What Is the Wacatac.B!ml Trojan? How to Remove It From Windows

Abraham Smith

During a routine security scan, did Windows Defender warn you that there was a threat called Trojan:Script/Wacatac.B!ml? Does it mean that Windows Defender tried to fix the threat but was unsuccessful and further action is required?


If this is the case, your computer has been infected with the Wacatac Trojan, which Windows Defender was unable to remove automatically. In this article, we will discuss the Trojan in more detail, how it infects your computer, and what you should do when it appears.


What is Wacatac.B!ml Trojan?

The Wacatac.B!ml is classified as a Trojan by Windows Defender because it enters Windows operating systems by tricking users into executing a legitimate-looking file.

The moment it infects your system, it exposes you to risk of identity theft, data infection and financial loss. In addition, many resources are consumed in the background without your knowledge, resulting in slow system performance.

In view of this, you should remove it immediately. Microsoft Defender also warns you of its dangers in its warning message and urges you to act immediately. It begs the question; How did it get on your computer?

How did Wacatac.B!ml Trojan get into your PC?

To understand how Wacatac Trojan infiltrated your PC, ask yourself the following questions:

  1. Have you downloaded a cracked version of a program or used a crack to activate premium software for free?
  2. Did you download an old version of a software or program from a suspicious-looking website?
  3. Have you received an email in the past few days that looked authentic (maybe from a shipping bill you don’t remember receiving) but when you clicked on the attachment in the email it ran a script and suddenly disappeared?
  4. Have you downloaded a movie or song using a torrent file just so you don’t have to pay for it?
  5. Did you turn off your Windows Defender or Antivirus for a few days, then rescanned your computer and found this threat?

If you answered yes to any of the above questions, then you have found out how the Wacatac Trojan entered your computer. But can it be a false positive? It’s possible, so you should rule that possibility out first.

Make sure that the Wacatac.B!ml Trojan warning is not a false positive

Found a Trojan horse infection after a random security scan? Then you should make sure that the Wacatac Trojan warning is not a false alarm. To do this, follow the steps below:

  1. Visit the VirusTotal website.
  2. Navigate to the path of the affected item where Windows Defender detected a Trojan. Most of the time it will be like this: 
    C:\WINDOWS\System32\config
    ystemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\QINNLJOV.htm
  3. Select the infected file and upload it.

If the scan is clean, it’s probably a false alarm. Regardless of whether the file is clean or the scan detects trojans or malware, the best thing to do is to scan and remove it.

How to remove Wacatac.B!ml Trojan from your device

If you are sure that the Wacatac threat is not a false positive and just want to be sure that your device is not infected or the scan shows that the file you scanned is infected, you should follow the steps below:

1. Delete the infected file

The first step is to delete the infected file that Windows Defender claims is infected. Hence, navigate to the same path mentioned above, right click on the file and select it Extinguish.

After deleting the file, run a security scan on your computer again. If the Trojan keeps appearing on your system, move on to the next fix.

If the file in which Windows Defender finds a threat is a Windows operating system file, you should be careful before deleting it. Otherwise, your computer might become unbootable.

2. Manually remove the threat

Windows Security makes it easy to remove the threat manually. Here are the following steps:

  1. Press victory + me to open the settings apartment
  2. Click in the left sidebar Privacy & Security.
  3. In the right pane, click Windows security.
  4. click Virus and threat protection.
  5. Then click protection history.
  6. Click on the Wacatac’s threat.
  7. open that Actions Drop down and select Remove.

Run the scan again. If the threat is not removed, follow the same steps and select quarantine of the Actions drop-down list. This will prevent further spread of the virus. Next, proceed to the next step.

3. Run a malware scan in safe mode

Often the presence of malware prevents Windows Defender from removing infected files. To prevent this from happening, you should start your Windows 10 device in Safe Mode (or Windows 11) first. That way, the malware doesn’t interfere with the removal of infected files.

You should then run a full scan with Windows Defender. Keep in mind that a full virus scan can take more than an hour. So be patient and wait for it to complete. After the scan is complete, check if Windows Security is still reporting a threat. In this case, run a malware scan with a third-party antivirus program.

There are times when Windows Defender does not completely remove malware or continues to throw false flags despite removing the virus. Third-party software can help you determine if the threat is there and eliminate it if it is. If that also fails, reset your computer.

4. Reset your operating system

If none of the fixes work, you can reset Windows as a last resort. During the reset, Windows will remove all installed apps and restore all customizations to default settings, but your files will remain intact (if that’s what you want). We have a guide on how to factory reset your Windows device if you are unfamiliar with it.

Does the Wacatac Trojan warning appear when you download a file?

Have you encountered the Wacatac Trojan warning message while downloading a specific file from the Internet? In this case, temporarily disconnect your device from the Internet. Disconnecting your PC from the Internet prevents a Trojan from infecting your system when it tries to invade.

After that, run a malware scan on your computer using Windows Defender to see if the Trojan is detected. If you don’t see a trojan, but you get the trojan warning again when you try to download this file, make sure it’s not a false positive.

It has been reported that Wacatac Trojan warnings sometimes appear when downloading a compressed file, especially with the .RAR extension, even from legitimate sources. If this is the case for you too, follow these steps:

  1. Copy the download link of the file you want to download.
  2. Visit the VirusTotal website.
  3. Enter the URL in the URL scanner.
  4. blow Enter.

If the VirusTotal scanner returns a clean result, you can download the file with confidence. Just add a whitelist exclusion to Windows Defender to exclude that file and you’re done. If the scanner detects malware, it’s best not to download it.

Protect your privacy from Wacatac Trojan

You should now have a better understanding of the Wacatac Trojan. If your device has been infected, getting rid of it should now be easier. Ignore it if it turns out to be a false flag. Also, use a third-party antivirus with Windows Defender to ensure your security is foolproof.

Leave a Reply

Your email address will not be published. Required fields are marked *