Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove WeWatcherProxy PUP and Uninstall wewatcherproxy.exe

Security researchers have received multiple complaints regarding a program that has been detected as PUP.Optional.WeWatcherProxy.A. WeWatcher is adware but it may be more dangerous than the average ad-supported program.

Name WeWatcherProxy
Type LSP Browser Hijacker, Adware, PUP
Short Description The program may have entered the system in a silent manner.
Symptoms The user may see intrusive advertisements. He may also experience Internet connectivity issues.
Distribution Method Bundling, freeware installers.
Detection tool Download Malware Removal Tool, to See If Your System Has Been Affected By WeWatcherProxy

According to researchers at MalwareBytes, WeWatcher has rookit capabilities and is classified as a LSP (Layered Service Provider) hijacker. LSP hijacking may intercept the connection between an important application and the Internet. In general, the user’s PC may be ‘suffering’ from Internet connectivity problems. Using powerful AV software that detects and removes rootkits is considered the quickest and safest way to remove WeWatcher and LSP hijackers.trojan

PUP.Optional.WeWatcherProxy.A Technical Review & Distribution

The WeWatcherProxy program may have been included in numerous freeware installers. This method is known as bundling and is considered a primary culprit of adware distribution. To paraphrase, WeWatcherProxy was downloaded alongside another program available on freeware and shareware pages. WeWatcherProxy may have been mentioned in the Download Agreement. However, WeWatcherProxy has rootkit capabilities and can be quite troublesome, and it may have sneaked into the system via a silent or unattended installation. Those kinds of installation require little or no user interaction. Such installers can easily be deployed to spread malicious code.

According to researchers at HerdProtect, WeWatcherProxy has been created by P4hostcom – a company that developes and distributes adware. WeWatcherProxy is often distributed with other ad-supported and potentially unwanted programs. The program may drop its own files onto the system, or may take over other processes.

Here is a list of files and processes that originate from WeWatcherProxy:

  • WeWatcherLSP.dll, located in C:\windows\syswow64\wewatcherlsp.dll
  • wewatcherproxy.exe, located in C:\Program Files\sysfiles\wewatcherproxy.exe
  • wewatcherlsp64.exe (WeWatcherLSP64.exe by WeWatcher)
  • wewatcherlsp.exe (WeWatcherLSP.exe by WeWatcher)
  • wewatcherproxy.exe (WeWatcherProxy.exe by WeWatcher)
  • wewatchercert.dll (WeWatcherCert.dll by WeWatcher)

Here is a list of probable detections by AV software providers:

  • Reason Heuristics detects it as PUP.P4hostcom (M)
  • Dr. Web detects it as Adware.Superfish.217
  • PUP.Optional.Winsock.HijackBoot, Rootkit.WeWatcher.PUP
  • McAfee detects it as BehavesLike.Win32.Suspicious.rc

PUP.Optional.WeWatcherProxy.A Removal Steps

LSP hijackers may be quite tricky to remove. Since they may intercept the Internet connection, downloading and running an AV scanner to detect and remove them may be impossible. If this is your case, you can try the following steps, provided by researchers at EnigmaSoftware:

  • Use an alternative browser. If you’re using Mozilla Firefox, and having problems downloading an anti-malware program, you may try and open Chrome or Safari instead.
  • Use removable media. Then, download the AV program of your choice on a clean computer, and burn it to a USB flash drive, DVD/CD, orother removable media. Install it on the infected machine and scan it.
  • Start Windows in Safe Mode. If for any reason you can’t access your desktop, try rebooting your computer in ‘Safe Mode with Networking’ and install the AV solution in Safe Mode.

Attention! Internet Explorer Users!

Please, make sure to disable proxy server for IE. Malware can modify your Windows settings and employ a proxy server to prevent you from browsing with Internet Exlporer.

You can also check our removal tutorial created especially for browser hijackers. After you have completed it, you should consider running an AV scanner.

Step 1: Remove/Uninstall WeWatcherProxy in Windows

Here is a method in few easy steps to remove that program. No matter if you are using Windows 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program get left behind, and that can lead to unstable work of your PC, mistakes with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:

  • Hold the Windows Logo Button and “R” on your keyboard. A Pop-up window will appear (fig.1).
  • uninstall-virus-fig1

  • In the field type in “appwiz.cpl” and press ENTER (fig.2).
  • uninstall-virus-fig2

  • This will open a window with all the programs installed on the PC.
    Select the program that you want to remove, and press “Uninstall” (fig.3).
  • uninstall-virus-fig3

    Follow the instructions above and you will successfully uninstall WeWatcherProxy.

    Step 2: Remove WeWatcherProxy from your browser

    Remove a toolbar from Mozilla FirefoxRemove a toolbar from Google Chrome Remove a toolbar from Internet Explorer Remove a toolbar from Safari
    Start Mozilla Firefox Open the menu window

    uninstall-fig4

    Select the “Add-ons” icon from the menu

    uninstall-fig5

    Select WeWatcherProxy and click “Remove

    uninstall-fig6

    After WeWatcherProxy is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.

    Start Google Chrome and Open the drop menu

    uninstall-fig7

  • Move the cursor over “Tools” and then from the extended menu choose “Extensions
  • uninstall-fig8

  • From the opened “Extensions” menu locate WeWatcherProxy and click on the garbage bin icon on the right of it.
  • uninstall-fig9

  • After WeWatcherProxy is removed, restart Google Chrome by closing it from the red “X” in the top right corner and start it again.
  • Start Internet Explorer:

  • Click “‘Tools’ to open the drop menu and select ‘Manage Add-ons’
  • uninstall-fig10

  • In the ‘Manage Add-ons’ window, make sure that in the first window ‘Add-on Types’, the drop menu ‘Show’ is on ‘All add-ons’
  • uninstall-fig11

    Select WeWatcherProxy to remove, and then click ‘Disable’. A pop-up window will appear to inform you that you are about to disable the selected toolbar, and some additional toolbars might be disabled as well. Leave all the boxes checked, and click ‘Disable’.

    uninstall-fig12

    After WeWatcherProxy has been removed, restart Internet Explorer by closing it from the red ‘X’ in the top right corner and start it again.

    Start Safari

    Open the drop menu by clicking on the sprocket icon in the top right corner.
    uninstall-fig13

    From the drop menu select ‘Preferences’
    In the new window select ‘Extensions’
    Click once on WeWatcherProxy
    Click ‘Uninstall’

    uninstall-fig14

    A pop-up window will appear asking for confirmation to uninstall WeWatcherProxy. Select ‘Uninstall’ again, and the WeWatcherProxy will be removed.

    In order to remove any associated objects that are left after uninstall and detect any other threats, you should:

    Step 3: Start Your PC in Safe Mode to Remove WeWatcherProxy.

    Removing WeWatcherProxy from Windows XP, Vista, 7 systems:

    1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
    2. Select one of the two options provided below:

    For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

    For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

    3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
    4. Log on to your computer using your administrator account

    While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

    Removing WeWatcherProxy from Windows 8, 8.1 and 10 systems:

    Substep 1:

    Open the Start Menu
    Windows-10-0 (1)

    Substep 2:

    Whilst holding down Shift button, click on Power and then click on Restart.

    Substep 3:

    After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
    Windows-10-1-257x300

    Substep 4:

    You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
    Windows-10-2 (1)

    Substep 5:

    After the Advanced Options menu appears, click on Startup Settings.
    Windows-10-3 (1)

    Substep 6:

    Click on Restart.
    Windows-10-5 (1)

    Substep 7:

    A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove WeWatcherProxy.

    Step 4: Remove WeWatcherProxy automatically by downloading an advanced anti-malware program.

    To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all WeWatcherProxy associated objects.

    NOTE! Substantial notification about the WeWatcherProxy threat: Manual removal of WeWatcherProxy requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

    Milena Dimitrova

    An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

    More Posts - Website

    Share on Facebook Share
    Loading...
    Share on Twitter Tweet
    Loading...
    Share on Google Plus Share
    Loading...
    Share on Linkedin Share
    Loading...
    Share on Digg Share
    Share on Reddit Share
    Loading...
    Share on Stumbleupon Share
    Loading...
    Please wait...

    Subscribe to our newsletter

    Want to be notified when our article is published? Enter your email address and name below to be the first to know.