Uninstall WaveBrowser

Wavesor Software

Wavesor Software is the tech company behind the Wavebrowser – an app that, while not malicious, is considered by many to be potentially unwanted. Wavesor Software is a legitimate company, but it’s usually better to remove its browser from your PC if it’s in it.

If you’ve recently noticed that a new browsing program named Wave Browser has been installed on your computer, but you have no memory of personally downloading and installing it, that’s okay – this potentially unwanted program is known for getting added to computers without the informed permission of their users. The most common method to achieve this is through the use of file-bundling. You may recall installing some new free program recently – if that’s the case, and you didn’t check the Advanced/Custom setup settings to see if there isn’t anything else in the installer, this is very likely the cause for the presence of the Wave browser on your computer. This, and other similar sneaky methods, is how this app tends to get distributed, and it’s also the reason why most users have no idea how it got installed on their computers.

Wavebrowser

Wavebrowser is a browsing program developed by Wavesor Software that most cyber-security researchers regard as potentially unwanted. Wavebrowser is known for using underhanded tactics to get installed on the computer and enforce itself as the main browser, and also for being quite difficult to remove.

Wavebrowser isn’t a virus program – it’s not as dangerous or as problematic as a Trojan Horse, a Spyware, Ransomware, or a Rootkit. In fact, this app even has its own official site (from where it can’t be downloaded) and it’s also available in the Microsoft App Store. According to the information posted on the Wavebrowser site and on its Microsoft App Store page, this is a browser that focuses on security and privacy and that allows you to “post your comments on any internet page you visit”. That’s about as detailed a description of the Wavebrowser as you could get – the information about it is very scarce, and not even its developers seem to want to give their potential customers more insight into what this browser is all about. This fact, alone, makes us suspicious of the qualities and nature of the browser. However, it should still be said that most security programs don’t detect it as a threat, so while it may be potentially unwanted, it’s still not something that will cause direct damage to your computer.

The main apparent problem with the Wavebrowser is that it is designed to sneakily install itself on the user’s computer and that removing it can be quite a tedious and time-consuming task, as it seems that its developers have intentionally made it difficult to uninstall this program.

There, however, are other less apparent, but more serious potential issues with the Wavebrowser. One of them is the lack of clarity regarding what user data it collects and what third parties it distributes it to. While the brief description of the Wavebrowser provided on its official site seems to suggest that no user data is being gathered by the browser, the vague wording of this description makes us doubt the actual data-collection policy of the Wavebrowser.

Another problem is the array of system changes this software enforces. It seems that once installed, Wavebrowser gains Admin privileges on the computer which allows it to make all kinds of unwanted and unauthorized changes in the system without the user’s knowledge. Those changes are the main reason it’s difficult to remove this program, but, furthermore, they could compromise the security of your system and make it vulnerable. This is definitely a trait of potentially unwanted programs and even malware, and although Wavebrowser doesn’t appear to be an actual virus, its questionable behavior and its ability to gain Admin privileges are definitely two good reasons to remove it ASAP.

What is Wavesor Software?

Wavesor Software is the company that has created the potentially unwanted program known as Wavebrowser. If Wavebrowser by Wavesor Software is presently on your PC, it’s recommended that you remove this app and revoke any changes that it may have made to the system’s settings.

There’s not much information about Wavesor Software on the Internet. From what we’ve been able to find out about it, Wavesor Software is apparently the trade name of a company known as Polarity Technologies Ltd which, in turn, seems to be a shell company owned by the Chinese Genimous Technology Co Ltd. Some researchers go as far as to speculate that Genimous Technology Co Ltd uses the browser developed by Wavesor to secretly gather user data without the informed permission of the users and then use said data when developing browser-hijacking tools. We have been able to find no proof for such claims, yet the fact that there’s so much ambiguity surrounding the Wave browser leads us to think that it may be best if you don’t allow it to reside on your computer for any longer.

SUMMARY:

Full Wavebrowser removal guide

Step 1: Uninstall it from the Control Panel

Go to the Start Menu, find and open the Control Panel, and then go to Uninstall a Program/Programs and Features. Look for Wavebrowser in the list of programs, and when you find it, right-click it and select Uninstall. Then complete whatever steps are shown in the uninstallation manager, making sure that no data or settings related to Wavebrowser are allowed to stay on your computer.

Also, it may be a good idea to check the list of programs for other questionable/unfamiliar/unwanted entries and uninstall those too.

Step 2: Kill remaining rogue processes

Start the Task Manager app by pressing together the Ctrl, Shift, and Esc keys. Then go to Processes and look for entries with the Wavebrowser or Wavesor name or anything similar to this. If you notice such processes, right-click them, click the Open file location option, then right-click the process again, select the End Process button, and confirm the action. After this, go to the file location folder you just opened and delete everything that’s in it.

Next, check the list of processes for other suspicious entries – ones with unusually high use of RAM memory or CPU power that don’t seem to be coming from any program that you are familiar with. If you notice any such processes, Google them to see if there’s any information from reputable cyber-security sites that states they could be rogue and/or related to Wavebrowser. 

Also, another thing we recommend you try is to go to the File Location of the suspected process and scan the files there with the following free malware scanner. If the tool detects any malicious files, you will know that the process is also rogue and must be ended and its files – deleted (which is what you should do next).

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy

This scanner is free and will always remain free for our website's users.

This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.

Full ScanUpload New File

Drag and Drop File Here To Scan

Upload File

Analyzing 0 s

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy

This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

Step 3: Boot into Safe Mode

Enter Safe Mode on your computer – this will keep Wavebrowser from automatically restarting any of its processes in attempts to stay in the computer and evade getting removed.

Step 4: Clean system settings

Use the Start Menu search bar to find the items listed below, and then click on the first search result to open them. After that, complete the instructions we’ve given for each item.

• Msconfig.exe – When you click on the msconfig.exe icon and the System Configuration window shows up, select its Startup tab (if you are on Windows 10, you must click the Open Task Manager option to see the Startup items). Look at the listed entries – if you see Wavebrowser, Wavesor, or anything similar there. Uncheck it, and click Apply. Also, see if there are any other questionable items or items you don’t recognize in that list, uncheck them too, and then click OK.

• Notepad %windir%/system32/Drivers/etc/hosts – In the Notepad file that shows up on your screen, scroll down to the bottom of the text and if there are any strange-looking IP addresses there (below “Localhost”), copy them and paste them in the comments section below. After we examine them, we will inform you what you must do next.

• Task Scheduler – Click the Task Scheduler Library folder in the top-left, then look for Wavesor or Wavebrowser tasks in the central panel, and if you see any, right-click them, and select Delete.

• Ncpa.cpl – Right-click the icon of your preferred network, open its Properties window, double click on Internet Protocol Version 4 in the list of items, and then make sure that the Obtain an IP address automatically and the Obtain DNS server address automatically options are enabled. After that, click Advanced > DNS, delete anything that may be listed in the DNS server addresses list, and click OK.

• Regedit.exe – When you click the regedit.exe app, you will first be asked for Admin approval to open it, so click on Yes to proceed. In the Registry Editor window, open the Edit menu, then click Find, and type Wavebrowser in the search field that appears. Press Enter to perform the search and delete what item gets found. Then search again for Wavebrowser items, delete the next one that gets found, and continue in this way until you’ve removed everything related to the unwanted program.
  
  Regardless of whether any Wavebrowser items were found to begin with, repeat the same process with “Wave browser”, “Wavesor”, and “Wavesor browser” as search words.
  Once you’ve deleted everything that got found for these searches, proceed to navigate to the next three directories in the left panel of the Registry Editor and in each of them, look for sub-folders that have unusual names that seem to consist of long and randomized sequences of letters and numbers similar to this: “39eu039jd093ur3e90uj30e90r9390ue02e”. If you find anything that looks like this in the Registry, first tell us about it in the comments, and we will soon tell you if you should delete it.
  
  • HKEY_CURRENT_USER/Software/Random Directory. 
  • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
  • HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main

Step 5

Although the files of Wavesor should be gone from your PC by now, if you want to be really thorough with the removal, it may be a good idea to check for anything that’s been left behind and delete it. First, however, type Folder Options in the Start Menu, press Enter, go to the View tab in the Folder Options window, check the Show hidden files, folders, and drives option, and select OK.

Now, check your PC for the presence of the following files and delete any of them that you may find:

• C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\T8DRMTJ1\download.wavebrowser[1].xml
• C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B7A10AB-9685-11EB-90E6-ECF4BB82F7E0}.dat
• C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B7A10AD-9685-11EB-90E6-ECF4BB82F7E0}.dat
• C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21A27BA3-9685-11EB-90E6-ECF4BB82F7E0}.dat
• C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat
• C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\XHL20WJ3\audiohh1[1].dat
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o18I[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AppEsteem_Seal_Logo[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Privacy[1].htm
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\View[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Wave[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\analytics[1].js
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\modernizr[1].js
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\proper[1].js
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\uninstall-1[1].jpg
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\uninstall-wav2[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\verticalized[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\wave-logo[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkBgv18I[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkM0o18I[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Dark[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\KFOlCnqEu92Fr1MmWUlvAA[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Support[1].htm
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Terms[1].htm
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css2[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css2[2].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\fontawesome-webfont[1].eot
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\uninstall-2[1].jpg
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Blue[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\DOPEBDP8.htm
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Light[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\Uninstall[1].htm
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\bootstrap[1].js
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\css[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\fontawesome-webfont[1].eot
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\jquery[1].js
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\message-in-a-bottle3[1].svg
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\proper[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\uninstall-wav1[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\uninstall-wav3[1].png
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\v8[1].css
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOiCnqEu92Fr1Mu51QrIzQ[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51S7ABc-[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TLBBc-[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TjARc-[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOjCnqEu92Fr1Mu51TzBhc-[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOkCnqEu92Fr1MmgWxM[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOkCnqEu92Fr1Mu52xM[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmEU9vAA[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmSU5vAA[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmYUtvAA[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOmCnqEu92Fr1Me5g[1].woff
• C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\js[1].js
• C:\Users\user\AppData\Local\Temp\~DF7FD3D292BEBED920.TMP
• C:\Users\user\AppData\Local\Temp\~DF9CB449726F940C42.TMP
• C:\Users\user\AppData\Local\Temp\~DFF20708508467AF7C.TMP

Step 6: Clean the browsers

Each browser on your computer (and not only the main one) must be checked for changes made to it by Wavebrowser and must be brought back to its regular state. Here is how to do this for Chromium-based browsers and Mozilla Firefox:

Start by right-clicking the icon of your browser, going to Properties > Shortcut, deleting any characters (letters, numbers) written past “.exe” in the Target box, and clicking OK.

Next, launch that browser, open its menu (the menu icon of nearly all popular Windows browsers is in the top-right, in the Opera browser, it’s in the top-left), and click Extensions/Add-ons, or, if you are currently using Google Chrome, first click More Tools and then click Extensions from the side menu.

On the page with the browser’s extension, look for anything that could be related to Wavebrowser/Wavesor, disable it, and then delete it.

Click the browser menu again and access the Settings/Options page. There, click on Privacy & Security – if you don’t see this option, click the Advanced/Advanced settings button, and it should show up. Next, find and select the Choose what to clear/Clear browsing data/Clear data option, then open the Advanced tab (if available), put ticks in all boxes except the one in front of Passwords, and select Clear/Clear Now/Clear Data to perform the action and delete the selected types of browsing data.

Next, if you are using a Chromium-based browser (Google Chrome, Opera, Microsoft Edge), go back to Settings, and type Reset (for Opera), Restore (for Chrome), or Reset Settings (for Edge). Now, click the Reset/Restore settings to their original defaults option and confirm that you want to perform this action.

If you are using Firefox, click its menu, go to Help > More troubleshooting information, click Refresh Firefox, and confirm the action.

Once you are done with this, your browser should be clean and nothing from Wavebrowser/Wavesor should be left in it.

If you were unable to manually delete Wavebrowser

If this PUP still seems to be present on your computer, then we recommend deleting it with the help of the specialized removal tool that we have linked in the guide. It’s a good option for dealing with potentially unwanted programs such as this one because, unlike conventional antivirus programs, it can detect and eliminate even software that doesn’t technically belong to any virus category but is still unwanted. In addition to that, this removal tool is still great at taking care of more dangerous forms of malware, including Trojans, Spyware, Rootkits, and more.