How to remove DataWait virus and restore encrypted files

If you've encountered an encrypting virus and you know that it is the DataWait ransomware – here you'll find help. We offer plain and tested tips on DataWait uninstalling and possible methods to get back the wasted files.

What is DataWait

Ransomware can be considered a roadkill of mankind, and every PC operator knows that if you cannot access your files and you see a ransom note – the things are going ugly. It is a valid reaction, by the way. Ransomware threat is the most dangerous threat that you may meet in the Web because a regular customer literally can't eliminate it. The exclusive situation when you can beat ransomware is if you aren't facing a true one, but an imitation, that covers your screen and tries to trick you into paying a ransom. In all other events, if a virus was developed and secured in a right way – you should just trust that malware researchers will beat it. If scammers committed an error, and a ransomware has some flaws, which allow you to recover information – you'll find an answer on this page.



So, what we'd see if we look inside a ransomware? It is driven by an absolutely legal encryption algorithm which ciphers the files on operator’s PC, so customer is unable to use them in any manner. The key is also encoded with a different algorithm. In most cases, these manners are AES and RSA, which have asserted themselves the most complex and reliable. The mentioned algorithms and the programs based on them are freely available on the Internet, so web-criminals only need to develop protective techniques, to block an inlet to a virus, and create the reliable update and control pattern. Some pieces of ransomware just act independently, and scammers know of another "client" not before he approaches them and transmits his money. Other encrypting viruses are very active, and deliver data to hundreds addresses, to confuse the security specialists and maximize the work required to defeat a virus.

Bypassing the ransomware’s sort, the AES and RSA methods are very tricky difficult to hack them directly. It it requires thousands of years to make all needed operations on a regular home PC and, possibly, 3-4 decades if you have an access to a mega-efficient computer. There are two basic manners to beat an encrypting malware: to find vulnerabilities in its code, or break into the Command & Control website, to receive encryption keys. Some ransomware examples also have a switch, allowing to cease ransomware's activity totally or to drive it off the infected computer. If any parson finds that breaker for DataWait, or make a decryption program, we'll update this guide.


Here we've gathered some possibilities to check, prior to giving up and looking for a decryption tool. As it is stated in previous paragraphs, Internet-criminals also fail, and some characteristics of your system can help you to get back your files.


  • A protected copy is the single completely productive manner to get your files back, but you have to uninstall a virus first. Make sure that DataWait is eliminated totally, because if it isn't – all info will be spoiled instantly, with the files that are on a flash disc.
  • If your Windows account doesn't have administrator authorization – you're very lucky. The matter is that the OS duplicates all data before they’re eliminated or encrypted. Those files are called Shadow Volume Copies, and DataWait has the methods to remove them. If you are employing the regular profile – the OS asks for a permission at the very second DataWait starts to delete SVC. If you've seen such window and reversed it – then the SVC are alright, and you can find a specific software to recover the files.


In case you checked both these opportunities and there is no way to recover encrypted files – you better eliminate DataWait from your PC and wait until a decryption program will be created.

How to remove DataWait

As for the uninstalling – you can't entirely avoid an installation of software. The ransomware is incredibly stealthy and you could miss some elements and then suffer from it (for instance, when you attach an external data storage with your backups to a not-totally-purged machine). It also conceals very good, so you just won’t be able to delete it fully by hand. According to this, we’ve developed a good elimination specification that will suit all your needs. It has several by-hand phases and one extra AV software step.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AV tool that is not only efficient, but also fast and constantly progressing software that can clean the system of all undesired programs. Click the link below to test Spyhunter and eliminate the ransomware.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

Since you cleared your PC of DataWait, it's time for the info recovery. As you know now, if you logged in from an admin entry and you granted DataWait a pass into the computer – you have no manner to recover the information aside from the backups. If you don't remember this – you have faint chances for file recovery, but it will require topical recovery program. The best ones of them are Recuva or ShadowExplorer tools. You can find these tools simply on the registered sites of their developers, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

You have no rights to post comments



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience