TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files.

What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see

Threat behavior

TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files.
Downloads and executes arbitrary files
When executed the trojan  connects to a specified remote IP address in order to download files.
The downloaded files are written to %windir%\temp and executed
The trojan has been seen to download variants of the following families of malware:
  • Win32/Waledac - a family of trojans that is generally used to send spam. They also has the ability to download and execute arbitrary files, harvest email addresses from the local machine, perform denial of service attacks, proxy network traffic and sniff passwords.
  • Win32/Winwebsec - a family of programs that claim to scan for malware and display fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/Winwebsec has been distributed with several different names. The user interface varies to reflect each variant’s individual branding.
Analysis by Ray Roberts


There are no obvious symptoms that indicate the presence of this malware on an affected computer.


Alert level: Severe
First detected by definition: 1.63.2017.0
Latest detected by definition: 1.203.2123.0 and higher
First detected on: Aug 27, 2009
This entry was first published on: Feb 23, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Generic (McAfee)
  • Trojan.Downloader.Bredolab.CZ (BitDefender)