WebHelper virus (Removal Guide) - May 2021 update

WebHelper virus Removal Guide

What is WebHelper virus?

WebHelper is a malicious application that is detected by more than 50 anti-virus programs

WebHelper adsA potentially unwanted program that affects your device in a significant way because it loads additional content on the system.

WebHelper is malware that can silently infiltrate the system and run in the background while recording the victim's keystrokes, playing sounds, and reducing PC speed. Those infected with it can notice a few suspicious processes running in the background, namely, utorrentie.exe and webhelper.dll – they are not a part of Windows system and should not be present by default. In other words, if you see these processes running in the background, it is likely that you are infected with the virus.

The malicious app typically travels together with its components in one pack with uTorrent, so you should be very careful when downloading it from the Internet.[1] If you use uTorrent, BitTorrent, and similar services to download files and programs,[2] you can notice Web Helper 32-bit opening and playing advertisements on your computer's desktop repeatedly.

Unfortunately, there are more issues to come as the malware can cause high CPU usage and track you in the background without permission. The information that is typed via the keyboard or mouse inputs can be easily be read by malware operators; thus, eliminating this app quickly is vital to one's security and online safety. While some might think that shutting down the process will do the trick, it is not the case, as there are numerous components on the machine that will make WebHelper resurface as soon as you reboot your system.

Name WebHelper
Type Malware
Sub-type Tracking software
  • Infiltrates the system unnoticed
  • Records keystrokes
  • Plays sounds
  • Displays ads
  • Tracks online activities, etc.
Danger level High
Associated entries utorrentie.exe and webhelper.dll
Distribution Insecure freeware installations
Removal Solution Malicious programs can leave plenty of files and components on the infected system – these should be eliminated promptly (we provide details below). Alternatively, you can delete malware with the help of security software quickly and effortlessly – use SpyHunter 5Combo Cleaner
System fix FortectIntego can fix the damaged Windows system files that could otherwise result in errors, system crashes and other stability issues

If you found WebHelper entries on your computer, you should know that the most visible issue it causes is serving advertisements based on users' browsing activities and performed searches. For that, malware tracks the user for some time and collects information about their interests, such as most visited websites, mostly clicked ads, etc. Additionally, it can record your keystrokes.

Unfortunately, this information, which is collected by the virus can include numerous amounts of personal data, including:

  • passwords;
  • banking data;
  • PC IP address;
  • system details;
  • location;
  • mostly visited sites;
  • data entered, etc.

Once the described adware collects the needed amount of information, it sends this data to its C&C servers.

Another issue is its audio ads confusing users out of nowhere. It is difficult to see what program or process is responsible for this task. The cause of the sound can be detected by opening the Volume Mixer. However, if you thought that disabling sound on WebHelper will solve the issue, we will have to disappoint you that it will help only for a limited amount of time.

Users keep complaining about WebHelper Audio Malware that is causing issues with advertisements and even error or malware alerts in audio or video form out of nowhere[3]:

I get ads when I join community csgo servers (which is normal), but for the first time I've got a video saying “you have a virus, bla bla bla call this number bla bla bla if you close this window your computer will die bla bla bla”. So I checked where it was coming from on volume mixer and it was coming from steam client web helper.

Audio advertisements served by Web Helper are not only annoying. We should also warn you that its pop-ups and banners can contain links to possibly insecure websites.

Typically, you can’t remove WebHelper by uninstalling the app or resetting your web browsers. For that, you need to be aware of some special tips that we provided below for full malware removal. Finally, make sure you also perform a scan with FortectIntego to fix virus damage, e.g., corrupted files and similar components.

WebHelper virusA program that plays audio advertisements for uTorrent users. There is a way to remove WebHelper for good.

There are two different components related to malware

WebHelper travels together with two different components that can show up in the Task Manager. They do not relate to Windows in any way.


utorrentie.exe is the uTorrent helper that can reinstall itself and annoy users by its reappearance. However, its main task is to use the PC's resources and communicate with its servers. It can also load third-party advertisements on your computer. The biggest problem related to such activity is a regular data tracking and computer slowdowns. We are sure that you do not want to deal with such virtual annoyances, so we highly recommend you to remove utorrentie.exe together with Web Helper.


It acts as a browser helper object (BHO) that reinstalls WebHelper if deleted launches it and performs its unwanted activities, including displaying sound ads, pop-ups, and banners on the target system. If deleted, it typically reappears once the system is rebooted. The anonymous developer can also initiate tracking activities with the help of this .dll file.

WebhelperWebhelper is a program created by an unknown developer. It has NOTHING to do with Windows as its main file is detected by 55 anti-virus software developers

Tips on malware avoidance in the future

Although this intruder is part of uTorrent, you can install similar ad-supported programs unknowingly, so we want to provide you with a guide on how to prevent this from happening in the future.

  • When installing free software, you should opt for Custom or Advanced installation options. These will give you an opportunity to see all the extra items added to your download.
  • If you do not do it and rely on Standard or Default installation options, you will simply clutter your computer with potentially unwanted programs because these installation options tend to include statements granting your permission to install all suggested additions.
  • Simply pick Custom or Advanced option and deselect the extras you don’t want on your computer.

Get rid of the virus and end associated processes

There is a way to remove virus for good. Keep in mind that it isn’t a critical computer program and it hardly poses a threat to your security. However, Zondervirus.nl team says[4] that its activities are highly annoying, to say at least. Besides, its intensive data tracking can cause a loss of specific information.

You can delete Web Helper using the steps given below. Make sure you uninstall this adware via Control Panel and then reset all web browsers which are affected.

If you are not willing to perform WebHelper removal manually, you can check the system for regular adware/browser hijacking software with anti-malware software. Some of the programs we recommend are listed below. Please, make sure you update them to their latest version to have a full virus database.

Video guide for WebHelper termination

Since there are a few files that can be left behind while uninstalling the program, you should take more steps and perform virus removal this way. We have a video guide that shows you step-by-step what to fo. There are a few techniques needed for the thorough system cleaning, so follow the video and repeat all the shown procedures because WebHelper can be a persistent threat. There is no other way to end those possibly malicious processes caused by the tracking application besides fully cleaning the system.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of WebHelper virus. Follow these steps

Uninstall from Windows

To remove WebHelper (utorrentie.exe) from Windows 10 or similar Windows OS, you need to create a fake copy of its executable file. Here is what you need to do:

  1. First, end uTorrent process running on your computer. Simply press Ctrl + Alt + Del, select it and click End Task.
  2. Go to C:\Users\[YOUR COMPUTER NAME]\AppData\Roaming\uTorrent\updates and then open the folder named after the uTorrent version you're using. Inside this folder, you will find utorrentie.exe file. Do not do anything with it.
  3. Go back one folder and right-click anywhere in it. Select New > Text Document and name it however you want, let's say test.txt. Press anywhere in the folder to save the name and then open the text file you just created. Go to File>Save As.
  4. Now, choose the location to save the new file. Select the folder that contains utorrentie.exe file and saves the file under utorrentie.exe name here. You must select All files in the Save as type option.
  5. You will be asked whether you want to overwrite the file that already exists. Click Yes.
  6. You can now delete the test.exe file from the updates folder. Go to the folder containing the utorrentie.exe file. Right-click on this file and select Properties.
  7. In General tab, put a check on Read-only option in the Attributes section. Click Apply and OK.

TIP: Some computer experts suggest disabling automatic uTorrent updates to solve the problem. However, we do not consider such a move to be safe (speaking about your computer's security).

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Don't forget to clean your browser from unwanted content, in case of additional changes

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

If this adware hijacks your Chrome, make sure you reset it to fix this web browser for good

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of WebHelper registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting malware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages