Severity scale:  
  (10/100)

Remove WebHelper virus (Removal Guide) - updated Oct 2019

removal by Gabriel E. Hall - - | Type: Malware

WebHelper is a potentially unwanted application that is detected by more than 50 anti-virus programs

WebHelper ads

WebHelper is malware that can silently infiltrate the system and run in the background while recording the victim's keystrokes, playing sounds, and affecting the speed of PC. The intruder hides under utorrentie.exe and webhelper.dll processes and has nothing to do with Windows. The virus travels together with its components in one pack with uTorrent, so you should be very careful when downloading this app from the Internet.[1] 

If you use uTorrent, BitTorrent and similar services to download files and programs,[2] you can notice Web Helper 32 bit opening and playing advertisements on your computer's desktop repeatedly. Unfortunately, there are more issues to come as the malware can cause high cpu usage and track you without any notice. Deleting the file alone does not help in getting rid of the intrusive behavior because there are numerous components you need to take care of. 

Name WebHelper
Type Malware
Sub-type Tracking software
Symptoms
  • Infiltrates the system unnoticed
  • Records keystrokes
  • Plays sounds
  • Displays ads
  • etc.
Danger level High
Associated entries utorrentie.exe and webhelper.dll 
Distribution Insecure freeware installations
Elimination Use Reimage for system cleaning

If you found WebHelper entries on your computer, you should know that the most visible issue it causes is serving advertisements based on users' browsing activities and performed searches. For that, malware tracks the user for some time and collects information about his or her interests, such as most visited websites, mostly clicked ads, etc. Additionally, it can record your keystrokes.

Unfortunately, this information which is collected by WebHelper virus can include numerous amounts of personal data, including:

  • passwords;
  • banking data;
  • PC's IP address;
  • system details;
  • location;
  • mostly visited sites;
  • data entered;
  • etc.

Once the described adware collects the needed amount of information, it sends this data to its C&C servers.

Another issue related to WebHelper is its audio ads confusing users out of nowhere. It is difficult to see what program or process is responsible for this task. The cause of the sound can be detected by opening Volume Mixer. However, if you thought that disabling sound on WebHelper will solve the issue, we will have to disappoint you that it will help only for a limited amount of time.

Users keep complaining about WebHelper Audio Malware that is causing issues with advertisements and even error or malware alerts in audio or video form out of nowhere[3]:

I get ads when I join community csgo servers (which is normal), but for the first time I've got a video saying “you have a virus, bla bla bla call this number bla bla bla if you close this window your computer will die bla bla bla”. So I checked where it was coming from on volume mixer and it was coming from steam client web helper.

Audio advertisements served by Web Helper are not only annoying. We should also warn you that its pop-ups and banners can contain links to possibly insecure websites.

Typically, you can’t remove WebHelper by uninstalling the app or resetting your web browsers. For that, you need to be aware of some special tips that we provided at the end of this post that will put WebHelper (32 bit), utorrentie.exe, webhelper.dll, and similar entries to an end. Make sure you also perform a scan with Reimage or other similar tools to perform a full WebHelper removal on your system. To know more about its components, continue reading.

WebHelper virus
WebHelper is a program that plays audio advertisements for uTorrent users. There is a way to remove WebHelper for good.

There are two different components related to WebHelper malware

WebHelper travels together with two different components that can show up in the Task Manager. They do not relate to Windows in any way.

uTorrentie.exe

utorrentie.exe is the uTorrent helper which can reinstall itself and annoy users by its reappearance. However, its main task is to use the PC's resources and communicate with its servers. It can also load third-party advertisements on your computer. The biggest problem related to such activity is regular data tracking and computer slowdowns. We are sure that you do not want to deal with such virtual annoyances, so we highly recommend you to remove utorrentie.exe together with Web Helper.

WebHelper.dll

WebHelper.dll acts as a browser helper object (BHO) that reinstalls WebHelper if deleted, launches it and performs its unwanted activities, including displaying sound ads, pop-ups, and banners on the target system. If deleted, it typically reappears once the system is rebooted. The anonymous developer can also initiate tracking activities with the help of this .dll file.

Webhelper
Webhelper is a program created by an unknown developer. It has NOTHING to do with Windows as its main file is detected by 55 anti-virus software developers

Tips on adware avoidance in the future

Although this intruder is part of uTorrent, you can install similar ad-supported programs unknowingly, so we want to provide you with a guide on how to prevent such things from happening.

  • When installing free software, you should opt for Custom or Advanced installation options. These will give you an opportunity to see all the extra items added to your download.
  • If you do not do it and rely on Standard or Default installation options, you will simply clutter your computer with potentially unwanted programs because these installation options tend to include statements granting your permission to install all suggested additions.
  • Simply pick Custom or Advanced option and deselect the extras you don’t want on your computer.

Get rid of WebHelper and end associated processes

There is a way to remove WebHelper virus for good. Keep in mind that it isn’t a critical computer program and it hardly poses a threat to your security. However, Zondervirus.nl team says[4] that its activities are highly annoying, to say at least. Besides, its intensive data tracking can cause the loss of specific information.

You can delete Web Helper using steps given below. Make sure you uninstall this adware via Control Panel and then reset all web browsers which are affected. 

If you are not willing to perform WebHelper removal manually, you can check the system for regular adware/browser hijacking software with anti-malware software. Some of the programs we recommend are listed below. Please, make sure you update them to their latest version to have a full virus database.

Video guide for WebHelper termination

Since there are a few files that can be left behind while uninstalling the program, you should take more steps and perform virus removal this way. We have a video guide that shows you step-by-step what to fo. There are a few techniques needed for the thorough system cleaning, so follow the video and repeat all the shown procedures because WebHelper can be a persistent threat. There is no other way to end those possibly malicious processes caused by the tracking application besides fully cleaning the system.

You can remove virus damage automatically with a help of one of these programs: Reimage, SpyHunter 5Combo Cleaner, Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove WebHelper virus, follow these steps:

Remove WebHelper from Windows systems

To remove WebHelper (utorrentie.exe) from Windows 10 or similar Windows OS, you need to create a fake copy of its executable file. Here is what you need to do:

  1. First, end uTorrent process running on your computer. Simply press Ctrl + Alt + Del, select it and click End Task.
  2. Go to C:\Users\[YOUR COMPUTER NAME]\AppData\Roaming\uTorrent\updates and then open the folder named after the uTorrent version you're using. Inside this folder, you will find utorrentie.exe file. Do not do anything with it.
  3. Go back one folder and right-click anywhere in it. Select New > Text Document and name it however you want, let's say test.txt. Press anywhere in the folder to save the name and then open the text file you just created. Go to File>Save As.
  4. Now, choose the location to save the new file. Select the folder that contains utorrentie.exe file and saves the file under utorrentie.exe name here. You must select All files in the Save as type option.
  5. You will be asked whether you want to overwrite the file that already exists. Click Yes.
  6. You can now delete the test.exe file from the updates folder. Go to the folder containing the utorrentie.exe file. Right-click on this file and select Properties.
  7. In General tab, put a check on Read-only option in the Attributes section. Click Apply and OK.

TIP: Some computer experts suggest disabling automatic uTorrent updates to solve the problem. However, we do not consider such a move to be safe (speaking about your computer's security).

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall WebHelper and related programs
    Here, look for WebHelper or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove WebHelper from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Uninstall WebHelper from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for WebHelper or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Get rid of WebHelper from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for WebHelper and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete WebHelper removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Eliminate WebHelper virus from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, WebHelper should be removed from your Microsoft Edge browser.

Delete WebHelper from Mozilla Firefox (FF)

Don't forget to clean your browser from unwanted content, in case of additional changes

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select WebHelper and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete WebHelper removal. Click on 'Reset Firefox' button for a couple of times

Erase WebHelper from Google Chrome

If this adware hijacks your Chrome, make sure you reset it to fix this web browser for good

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select WebHelper and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete WebHelper removal. Click on 'Reset' button to complete your removal

Remove WebHelper from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for WebHelper or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by WebHelper, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete WebHelper removal process. Select all options and click on 'Reset' button

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References

Removal guides in other languages


Your opinion regarding WebHelper virus