What is Wpad.dat virus and how to remove it

Scope of viruses and adware is expanding rapidly with each passing day, and just as rapidly number of anti-virus programs is growing. The vast majority of users already knows what is anti-virus, and uses at least free anti-viral tool or a trial version of paid one. In fact, anti-virus programs are not an obstacle to fraudsters, because most adware gets on user’s PC with the user's permission. The fact that bothers the scammers lot more is the level of computer literacy of the average user. The smarter and more experienced users are, the harder it is to get a virus on their computers and the less money will "hackers" earn. In this situation, only one way remains to fraudsters: to improve the methods of penetration and methods of impact on the system. It is for this reason that last year was so rich in scandals involving the use of licensed software updates for the distribution of viruses. Also under attack were some of the files and scripts that are used for legitimate purposes, but can be dangerous for the system if used by scammers. Among these files can be called rundll32.exe that is responsible for the launch of files in Dynamic Link Libraries, and an object of our today's article - Wpad.dat.


Here’s a simple definition of Wpad.dat. WPAD (Web Proxy Auto Discovery protocol) is used to find a PAC file (Proxy Auto Config), which is a JavaScript description by which logic the browser will determine how to connect to the desired URL. When making a request FindProxyForURL browser calls the function of the PAC-file transfers to the URL and the host, and as a result expects to know by which proxy to go to this address. In addition to basic FIndProxyForURL function script can do more fine-tuning that allows you to open certain websites through different proxies in a particular order, on time or according to a predetermined schedule. For what use is the file? Most often it is used by medium and large companies, in order to direct traffic of company office through a certain corporate proxy. Running this script on your PC allows it user to load the new configuration of settings from the specified site, and install it. As you can see, the buzz is not about the Wpad.dat script itself, but about where it came from.


What gets the attacker, by sending your traffic to his proxy? He receives all the information that is so valued in the Internet: lists of visited websites, query statistics, and much more. This information is usually obtained by installation of advertising program, but these programs are found and removed quickly and easily with the help of antivirus.

What measures should be taken to protect your PC from these attacks?

Precautions are the same as in conventional protection against viruses and promotional programs as Wpad.dat file cannot penetrate the computer independently. It can be integrated into one of the malicious programs, and if you give it an opportunity to get into your computer – you’ll get Wpad.dat file, altered by fraudsters. Also, if you want to protect your PC from attacks of this kind, you should disable the automatic detection of settings configuration in all installed browsers. We hope that this article has helped you understand what is Wpad.dat, and how to cope with the attacks, based on the use of this script.




Share your feedback to help other people

This website uses cookies to improve your experience