Virus Removal Guides

Walliant Virus

Walliant

Walliant is a rogue piece of software categorized by experts as a Trojan Horse threat. Walliant can tamper with the Registry and Startup settings to gain persistence and then perform various actions that the user hasn’t authorized and that can put the PC in danger.

Walliant

It’s strongly advisable to begin the process of deleting this malware from your computer the moment you notice its presence. Though it isn’t the most harmful or aggressive Trojan Horse, it can still put your PC at risk and should therefore be eliminated.

Some antivirus programs detect the following two threats when they scan a computer infected with the Walliant virus: 

  • Trojan.Agent.VBS, HKU\S-1-5-21-1901670056-2460903388-3128379783-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINDOWS UPDATES SERVICE
  • PUP.Optional.InstallCore, HKU\S-1-5-21-1901670056-2460903388-3128379783-1001\SOFTWARE\CSASTATS\ic

What is Walliant?

Walliant is a Trojan Horse disguised as a dynamic desktop wallpaper app and can be downloaded for free. Once Walliant gets installed, it makes changes in the system Registry to make its removal more difficult and to gain elevated privileges.

With elevated privileges, this rogue software could install additional unwanted and dangerous apps on your computer, as well as spy on you or tinker with different aspects of the system without your knowledge or permission. Although it doesn’t seem to cause any direct damage to the infected systems, it could easily be exploited as an espionage tool or as an aggressive advertising program aimed at promoting dubious and potentially unsafe sites, software, or online services. If you have started noticing any questionable pop-ups on your computer (regardless of whether the browser is currently open or not), those are likely from Walliant and shouldn’t be interacted with, or else you may get sent to rogue sites with misleading and harmful content.

Walliant version 1.0.0.1

Walliant version 1.0.0.1 is the latest version of the Trojan Horse of the same name. Walliant 1.0.0.1 is the version of this virus that the majority of users get infected with – 89% of Walliant installations are of this version.

This version of the virus is known for leaving behind files and folders as well as Registry directories and values after it gets uninstalled, so it’s not enough to simply run the uninstaller of the rogue app. Still, the fact that there’s an actual uninstaller should make the removal of the virus easier. The uninstaller executable comes with the Walliant app – the one that is supposed to provide you with a dynamic desktop.

On a related note, even if you are satisfied with the functionality of the dynamic desktop function, it’s still not advisable to keep Walliant on your computer. If you want a dynamic desktop, there are better options out there that won’t put your system in danger.

The Walliant virus

The Walliant virus is a dangerous Trojan Horse distributed with the help of a dynamic desktop app of the same name. The Walliant virus can endanger the safety of your computer by making unauthorized changes in its settings that can open it to hacker attacks.

In many cases, users don’t realize when the Walliant app that carries the Trojan components gets installed on their computers. This is because it is often distributed via misleading web-ads, spam messages, and, of course, file bundles. It is, therefore, essential to be on the lookout for such questionable content so that you’d avoid it rather than interact with it. It is especially important that you always first research any new free programs you may want to download, in order to find out if other users or security experts have made any warnings about unwanted built-in components present in those programs.

SUMMARY:

NameWalliant
TypeTrojan
Detection Tool

OFFER *Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. SpyHunter's EULA,  Privacy Policy, and more details about Free Remover.

How to remove Walliant

To remove Walliant, you need to run its uninstaller and then clean whatever data has been left behind.

  1. Run the uninstaller of the Trojan program and complete the uninstallation.
  2. Visit the Task Manager and end any processes that may be linked to Walliant.
  3. Delete the remaining files and folders that the Trojan has left behind, and also clean the Hosts file and the list of Startup items.
  4. To remove Walliant, clean the Registry from any remaining rogue items.

More details about each of those steps have been provided below, and you are advised to read them before attempting to delete the Trojan.

Step 1

Copy the next line, open the Start menu, and paste it in its search bar:

  • C:\Users\UserName\AppData\Local\Programs\Walliant\unins000.exe

Press Enter and if you are required to give Admin permission, click on Yes.

When the uninstaller opens, go through its steps, making sure that no data or settings for the rogue program are left behind (some data and settings will still be left behind, but we will take care of them in a moment).

Step 2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Go to the Task Manager (Ctrl + Shift + Esc) and select Processes. See if there is a process with the Walliant name or anything close to it and if there is, right-click it, open the File Location, and delete the folder you get sent to.

If there isn’t a process with that, look for other suspiciously-named entries, especially ones that have high CPU and virtual memory consumption, and look up their names on the Internet to find out if they may be malicious. Also open their file locations and scan the files in them with the next free online scanner – if one or more of the files are detected to be rogue, this means that the process is malicious as well.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If it turns out that the suspected process may be a threat, stop it and delete its File Location folder.

    Step 3

    It’s best to get your computer into Safe Mode for the next steps – this could help prevent Walliant from re-launching any of the processes you may have stopped during the last step.

    Step 4

    Next, find the files listed below and delete them – those are files that Walliant has likely left on your PC behind after the uninstallation from Step 1:

    • C:\Users\UserName\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\walliant.exe.log
    • C:\Users\UserName\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\C__Users_UserName_AppData_Local_Programs_Walliant_walliant_exe
    • C:\Users\UserName\AppData\Local\Programs\Walliant\AsyncBridge.Net35.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\Countly.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\Newtonsoft.Json.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\sdk.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\SharpRaven.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\System.Threading.dll
    • C:\Users\UserName\AppData\Local\Programs\Walliant\walliant.exe
    • C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Recent\Walliant.lnk
    • C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant\Walliant.lnk

    Also, go to the following folders and delete them too:

    • C:\Users\UserName\AppData\Local\Programs\Walliant
    • C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant

    If any of the files or folders from this step cannot be deleted right now, leave them for the time being and focus on the next steps. Upon completing the rest of this removal guide, come back to delete whatever files or folders are left.

    Step 5

    Use the Start menu to search for msconfig, open the first shown app, and select the Startup tab in its window. There, look for anything that you think maybe from Walliant and uncheck it. Also, uncheck any other entries that you are not familiar with or that have “Unknown” in the Manufacturer column. After that, click OK so that the changes you’ve made would be saved.

    Next, open This Computer/Computer, go to the hard drive where your Windows OS is installed (it’s usually the C: drive) and find and open the following folder: Windows/System32/drivers/etc. In that folder, there should be a file named Hosts – double-click it and then click on Notepad to open the file with it.

    Next, see what (if anything) is written below the last “Localhost” word. If there is any text or IPs there, copy them, paste them in the comments and wait for us to reply to your comment. We will soon let you know if your Hosts file has been hijacked by the Trojan and if you should delete that text from it.

    Step 6

    Search for the regedit.exe app in the Start Menu, click it, and select Yes if you are required to give your Admin permission.

    Next, press Ctrl + F, type Walliant, and click the Find Next button. Delete the first item that gets found, search for the next one, and continue like that until you’ve deleted all Walliant entries and there are no more search results.

    After that, manually find the following Registry directories in the left panel and delete them:

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E72E2194-F430-4F4A-A262-1C8FF081B3A5}_is1
    • HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\walliant_RASAPI32
    • HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\walliant_RASMANCS

    Also, do the same with these next Registry items (values):

    • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\UserName\AppData\Local\Programs\Walliant\unins000.exe.ApplicationCompany
    • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\UserName\AppData\Local\Programs\Walliant\unins000.exe.FriendlyAppName
    • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\UserName\AppData\Local\Programs\Walliant\walliant.exe.ApplicationCompany
    • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\UserName\AppData\Local\Programs\Walliant\walliant.exe.FriendlyAppName
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-273664235-295862013-2312319920-1001\\Device\HarddiskVolume2\Users\UserName\AppData\Local\Programs\Walliant\unins000.exe
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-273664235-295862013-2312319920-1001\\Device\HarddiskVolume2\Users\UserName\AppData\Local\Programs\Walliant\walliant.exe

    After you are done with that, remember to try once again to delete any files that you may have been unable to remove while completing Step 3.

    If Walliant doesn’t go away

    In case you haven’t been able to delete Walliant despite completing all the steps we’ve shared here, it is recommended that you either contact an IT professional from your area who can have a look at your PC or that you use a reliable removal tool that can deal with this Trojan for you. 

    For obvious reasons, we cannot help you with the latter option, but what we can do is recommend to you a powerful anti-malware program capable of deleting malware like Walliant in addition to keeping the computer safe against incoming threats. If you are interested and would like to give it a try, you can find the tool linked throughout the guide above.

    Exit mobile version