Wave Browser Malware

Wave browser

Wave browser is a potentially unwanted browsing program developed by Wavesor software that gets installed via file-bundling. Although technically it’s not a virus, the Wave browser is regarded as a rogue app because it tends to make system changes that aren’t authorized by the user.

Wave Browser 1024x685
The Wave browser will display pop up ads and notifications

For the most part, the Wave browser looks like any other browsing program, but the problem is that it might be used by its creators for unauthorized data collection, aggressive advertising, and promotion of unsafe content.

Additionally, there’s some controversy about the true origins of this browser. As we said above, it is developed by a company called Wavesor software. However, with a bit of digging, it quickly becomes apparent that the actual name of the company behind this browser is Polarity Technologies Ltd. According to researchers, the Polarity Technologies Ltd firm is closely related to the Chinese Genimous Technology Co Ltd company – a company often associated with the development and distribution of apps that contain adware and browser hijacker components.

What is Wave browser?

Wave browser is a browsing application that often gets installed without the informed permission of the user and makes unauthorized changes in the system. For those reasons, the Wave browser is regarded as a potentially unwanted program and users are advised to uninstall it.

If you have this program on your PC and have already tried to delete it without succeeding, know that simply uninstalling it is oftentimes not enough to eliminate the Wave browser. This app makes changes in the system Registry and in other system settings that allow it to regain a foothold in the computer even after having been seemingly uninstalled.

For this reason, it is important to be exhaustive when trying to delete this undesirable software – every file, setting, Registry entry, and process related to it must be removed from the computer. The same can also be said about the program that has likely helped the Wave browser gets installed on your computer – as we said, file-bundling is one of the main distribution methods for this potentially unwanted browser, so it has likely gotten installed on your PC alongside another program.

Is Wave browser safe?

Wave browser is a relatively safe program that won’t try to damage your system or files. However, due to the unauthorized changes it may make on the computer, the Wave browser may jeopardize the safety of your system by exposing it to hackers and malware.

An additional problem with this browser is its data-collecting abilities. While it’s true that nowadays one’s browsing data is being collected by most sites, online services, and apps, it is also true that, for the most part, you are explicitly told how said data would be used and who it may get sold to. In the case of the Wave browser, the fact that it is not exactly clear who is the main owner of the program means that the whole situation regarding the data collected by the browser is rather murky. We cannot say anything for certain, since it’s quite difficult to get any specific information about who’s really behind Wave browser and what their end-goal is. However, it’s exactly because of this that it may simply be better to stay away from this browser by removing it from your system.


WaveBrowser is a potentially rogue browsing program capable of making Registry modifications and other system changes without asking for the user’s approval. WaveBrowser doesn’t harm the system and as a regular browser, but is still regarded as undesirable and may but your system in danger.

If you start using this browser rather than popular ones like Chrome, Firefox, or Edge, you may start seeing unusual and aggressive ads while online, or start getting page-redirected to obscure sites with sketchy content. Obviously, such browser behavior significantly increases the risk of encountering malware threats like Trojans, Worms, Ransomware, or Spyware, as well as landing on phishing pages that try to exfiltrate money from your bank accounts. 

Wave browser malware

Wave browser malware is how some users and researchers refer to the Wave browser app, known for making unwanted system modifications and collecting user data. The Wave browser malware isn’t capable of inflicting damage to the system, but it’s still regarded as potentially unsafe.

Even if you simply don’t use the Wave browser and its presence doesn’t bother you, removing it is still recommended. The changes it has most likely made in the Registry and other system settings are, as was already mentioned, potential security weaknesses that may eventually get exploited by more dangerous malware. Additionally, in some cases, the browser may automatically set itself as the system’s main browser and/or secretly collect browsing data even when you are using a different browser.

Though it may be a bit tricky to remove everything related to this undesirable app, it’s still manageable as long as you make sure to be exhaustive when performing the removal. We will help you delete the Wave browser with the detailed guide we’ve shown below and, if you think you may need extra help, you could also use the powerful anti-malware program posted in the guide to make sure that there’s no rogue data or settings left on the computer.


NameWave Browser
TypeBrowser Hijacker
Detection Tool

anti-malware offerOFFER *Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. SpyHunter's EULA,  Privacy Policy, and more details about Free Remover.

How to remove Wave browser from my computer

To remove Wave browser from your computer, you must first uninstall it the intended way and then delete what data is left from it in the system:

  1. Go to Programs and Features and uninstall Wave browsers from there.
  2. Check for remaining rogue related processes and quit them
  3. Delete startup entries, rogue Hosts file lines and Registry items left behind by the rogue browser.
  4. Delete any remaining rogue files to remove Wave browser from your PC.

You will receive detailed instructions for each step in the lines below, so we advise you to read them carefully.

Step 1

Before beginning the actual removal, disconnect the computer from the Internet – that way the rogue software won’t be able to communicate with the server of its creators and download resources or receive instructions from there that may allow it to evade getting removed.

Step 2


You must first go to your Start Menu, use its search bar to search for the Programs and Features app, and then open it. In the following list of programs, search for the Wave browser entry or for any other suspicious recently installed program and select it.

Next, click the Uninstall button shown above the list and complete the on-screen steps to perform the uninstallation. Do not let the uninstaller trick you into keeping any components related to the programs on the computer – make sure that everything gets uninstalled.

Programs 2

Step 3

Press the keyboard combination shown below to evoke the Task Manager tool:

[Ctrl] + [Shift] + [Esc]

When you open the Task Manager, click the Processes section and look for any processes you think may be from the Wave browser. If you see a process labelled Wavesor, Polarity, or Genimous, know that those, too, are related to the unwanted browser. Another process that is related to the Wave browser is iexplorer.exe, so if it is in your Task Manager, know that it must be stopped as well.

If you see any of the aforementioned processes, right-click them, go to their File Locations, then Quit the rogue processes, and delete the file location folders that you opened.


Also do the same with any other questionable processes with unfamiliar or suspicious names, especially if they are using up lots of virtual memory or CPU, but only after you confirm that those processes are rogue. You can confirm this in a couple of ways:

  • Ask in the comments below about the suspicious processes, and we will reply to your comment, telling you if anything needs to be done.
  • Look up the suspicious process/processes – this will usually grant you the information that you need.
  • Scan the files stored in the process’ file location with the following free online scanner. If a file is detected as a threat, this means that the process is definitely rogue.

Step 4

Enter Safe Mode on your computer – this would hopefully prevent the Wave browser from restarting its unwanted processes and restoring its files.

Step 5

Go to the Start Menu, search for msconfig, press Enter, and click Startup. Anything there named Wave/Wave browser, Polarity, Wavesor, or Genimous (or that has any of those names in the Manufacturer column) must be unchecked. The same applies to any unfamiliar or questionable items you may see there. After unchecking what you think us unwanted, click OK.

Msconfig 3

Search for ncpa.cpl in the Start Menu, click the first item, then right-click the network you use by default, and open Properties.


Next, double-click on Internet Protocol Version 4, enable the Obtain an IP address automatically setting (if it’s not checked), and open Advanced. There, click DNS, delete any IP entries that may be in the DNS server addresses list, and click OK on all windows.

Ncpa2 1024x427

Also go to C:/Windows/System32/drivers/etc, double-click on Hosts, open the file with Notepad, and copy-paste in the comments everything that may be under “Localhost” in the file. If nothing is there, go to the next step from this guide.

Hosts 3
Hosts2 2

Step 6

Use the search bar below the Start Menu to find the regedit.exe app and open it. An Admin permission is usually required for this, so click on Yes if you are required to.

Then go to Edit > Find in the Registry Editor, type Wave browser, if a search result is found, delete that item, perform the same search again, delete the next one, and proceed like this until every “Wave browser” item gets removed.

Regedit 3

Next, in the same way, search and delete all results for “Wavesor”, “Genimous”, and “ Polarity”.

Next, use the panel to the left to manually look for the following Registry items and delete the ones you may find:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion (registry key)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive (registry value)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion (registry value)

Step 7

Lastly, you must see if there are any files left from the rogue program and delete them, but first, you should make the hidden files and folders on your computer visible (if they currently aren’t visible).

Type folder options in the Start Menu, open the Folder Options settings, click the View tab, find and check the “Show hidden files, folders, and drives” option, and select OK.

Next, look at the list of files shown below – most of them should be gone from your computer by now, but some of them may have been left behind, so you must find any such files and delete them. To make this more manageable, we suggest looking at the folders where those files are located, going there, and deleting everything, rather than searching for individual files one by one.

  • C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\T8DRMTJ1\download.wavebrowser[1].xml
  • C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B7A10AB-9685-11EB-90E6-ECF4BB82F7E0}.dat
  • C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B7A10AD-9685-11EB-90E6-ECF4BB82F7E0}.dat
  • C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21A27BA3-9685-11EB-90E6-ECF4BB82F7E0}.dat
  • C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat
  • C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\XHL20WJ3\audiohh1[1].dat
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o18I[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AppEsteem_Seal_Logo[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Privacy[1].htm
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\View[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Wave[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\analytics[1].js
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\modernizr[1].js
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\proper[1].js
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\uninstall-1[1].jpg
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\uninstall-wav2[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\verticalized[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\wave-logo[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkBgv18I[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkM0o18I[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Dark[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOlCnqEu92Fr1MmWUlvAA[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Support[1].htm
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Terms[1].htm
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css2[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css2[2].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\fontawesome-webfont[1].eot
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\uninstall-2[1].jpg
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Blue[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\DOPEBDP8.htm
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Light[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Uninstall[1].htm
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\bootstrap[1].js
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\css[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\fontawesome-webfont[1].eot
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jquery[1].js
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\message-in-a-bottle3[1].svg
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\proper[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\uninstall-wav1[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\uninstall-wav3[1].png
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\v8[1].css
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOiCnqEu92Fr1Mu51QrIzQ[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51S7ABc-[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TLBBc-[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TjARc-[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TzBhc-[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOkCnqEu92Fr1MmgWxM[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOkCnqEu92Fr1Mu52xM[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmEU9vAA[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmSU5vAA[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmYUtvAA[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOmCnqEu92Fr1Me5g[1].woff
  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\js[1].js
  • C:\Users\user\AppData\Local\Temp\~DF7FD3D292BEBED920.TMP
  • C:\Users\user\AppData\Local\Temp\~DF9CB449726F940C42.TMP
  • C:\Users\user\AppData\Local\Temp\~DFF20708508467AF7C.TMP

If Wave browser didn’t get removed

If the problem with this program continues and you have been thus far unable to delete it, we recommend using the advanced anti-malware tool available on this page to clean the system. Note that it’s possible that you could be dealing with a more serious undesirable program such as a Trojan that has hijacked the Wave browser and is using it to gain persistence in the system while also remaining hidden. For this reason, using a specialized removal tool, such as the ones we mentioned, is the safest option that will allow you to secure and clean your computer.


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.


    • Hi, Samuel Criswell,did you go through the whole removal guide? You have to go to the removal guide carefully.

  • Hello,

    I am the system administrator for wavebrowser, a website owned by iSign International Llc. We are building a legitimate Internet browser, unfortunately another company has launched an homologous product (the one you refer to in this article) that is making things difficult.

    I’d like your help in changing the first screenshot in this guide, as it is of our website, and not the infringing piece of software found here: wavebrowser.co

    We’d appreciate it if you could update the screenshot with the correct image.

    I tried emailing your “info” email, but it bounced back.

    Thanks in advance.

    • Hi Oriol Remolina,
      thank you for the information that you have provided, we appreciate the help. We changed the picture.

Leave a Comment