How to remove DataWait virus and restore encrypted files

DataWait ransomware virus

DataWait ransomware had penetrated thousands of machines in different parts of the world through basic method: fraud e-mails with viral attachments. It asks user to write the message to This email address is being protected from spambots. You need JavaScript enabled to view it. e-mail. Occasionally web-criminals use exploits to take control over the PC, but well-known software companies promptly fix them. When infection takes place, the virus reviews the PC memory to find the folders to be cyphered and their approximate cost. Currently, each new ransomware can cypher text, video, audio and image info in all popular formats. DataWait cyphers all folders, but those that look like business documents go first. All software on hard drive will be unaffected because fraudsters want only information. The operation is performed through famous AES and RSA algorithms, and it is so complicated that that decryption of information with no key is impossible. Such complexity gives foundation for unbelievable efficiency of this type of viruses in last years: common user, even if he has a fairly high knowledge of the computer, won't ever decrypt the files, and will have no choice except paying to criminals. The only method to recover the information is to crack the scam website and retrieve the encryption keys. Sometimes it is possible to obtain these keys through defects in the code of the virus itself.

This item is about virus called DataWait that gets onto users' systems in diverse countries of the world, and encrypts their data. In this article you can see full information on what is DataWait, and how to delete DataWait from the machine. Furthermore, we'll explain how to recover the cyphered files, if possible.

The knowledge of computers is extremely substantial in progressive world, because it assists you to defend the machine from undesired programs. For ransomware this is most important, as, in contradistinction to regular hazardous software, when you remove ransomware from the system, the consequences of its doings do not vanish anywhere. It's very easy to decrease the chances to get ransomware if you'll follow these rules:

    • Be cautious with the messages which contain files. If you don't know who send the letter and it tells about receiving any prize, a lost parcel or something similar, this might be ransomware. The #2 efficient kind of scam letters is a forgery for business correspondence. lawsuits, appeals, Invoices for services and goods, summaries and similar sensitive information cannot come accidentally, and the addressee should know the sender. Otherwise, it is a fraud.
    • Keep an eye on the state of your PC. It consumes much of hardware resources to encrypt the data. If you mention a noticeable reduction in laptop performance or see a suspicious string in the Process Manager, you can switch off the machine, launch it in safe mode, and search for ransomware. Of course, the certain amount of files will be corrupted, but you will have the other part.
    • Take notice to the pop-ups. The most efficient manner of data restoration is the recovery via Shadow Copies, so fraudsters have included the deletion of shadow copies in the primary features of viruses. The deletion of shadow copies requires admin rights and acceptance from the user. The moment of thinking before verifying the pop-up might save your data and your time.

Virus deletion isn't the happy end - it's only a one turn on the long road before the complete data restoration. To get back the information you should familiarize with the advices in the following part of our article. In case of encrypting virus we do not publish the manual removal instruction, because its complexity and the likeliness of errors will be too high for average user. We don't recommend you to delete DataWait in manual mode, since it has different protection mechanisms that will counteract you. Qualitative viruses can easily delete cyphered data, or some of it, if user tries to eliminate the virus. To neutralize this, abide to the tips below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Antivirus scanner

Why we recommend Reimage Repair

Detects viruses fully: all files and even registry keys of malware will be found

Can fix system errors

Protects your computer in the future

24/7 free support team

Reimage's scanner is only for malware detection. If the program detects a virus on the computer, you will need to purchase Reimage Repair's full version to delete viruses. Uninstall steps and Refund policy, EULA, Privacy Policy.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you made all actions, mentioned in above part of an entry - it's time to restore the data. In fact, this is not about decryption, since the encryption algorithms used by scammers are extremely complex. There are the lucky exceptions, but generally file restoration needs a lot of time and money. If you choose the by-hand file recovery - take a look at our article, which shows all the most effective ways.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.