with Twitter.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWebE\uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWebE\Wajam Website.lnk C:\ProgramFiles\[random]\


View Associated Wajam Rootkit Registry Information HKCU\Software\WajIEnhance HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} HKLM\SOFTWARE\Classes\CLSID\{649CCF8F-C1C9-4275-88B7-31CA8B31154C} HKLM\SOFTWARE\Classes\CLSID\{F44DC845-F9E1-4907-8D9C-1472F72E8326} HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{649CCF8F-C1C9-4275-88B7-31CA8B31154C} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F44DC845-F9E1-4907-8D9C-1472F72E8326} HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} HKLM\SOFTWARE\Classes\Wow6432Node\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E HKLM\SOFTWARE\Classes\Wow6432Node\AppID\priam_bho.DLL HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} HKLM\SOFTWARE\Classes\wajam.WajamBHO HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 HKLM\SOFTWARE\Classes\wajam.WajamDownloader HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 HKLM\SOFTWARE\WWebE HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d743c30262b0394de4dd484c4463635 0 HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{649CCF8F-C1C9-4275-88B7-31CA8B31154C} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F44DC845-F9E1-4907-8D9C-1472F72E8326} HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} HKLM\SOFTWARE\Wow6432Node\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E HKLM\SOFTWARE\Wow6432Node\Classes\AppID\priam_bho.DLL HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} HKLM\SOFTWARE\Wow6432Node\WWebE HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d743c30262b0394de4dd484c4463635 0 HKLM\SYSTEM\CurrentControlSet\services\[random] HKLM\SYSTEM\CurrentControlSet\services\[random] HKLM\SYSTEM\CurrentControlSet\services\[random]







Click here to view the article.