WebHelper virus (Removal Guide) - May 2021 update
WebHelper virus Removal Guide
What is WebHelper virus?
WebHelper is a malicious application that is detected by more than 50 anti-virus programs
A potentially unwanted program that affects your device in a significant way because it loads additional content on the system.
WebHelper is malware that can silently infiltrate the system and run in the background while recording the victim's keystrokes, playing sounds, and reducing PC speed. Those infected with it can notice a few suspicious processes running in the background, namely, utorrentie.exe and webhelper.dll – they are not a part of Windows system and should not be present by default. In other words, if you see these processes running in the background, it is likely that you are infected with the virus.
The malicious app typically travels together with its components in one pack with uTorrent, so you should be very careful when downloading it from the Internet.[1] If you use uTorrent, BitTorrent, and similar services to download files and programs,[2] you can notice Web Helper 32-bit opening and playing advertisements on your computer's desktop repeatedly.
Unfortunately, there are more issues to come as the malware can cause high CPU usage and track you in the background without permission. The information that is typed via the keyboard or mouse inputs can be easily be read by malware operators; thus, eliminating this app quickly is vital to one's security and online safety. While some might think that shutting down the process will do the trick, it is not the case, as there are numerous components on the machine that will make WebHelper resurface as soon as you reboot your system.
Name | WebHelper |
---|---|
Type | Malware |
Sub-type | Tracking software |
Symptoms |
|
Danger level | High |
Associated entries | utorrentie.exe and webhelper.dll |
Distribution | Insecure freeware installations |
Removal Solution | Malicious programs can leave plenty of files and components on the infected system – these should be eliminated promptly (we provide details below). Alternatively, you can delete malware with the help of security software quickly and effortlessly – use SpyHunter 5Combo Cleaner |
System fix | FortectIntego can fix the damaged Windows system files that could otherwise result in errors, system crashes and other stability issues |
If you found WebHelper entries on your computer, you should know that the most visible issue it causes is serving advertisements based on users' browsing activities and performed searches. For that, malware tracks the user for some time and collects information about their interests, such as most visited websites, mostly clicked ads, etc. Additionally, it can record your keystrokes.
Unfortunately, this information, which is collected by the virus can include numerous amounts of personal data, including:
- passwords;
- banking data;
- PC IP address;
- system details;
- location;
- mostly visited sites;
- data entered, etc.
Once the described adware collects the needed amount of information, it sends this data to its C&C servers.
Another issue is its audio ads confusing users out of nowhere. It is difficult to see what program or process is responsible for this task. The cause of the sound can be detected by opening the Volume Mixer. However, if you thought that disabling sound on WebHelper will solve the issue, we will have to disappoint you that it will help only for a limited amount of time.
Users keep complaining about WebHelper Audio Malware that is causing issues with advertisements and even error or malware alerts in audio or video form out of nowhere[3]:
I get ads when I join community csgo servers (which is normal), but for the first time I've got a video saying “you have a virus, bla bla bla call this number bla bla bla if you close this window your computer will die bla bla bla”. So I checked where it was coming from on volume mixer and it was coming from steam client web helper.
Audio advertisements served by Web Helper are not only annoying. We should also warn you that its pop-ups and banners can contain links to possibly insecure websites.
Typically, you can’t remove WebHelper by uninstalling the app or resetting your web browsers. For that, you need to be aware of some special tips that we provided below for full malware removal. Finally, make sure you also perform a scan with FortectIntego to fix virus damage, e.g., corrupted files and similar components.
A program that plays audio advertisements for uTorrent users. There is a way to remove WebHelper for good.
There are two different components related to malware
WebHelper travels together with two different components that can show up in the Task Manager. They do not relate to Windows in any way.
uTorrentie.exe
utorrentie.exe is the uTorrent helper that can reinstall itself and annoy users by its reappearance. However, its main task is to use the PC's resources and communicate with its servers. It can also load third-party advertisements on your computer. The biggest problem related to such activity is a regular data tracking and computer slowdowns. We are sure that you do not want to deal with such virtual annoyances, so we highly recommend you to remove utorrentie.exe together with Web Helper.
WebHelper.dll
It acts as a browser helper object (BHO) that reinstalls WebHelper if deleted launches it and performs its unwanted activities, including displaying sound ads, pop-ups, and banners on the target system. If deleted, it typically reappears once the system is rebooted. The anonymous developer can also initiate tracking activities with the help of this .dll file.
Webhelper is a program created by an unknown developer. It has NOTHING to do with Windows as its main file is detected by 55 anti-virus software developers
Tips on malware avoidance in the future
Although this intruder is part of uTorrent, you can install similar ad-supported programs unknowingly, so we want to provide you with a guide on how to prevent this from happening in the future.
- When installing free software, you should opt for Custom or Advanced installation options. These will give you an opportunity to see all the extra items added to your download.
- If you do not do it and rely on Standard or Default installation options, you will simply clutter your computer with potentially unwanted programs because these installation options tend to include statements granting your permission to install all suggested additions.
- Simply pick Custom or Advanced option and deselect the extras you don’t want on your computer.
Get rid of the virus and end associated processes
There is a way to remove virus for good. Keep in mind that it isn’t a critical computer program and it hardly poses a threat to your security. However, Zondervirus.nl team says[4] that its activities are highly annoying, to say at least. Besides, its intensive data tracking can cause a loss of specific information.
You can delete Web Helper using the steps given below. Make sure you uninstall this adware via Control Panel and then reset all web browsers which are affected.
If you are not willing to perform WebHelper removal manually, you can check the system for regular adware/browser hijacking software with anti-malware software. Some of the programs we recommend are listed below. Please, make sure you update them to their latest version to have a full virus database.
Video guide for WebHelper termination
Since there are a few files that can be left behind while uninstalling the program, you should take more steps and perform virus removal this way. We have a video guide that shows you step-by-step what to fo. There are a few techniques needed for the thorough system cleaning, so follow the video and repeat all the shown procedures because WebHelper can be a persistent threat. There is no other way to end those possibly malicious processes caused by the tracking application besides fully cleaning the system.
You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of WebHelper virus. Follow these steps
Uninstall from Windows
To remove WebHelper (utorrentie.exe) from Windows 10 or similar Windows OS, you need to create a fake copy of its executable file. Here is what you need to do:
- First, end uTorrent process running on your computer. Simply press Ctrl + Alt + Del, select it and click End Task.
- Go to C:\Users\[YOUR COMPUTER NAME]\AppData\Roaming\uTorrent\updates and then open the folder named after the uTorrent version you're using. Inside this folder, you will find utorrentie.exe file. Do not do anything with it.
- Go back one folder and right-click anywhere in it. Select New > Text Document and name it however you want, let's say test.txt. Press anywhere in the folder to save the name and then open the text file you just created. Go to File>Save As.
- Now, choose the location to save the new file. Select the folder that contains utorrentie.exe file and saves the file under utorrentie.exe name here. You must select All files in the Save as type option.
- You will be asked whether you want to overwrite the file that already exists. Click Yes.
- You can now delete the test.exe file from the updates folder. Go to the folder containing the utorrentie.exe file. Right-click on this file and select Properties.
- In General tab, put a check on Read-only option in the Attributes section. Click Apply and OK.
TIP: Some computer experts suggest disabling automatic uTorrent updates to solve the problem. However, we do not consider such a move to be safe (speaking about your computer's security).
Instructions for Windows 10/8 machines:
- Enter Control Panel into Windows search box and hit Enter or click on the search result.
- Under Programs, select Uninstall a program.
- From the list, find the entry of the suspicious program.
- Right-click on the application and select Uninstall.
- If User Account Control shows up, click Yes.
- Wait till uninstallation process is complete and click OK.
If you are Windows 7/XP user, proceed with the following instructions:
- Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
- In Control Panel, select Programs > Uninstall a program.
- Pick the unwanted application by clicking on it once.
- At the top, click Uninstall/Change.
- In the confirmation prompt, pick Yes.
- Click OK once the removal process is finished.
Delete from macOS
Remove items from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Don't forget to clean your browser from unwanted content, in case of additional changes
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
If this adware hijacks your Chrome, make sure you reset it to fix this web browser for good
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Delete from Safari
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Manual removal using Safe Mode
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of WebHelper registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting malware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.
- ^ Do you use uTorrent? Careful with what it installs in your computer!. Panda Security Mediacenter. All the Info about your Cybersecurity.
- ^ μTorrent. Wikipedia. The Free Encyclopedia.
- ^ Steam Client WebHelper Virus???. Reddit. Online community forum.
- ^ Zondervirus. ZonderVirus. Malware, Spyware and Security News.