Wajam, also known as WNetEnhance, WajaNetEn, WajaIEnhancer, and WajWebEnhance, is an adware program that displays advertisements on social and shopping sites that you visit. When installed, Wajam will configure your browser to use a Proxy server that allows it to inject ads into various sites that you visit. These ads are inserted into the header of a site and are labeled Wajam Ads. The ads will be for products that are in the same category as to what you are viewing or searching for on the site.
Wajam may also installs a root certificate into the Windows Trusted Root Certification Authority called WNetEnhance_root_cer. This root certificate allows it to see traffic passing through SSL connections so that it is able to inject ads even into encrypted connections. Unfortunately, this also gives it the ability to see all data you transmit over an encrypted SSL connection including login information. For example, in the picture below you see that the appimaker certificate is being used to encrypt the connection between a computer and Google.
It is important to note that Wajam is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, in the future it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, you should select these options as they will typically disclose what other 3rd party software will also be installed. Furthermore, if the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.
Last, but not least, Wajam constantly changes the filenames, folder names, and registry entries associated with the adware. My guess is it does this to avoid detection by security scanners. does this to avoid detection by security programs. Some of the different folder names that it has used are Wajam, WajaNetEn, WNetEnhance, WajaIEnhancer, and WajWebEnhance.
As you can see, Wajam was created to inject ads into web sites you visit in order to generate revenue for the developer. Furthermore, the use of its own SSL certificate to encrypt your secure web connections is a security risk to your personal data and confidential information. For these reasons it is strongly suggested that you use the guide below to remove Wajam and any related adware.
Self Help Guide
If you are uncomfortable making changes to your computer or following these steps, do not worry! Instead you can get free one-on-one help by asking in the forums.
How to remove WNetEnhance:
- STEP 1: Print out instructions before we begin.
- STEP 2: Uninstall programs via Windows control panel.
- STEP 3: Use Rkill to terminate suspicious programs.
- STEP 4: Scan and clean your computer with Emsisoft Anti-Malware
- STEP 5: Use AdwCleaner to remove adware from the computer.
- STEP 6: Use HitmanPro to scan your computer for badware
- STEP 7: Run Secunia PSI to find outdated and vulnerable programs.
This removal guide may appear overwhelming due to the amount of the steps and numerous programs that will be used. It was only written this way to provide clear, detailed, and easy to understand instructions that anyone can use to remove this infection for free. Before using this guide, we suggest that you read it once and download all necessary tools to your desktop. After doing so, please print this page as you may need to close your browser window or reboot your computer.
As Wajam Ads sometimes has a usable Uninstall entry that can be used to remove the program, we want to try that first. To do this, click on the Start button and then select Control Panel.
When in the Control Panel, double-click on one of the options below depending on your version of Windows
- For Windows XP double-click on the Add or Remove Programs icon.
- For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option.
When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them.
When you double-click on each of the above entries to uninstall them, please follow the default prompts and allow it to remove all files and all configuration information related to this program. If any of the programs ask you to reboot your computer, do not allow it to reboot until you have uninstalled all of the programs listed above.
When you are done, you can close the Control Panel screens.
To terminate any programs that may interfere with the removal process we must first download the Rkill program. Rkill will search your computer for active malware infections and attempt to terminate them so that they wont interfere with the removal process. To do this, please download RKill to your desktop from the following link.
When at the download page, click on the Download Now button labeled iExplore.exe. When you are prompted where to save it, please save it on your desktop.
Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Wajam Ads and other malware. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and a log file will open. Please review the log file and then close so you can continue with the next step. If you have problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.
Do not reboot your computer after running RKill as the malware programs will start again.
Now please download Emsisoft Anti-Malware, which will scan for and remove any other adware that may have been bundled with this adware. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:
The download is fairly large, so please be patient while it downloads.
Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup_bc.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking you to agree to a license agreement. Please access the agreement and click on the Install button to continue with the installation.
You will eventually get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
If you have an existing license key or want to buy a new license key, please select the appropriate option. Otherwise, select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.
You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and select your choice to continue.
Emsisoft Anti-Malware will now begin to update it's virus detections.
Please be patient as it may take a few minutes for the updates to finish downloading.
When the updates are completed, you will be at a screen asking if you wish to enable PUPs detection. We strongly suggest that you select Enable PUPs Detection to protect your computer from nuisance programs such as toolbars and adware.
You will now be at the final installation screen. Please click on the Finish Installation button end the setup and automatically launch Emsisoft Anti-Malware.
Emsisoft Anti-Malware will now start and display the start screen.
At this screen, please left-click on the Scan section.
You will now be at a screen asking what type of scan you would like to perform.
Please select the Malware Scan option to begin scanning your computer for infections. The Malware Scan option will take longer than the Quick Scan, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned.
Emsisoft Anti-Malware will now start to scan your computer for rootkits and malware. Please note that the detected infections in the image below may be different than what this guide is for.
Please be patient while Emsisoft Anti-Malware scans your computer.
When the scan has finished, the program will display the scan results that shows what infections where found. Please note, due to an updated version of Emsisoft Anti-Malware, the screenshot below may look different than the rest of the guide.
Now click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.
Now please download AdwCleaner and save it to your desktop. AdwCleaner will scan your computer for adware programs that may have been installed on your computer without your knowledge. You can download AdwCleaner from the following URL:
When AdwCleaner has finished downloading, please double-click on the AdwCleaner.exe icon that now appears on your desktop. Once you double-click on the icon the AdwCleaner program will open and you will be presented with the program's license agreement. After you read it, click on the I agree button if you wish to continue. Otherwise, click on the I disagree button to close the program. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
If you selected to continue, you will be presented with the start screen as shown below.
Now click on the Scan button in AdwCleaner. The program will now start to search for known adware programs that may be installed on your computer. When it has finished it will display all of the items it has found in Results section of the screen above. Please look through the results and try to determine if the programs that are listed contain ones that you do not want installed. If you find programs that you need to keep, then uncheck the entries associated with them.
For many people, the contents of the Results section may appear confusing. Unless you see a program name that you know should not be removed,please continue with the next step.
To remove the adware programs that were detected in the previous step, please click on the Clean button on the AdwCleaner screen. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Please save your work and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to let AdwCleaner reboot your computer.
When your computer reboots and you are logged in, AdwCleaner will automatically open a log file that contains the files, registry keys, and programs that were removed from your computer.
Please review this log file and then close the Notepad Window.
We now need to delete the certificates installed by Wajam Ads. To do this press the Windows keyboard key () and the R key at the same time to open the Run dialog box. When it opens, type certmgr.msc in the Open: field and press the Enter key. The Windows Certificate Manage will now open. Click on the little arrow next to Trusted Root Certification Authority category to expand it and then click on the Certificates folder. You should now see a list of certificates similar to the image below.
When the list of certificates open, scroll through the list and look for certificates called Wajam_root_cer, WajaNetEn_root_cer, WNetEnhance_root_cer, WajaIEnhancer_root_cer, and WajWebEnhance_root_cer.
Once you have identified these certificates, right-click on each one and select Delete as shown below. If you need help with this process, please feel free to ask in the forums.
Once you have deleted the associated certificates, you can close the Certificate Manager window and proceed with the rest of the steps.
Now you should download HitmanPro from the following location and save it to your desktop:
When you visit the above page, please download the version that corresponds to the bit-type of the Windows version you are using.
Once downloaded, double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
Now click on the Next button to continue with the scan process.
You will now be at the HitmanPro setup screen. If you would like to install the 30 day trial for HitmanPro, select the Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended) option. Otherwise, if you just want to scan the computer this one time, please select the No, I only want to perform a one-time scan to check this computer option.
Once you have selected one of the options, please click on the Next button.
HitmanPro will now begin to scan your computer for infections. When it has finished it will display a list of all the malware that the program found as shown in the image below. Please note that the infections found may be different than what is shown in the image.
You should now click on the Next button to have HitmanPro remove the detected infections. When it is done you will be shown a Removal Results screen that shows the status of the various infections that were removed. At this screen you should click on the Next button and then if prompted you should click on the Reboot button. If HitmanPro does not prompt you to reboot, please just click on the Close button.
Once your computer has has restarted or you pressed the Close button, you should now be at your Windows desktop.
As many malware and unwanted programs are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:
Your computer should now be free of the Wajam Ads program. If your current security solution allowed this program on your computer, you may want to consider purchasing the full-featured version of Emsisoft Anti-Malware to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic link ed below:
Purchase the full-featured version of Emsisoft Anti-Malware, which includes real-time protection and behavior blocker, to protect yourself against these types of threats in the future!