They say there’s no such thing as a free lunch. Among other things, this holds true for lots of computer-related scenarios where users catch malicious code when trying to get freebies. Torrenting is a good example because it’s often a mixed blessing. While providing a way to download videos and audio files without any fees, it may promote viruses like WebHelper.
Table of Contents
What is the WebHelper virus?
Although WebHelper might sound like something useful, it is actually a computer infection in disguise. A vast majority of the issues stemming from the pranks of this entity boil down to ads injecting and info-stealing activity. One of the hurdles to detection is that it may not manifest itself in an outright way, in the sense that the victims don’t see an appropriate inscription anywhere on popup adverts or other conspicuous elements the attack. However, a quick CPU usage peek in the Task Manager will reveal that there is either a process named WebHelper.exe running, or the term is indicated under the Description column next to an entry that says utorrentie.exe. Some of those infected discover a strange search box appear in their Windows taskbar area – in this case, eliminating it from there by re-customizing the panel is a short-term measure because the unwanted item will be back after the next reboot.
The spreading of this Trojan-like pest mostly relies on a clever bundling trick. Millions of users around the world opt for the uTorrent service, which allows them to download quality multimedia content without having to pay for it. The legal technicalities set aside, this is undoubtedly a lure. Given the popularity of this tool, cybercriminals may compile custom booby-trapped versions of it with the spyware plus adware combo inside. Another plausible situation is that some of the certified distributors of the torrenting software in question are tempted to equip it with a hidden module that will provide them with extra moneymaking opportunities. One way or the other, installing uTorrent often leads to the WebHelper virus slithering into PCs without letting the users know.
Aside from displaying advertisements right in the uTorrent client window, the Trojan will embed sponsored information in the visited websites and may even trigger splash screens on the desktop with targeted ads in them. WebHelper reportedly engages in keystroke logging, too. This activity is absolutely unnoticeable, but the risk emanating from it definitely outstrips the nuisance effect of the redundant advertising mentioned above. By recording the combinations of buttons the victim presses, the dodgy program gives its operators sufficient clues regarding the usernames and passwords being used to log into various online accounts, including e-banking ones. These details plus a little bit of effort on the attackers’ end can pave the way towards identity theft and financial frauds. To top it all off, the virus may download additional malware, including aggressive browser plugins and toolbars. This may result in browser hijacking, where one’s custom web surfing settings get replaced with rogue values and the web traffic is iteratively redirected to malicious sites.
Obviously, the shady WebHelper item doesn’t belong anywhere near a healthy computer. What if it’s already on board? The only reasonable response is to get rid of it, which is usually easier said than done. Commonplace software uninstall methods may not do the trick because the predatory code leverages smart persistence tactics. Therefore, combining several removal vectors is the right approach to address this issue.
WebHelper ads automatic removal
The extermination of WebHelper ads can be efficiently accomplished with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped out from your system.
1. Download recommended security utility and get your PC checked for malicious objects by selecting the Start Computer Scan option
2. The scan will come up with a list of detected items. Click Fix Threats to get the ads removed from your system. Completing this phase of the cleanup process is most likely to lead to complete eradication of the infection. However, it might be a good idea to consider ascertaining the ads is gone for good.
Remove WebHelper ads using Control Panel
- Open Control Panel. On Windows XP / Windows 8, go to Add or Remove Programs. If your OS is Windows Vista / Windows 7 / Windows 10, choose Uninstall a program
- Look down the list and locate an app that appears fishy. Click the Uninstall/Change (Change/Remove) option to get the intruder removed if spotted
WebHelper ads removal by resetting the affected browser
Please take into consideration that as effective as it is, the procedure of restoring browser defaults will lead to the loss of personalized settings such as saved passwords, bookmarks, browsing history, cookies, etc. In case you are not certain this outcome is suitable despite its obvious efficiency, it’s advised to follow the automatic removal method described in one of the previous sections of this tutorial.
Reset Google Chrome
- Click on the Chrome menu icon and select Settings
- Locate the Advanced option under Settings and click on it to expand the menu. Then, pick the Reset button at the bottom
- When a new screen appears, hit Reset once again
- Chrome will now display a confirmation dialog box listing the types of data that will be lost if you proceed. Read the message carefully and, if you’re sure, click Reset
Reset Mozilla Firefox
- Click on Help menu and select Troubleshooting Information from the drop-down list, or type about:support in the URL field
- On the Troubleshooting Information screen, click Refresh Firefox option and confirm the procedure on another dialog
Reset Internet Explorer
- In IE, go to Tools and select Internet Options from the list
- Hit the Advanced tab and click on the Reset option
- IE will now display Reset Internet Explorer Settings box, where you should put a checkmark next to Delete personal settings option and click Reset at the bottom
Verify whether WebHelper ads has been completely removed
For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this ads are left inside Windows Registry and other operating system locations.