Ransomware cryptovirus malware infections are truly among the worst software threats that can target your computer and there are several reasons for that. First and foremost, they operate rather differently in comparison to other kinds of malware which makes them both difficult to detect on time and deal with it in an effective way. Here, we are going to focus on the .Datawait cryptovirus as this is a newer Ransomware version and our readers need to be well informed with regards to its characteristics, the most common ways one can get their computer infected with it and the best possible ways to counteract such an infection.
.Datawait and its encryption
The main purpose of this piece of malware is to make the personal user files on the computer inaccessible by applying an advanced file encryption that can usually only be removed through the use of a unique decryption key. Of course, the only ones who initially have the said key are the hackers in control of the virus. They harass and blackmail their victims into paying a ransom for the decryption key – if the users want to have the access to their locked data restored, they are supposed to make the requested payment following specific instructions provided to them via a ransom message which gets displayed once .Datawait has completed its insidious task.
Courses of action you can take
If the sum isn’t too high or if the files that have gotten locked up are really important, a lot of users might actually consider paying the money. However, we advise you not to do that if you are in a similar situation as you may simply lose the money you send without really getting any files back. This is also the reason why we have posted a removal guide for .Datawait with included suggested file-recovery options.
Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.
1: Using Safe Mode
Before beginning to troubleshoot the issue, you are advised to enter Safe Mode on your PC. If you do not know how to do that, use this guide on how to enter Safe Mode.
2: Spotting the process
Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.
Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.
Go back to the Task Manager and end the potentially harmful process.
3: Hosts file IP’s
Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses.
4: System Configuration Startup Programs
Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.
Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.
6: Deleting potential virus files
Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.