Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions


W97M/Bartallex is an incredibly malicious computer infection that is recognized as a Trojan dropper. This infection uses the vulnerable Visual Basic Script to execute malware, which means that more clandestine and dangerous threats could be dropped onto your operating system. Unfortunately, the infections installed by the dropper could be even more malicious, and their removal might be even more pressing. Of course, you first need to remove W97M/Bartallex, because it is the root of your virtual security issues! Continue reading to find how you can delete this threat.

The malicious Trojan downloader W97M/Bartallex is executed using a malicious macro. Targeted computer users are tricked into opening a corrupted Microsoft Word document that suggests that macro has to be enabled. If a user enables macro, W97M/Bartallex immediately connects to a remote server and downloads malicious programs. For example, the threat could install Win32/Chanitor.A, and you need to delete this is the infection ASAP because it can download other infections, such as Win32/Vawtrak.F. If you do not figure out that you need to delete W97M/Bartallex, this infection could also install TrojanSpy:Win32/Ursnif.gen!R. Threats from this family can steal sensitive information.

According to our researchers, W97M/Bartallex is mainly executed via corrupted spam email attachments. If you receive a suspicious email from an unknown sender, the worst thing you could do is click the links, open attachments, or follow any instructions presented, because this is how malicious programs can be executed without any warning. If you do not want to worry about the removal of W97M/Bartallex, you must NOT open invoice_723961.doc, legal_complaint.doc, receipt_3458934.doc, and similar DOC attachments. These are the infected files that contain the malicious macro linked to malware execution. If you find such emails or attachments, you must remove them without opening!

Once executed, W97M/Bartallex can drop a file with a random name (e.g., 4444.exe) under %TEMP%. Even if you manage to identify and remove this file, you must keep in mind that the infection can use a bunch of different files, including cloaked ones, such as winlogin.exe. At first sight, this file looks like an authentic Windows component, but, in reality, you need to remove it to disable W97M/Bartallex. Needless to say, it is difficult to recognize malicious files, especially if you don’t have much experience with malicious programs and their removal. One of the best tools that you could employ when removing W97M/Bartallex is a malware scanner. Such application will inspect your operating system and will identify which programs and files require removal.

A malware scanner is useless unless you know how to delete the detected threats, and you cannot postpone the removal of W97M/Bartallex or the associated infections for any longer. The more time you spend thinking about the removal rather than performing it, the more vulnerable your virtual security will become. You could become a victim of identity theft, and your operating system could be paralyzed by dangerous computer infections. If you cannot delete W97M/Bartallex manually – and most Windows users cannot – install an automatic malware removal tool that will remove W97M/Bartallex for you.

Download Spyware Removal Tool to Remove* W97M/Bartallex
  • Quick & tested solution for W97M/Bartallex removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.