What is Wajam?
The Malwarebytes research team has determined that Wajam is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Wajam?
You may see this entry in your list of installed programs:
and this warning during install:
Not shown when bundled
How did Wajam get on my computer?
Adware applications use different methods for distributing themselves. This particular one was downloadd from their site.
How do I remove Wajam?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. It is advisable however to use the generic uninstaller (see screenshot above).
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Wajam completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Wajam adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O23 - Service: Wajam Internet Enhancer Service - Wajam Internet Technologies Inc. - C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\aa4c70e4414a600b5b01ed Adds the file $shtdwn$.req"="10/17/2014 2:36 PM, 0 bytes, HA Adds the file 1.185.3248.0_to_1.185.3489.0_mpasdlta.vdm._p"="10/16/2014 5:31 PM, 317815 bytes, A Adds the file mpasdlta.vdm"="10/17/2014 2:36 PM, 979192 bytes, A Adds the file MpMiniSigStub.exe"="9/15/2014 9:06 AM, 28320 bytes, A Adds the folder C:\Program Files\Wajam Adds the file uninstall.exe"="9/24/2014 4:03 PM, 754564 bytes, A Adds the folder C:\Program Files\Wajam\Logos Adds the folder C:\Program Files\Wajam\Wajam Internet Enhancer Adds the file FiddlerCore.dll"="3/12/2014 3:50 PM, 370176 bytes, A Adds the file HtmlAgilityPack.dll"="3/12/2014 3:50 PM, 134144 bytes, A Adds the file makecert.exe"="3/12/2014 3:50 PM, 55632 bytes, A Adds the file Newtonsoft.Json.dll"="3/12/2014 3:50 PM, 436224 bytes, A Adds the file WajamHttpServer.exe"="9/24/2014 4:03 PM, 47616 bytes, A Adds the file WajamInternetEnhancer.exe"="9/24/2014 4:03 PM, 84480 bytes, A Adds the file WajamInternetEnhancerService.exe"="9/24/2014 4:03 PM, 305152 bytes, A Adds the file wie"="10/17/2014 2:35 PM, 87 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam Adds the file Settings.lnk"="10/17/2014 2:35 PM, 1166 bytes, A Adds the file SignIn with Facebook.lnk"="10/17/2014 2:35 PM, 1176 bytes, A Adds the file SignIn with Twitter.lnk"="10/17/2014 2:35 PM, 1168 bytes, A Adds the file Wajam Website.lnk"="10/17/2014 2:35 PM, 1138 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam Adds the file uninstall.lnk"="10/17/2014 2:35 PM, 1851 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] "DisplayIcon"="REG_SZ", "C:\Program Files\Wajam\Logos\wajam.ico" "DisplayName"="REG_SZ", "Wajam" "DisplayVersion"="REG_SZ", "2.16 (i2.5)" "Publisher"="REG_SZ", "Wajam" "UninstallString"="REG_SZ", "C:\Program Files\Wajam\uninstall.exe" "URLInfoAbout"="REG_SZ", "http://www.wajam.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wajam] "pxyupd"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wajam\Wajam Internet Enhancer] "aid"="REG_SZ", "3672" "aid2"="REG_SZ", "none" "bih"="REG_SZ", "http://www.wajam.com/proxy/logging" "install_timestamp"="REG_SZ", "1413549267" "install_timestamp2"="REG_SZ", "" "mid"="REG_SZ", "c5b0ec3b7e65e886fe8626c9109861b2" "uid"="REG_SZ", "5ABDF33087498F3919226AD7EE86F367" "update_url"="REG_SZ", "http://www.wajam.com/addon/mapping" "ver"="REG_SZ", "2.16" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wajam Internet Enhancer Service] "DisplayName"="REG_SZ", "Wajam Internet Enhancer Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\Wajam] "affiliate_id"="REG_SZ", "3672" "unique_id"="REG_SZ", "5ABDF33087498F3919226AD7EE86F367"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/17/2014 Scan Time: 2:39:28 PM Logfile: mbamWajam.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.17.04 Rootkit Database: v2014.10.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 270226 Time Elapsed: 3 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.Wajam, C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe, 3120, Delete-on-Reboot, [17b170a5d7a56ec82c2b714132cf29d7] PUP.Optional.Wajam, C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe, 1616, Delete-on-Reboot, [bc0ce3323349e84e0b4c8f238c7510f0] Modules: 2 PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\FiddlerCore.dll, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], Registry Keys: 4 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Internet Enhancer Service, Quarantined, [17b170a5d7a56ec82c2b714132cf29d7], PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam, Quarantined, [19af75a094e893a3a5073b46ac58b14f], PUP.Optional.Wajam.A, HKCU\SOFTWARE\WAJAM, Quarantined, [b90f6baa80fc45f1aedec7a3d034a957], PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam, Quarantined, [507867ae3745092d244f8863a0623ec2], Registry Values: 1 PUP.Optional.Wajam.A, HKCU\SOFTWARE\WAJAM|affiliate_id, 3672, Quarantined, [b90f6baa80fc45f1aedec7a3d034a957] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.Wajam.A, C:\Program Files\Wajam, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam, Quarantined, [71578e878af2c4720b03c924ec1649b7], Files: 71 PUP.Optional.Wajam, C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe, Delete-on-Reboot, [17b170a5d7a56ec82c2b714132cf29d7], PUP.Optional.Wajam, C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe, Delete-on-Reboot, [bc0ce3323349e84e0b4c8f238c7510f0], PUP.Optional.Wajam, C:\Users\{username}\Desktop\wajam_setup.exe, Quarantined, [a91fbe57ceae58de95c2852d1ce5f20e], PUP.Optional.Wajam.A, C:\Program Files\Wajam\uninstall.exe, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\amazon.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\argos.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\ask.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\bestbuy.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\ebay.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\etsy.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\facebook.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\favicon.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\google.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\homedepot.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\ikea.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\imdb.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\lowes.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\mercado.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\mysearchweb.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\myshopping.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\searchresult.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\sears.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\setting.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\settings.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\shopping.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\target.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\tesco.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\tripadvisor.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\twitter.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\wajam.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\walmart.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\wiki.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\yahoo.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Logos\zalando.ico, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\00e082dbb3e01101f684b99df40ec12f, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\2845734c09907de22309ed6090c7c5b9, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\662a329b0a46461d0198243d228ceda7, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\a12534f1688fe7d400f8d5ec8c062411, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\FiddlerCore.dll, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\HtmlAgilityPack.dll, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\makecert.exe, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll, Delete-on-Reboot, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\wie, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\Program Files\Wajam\Wajam Internet Enhancer\WJManifest, Quarantined, [507867ae3745092d244f8863a0623ec2], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk, Quarantined, [71578e878af2c4720b03c924ec1649b7], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention