Remove WebHelper Virus (Sept. 2019 Update)

How irritating is this problem? (8 votes, average: 5.00)


This page aims to help you remove the WebHelper Virus. Our removal instructions work for every version of Windows.

The WebHelper Virus


Multiple anti virus programs detect the WebHelper virus

There are probably not many computer users who haven’t heard about the nefarious Trojan Horse infections. After all, the infamous Trojan Horses are one of the most commonly encountered, as well as some of the most damaging malware programs one could get inside their system. A new example of a dangerous Trojan Horse virus is the newly detected WebHelper, which is going to be the focus of the next few paragraphs. Here, you are about to learn some basic information about this malicious software piece, and you will also find out how you can potentially deal with it in case it has entered your computer.

The WebHelper Trojan Horse is a sneaky piece of malware that can come to you disguised as something that doesn’t raise suspicion, and, better yet, that seems interesting to you, so that you’d be enticed into interacting with it. A common example is when Trojans like WebHelper are presented to the user under the guise of a program or a game installer. Of course, you wouldn’t download such an installer from the official site of the software that is used as disguise, which is why most installers that are hidden Trojans typically come from sketchy sites, known for spreading illegal and pirated software. On the outside, however, the installation .exe file would likely look pretty normal, leading the user to interact with it. Upon opening the infected file, the victim would probably be asked to provide their Admin permission to the file, allowing it to make changes in the system. Should the user give their permission, the Trojan would immediately get activated and would get down to business. What’s even worse is that it would now have Admin privileges, meaning that to would be able to access, and modify nearly all system settings, software, and data on the computer. Naturally, this would allow the hackers behind the virus to do all kinds of things within the attacked system. What happens next depends on what the cyber criminals are after, and what their end goal is.

Possible consequences of the WebHelper attack

Due to lack of sufficient research, and because the virus is quite new, we can’t tell you the exact type of harm that WebHelper may cause. Such Trojans are known for their unpredictability, and their versatile abilities, so you could expect anything from them. From personal espionage and attempts to acquire some sensitive data, such as banking numbers, to making use of your computer’s RAM, CPU, and GPU for cryptocurrency mining, from personal harassment and blackmailing, to insertion of more malware such as Spyware, Rootkits, and Ransomware cryptoviruses, a Trojan Horse could cause damage and harm to your computer, and to your virtual privacy in a number of ways. The important thing, however, is to never wait for the damage to become apparent. You should always seek to stop the malware program in its tracks, before it has managed to cause anything serious. Hopefully, with the help of the guide and the professional system security program below, you should be able to take care of the infection with as little harm caused as possible.


Name WebHelper
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Trojans are known for causing system crashes, BSOD, software errors, unauthorized changes in some of the system’s settings, etc.
Distribution Method  The use of spam messages, misleading ads, pirated games, and clickbait pop-ups and download buttons are some of the more commonly used methods of Trojan Horse distribution.
Detection Tool

Remove WebHelper Virus

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment