Security

What is WebHelper, that suspicious process in your Task Manager?

Ray Fernandez

Jul 17, 20235 min read

What is WebHelper, that suspicious process in your Task Manager? (Header image)

Is your computer running slow? Do you see too many ads and pop-ups? If so, your Mac might be infected with WebHelper, one of those malicious apps that has given users worldwide nothing but headaches. It can run in the background without your knowledge and can be more damaging than most people think.

What is WebHelper?

While some argue that WebHelper is a Potential Unwanted Program (or PUP) because it is downloaded with the consent of the user, in reality, it is malware. Additionally, this malware is also adware and will constantly bring up unwanted advertisements and pop-ups. These ads are not only annoying, but they slow down a computer, take up resources, and can cause it to crash. 

But WebHelper is also more than adware. It can act as a Trojan, assisting with the installment of other unwanted programs and redirecting users to malicious sites. Plus, it is spyware reportedly capable of stealing personal and financial data, recording keystrokes like a keylogger, and spying on users.

Is WebHelper malware?

The short answer is yes. WebHelper 32 bit is malware, usually identified by trusted antivirus programs as a Trojan. 2-Spyware says that WebHelper is a malicious application that uses aggressive techniques to cause serious harm to systems. Users are encouraged to scan their computers with professional anti-malware, as Webhlper is very good at hiding from scans.

What is Webhelper virus and how to remove it.

What WebHelper 32 Bit does and how it got on your Mac

WebHelper will breach your computer in stealth mode and run in the background. As mentioned, it can direct you to unsolicited pages, feed you constant and annoying ad pop-ups, and act as spyware.

It can also:

  • Modify your system: Manipulate boot options, setting automatic malware launch when the computer is turned on
  • Edit the registry and cause unexpected errors
  • Connect to hacker-controlled servers
  • Be used to disseminate other types of malware and viruses, either by tricking users into clicking or downloading unsolicited content or by creating backdoors
  • Play unwanted audio
  • Slow down and crash your Mac

If you are infected with this malware and open the Task Manager, you may notice your computer running at full 100% capacity. The malware in the Task Manager shows up as running a process usually called webhelper.exe, webhelper.dll, or utorrentie.exe. 

Like many malware, it accesses your computer through bundling, a technique used by hackers where malware is hidden in files that are downloaded. These files can be anything from spreadsheets to presentations or text files. The most commonly reported download access of malware is Utorrent, a Bit Torrent client that is used to share and download files from the internet.

How to remove WebHelper

There are two ways to remove WebHelper. One way is through the use of an antimalware app. The other option is to do it manually. CleanMyMac is a Mac utility with a Protection module powered by Moonlock Engine and real-time protection tools.

CleanMyMac protection interface 1 screenshot

To locate and delete WebHelper with CleanMyMac:

  1. Download CleanMyMac. 
  2. Select Protection from the sidebar.
  3. Hit Scan.
  4. When the scan is over, check all boxes and hit Remove.

After that, be sure to set up real-time monitoring to prevent any PUPs from infecting your Mac. Here’s how to do that.

CleanMyMac protection settings screenshot
  1. Click on the CleanMyMac menu in the menu bar.
  2. Select Settings and then Protection.
  3. Check all the boxes, and exit the settings.
Screenshot of Webhelper removal process with CleanMyMac

CleanMyMac will now regularly scan your computer for malware. In the future, if you come in contact with other malware, CleanMyMac will notify and warn you, isolating it and allowing you to remove it before it causes any damage.

Remove WebHelper manually

Unlike other extremely sophisticated malware, WebHelper can be removed manually if you have some basic knowledge and the patience to eliminate all traces of the program.

You must complete three processes to remove this malware from your Mac entirely. The first is to eliminate the malware program. The second is to eliminate all files that the malware may have created. The third is to eliminate all traces it created in your web browser.

To remove the malware app from your Mac:

  1. Go to the Applications folders.
  2. Locate the app you downloaded before right before you noticed suspicious activity.
  3. Drag the app to the Trash.
  4. Do the same with any apps you did not download.

To remove files created by WebHelper:

  1. In the Finder, go to the menu bar and choose Go, then Go to Folder.
  2. Navigate to each of the locations below, one at a time (just paste the location in the box in the Go to Folder window) and look for files that contain the name WebHelper or similar names:

/Library/LaunchAgents

 /Library/LaunchDaemons

/Library/Application Support

/Library/Application Support

Delete WebHelper from your browser

Now that you have deleted the malware and the files it created, you have to delete its presence on your web browsers, whether using Safari, Chrome, and Firefox. Here’s how to remove the malware from your Browser.

In Safari: Go to Menu, Preferences, then Extensions, and find the installed malware extension and uninstall it. Then go to Preferences > Privacy > Remove website data and trash all files.

In Chrome: Go to Preferences (you can paste chrome://settings in the address bar), then go to Extensions and remove the malware. Also, clear the cache and temporary files.

In Firefox: Click on the three bars on the top right of the browser and select Add-ons. Go to view installed extensions, select “Extensions,” and remove WebHelper from the list. Go back to Add-ons and delete website data like cache and history files.

WebHelper is a unique malware that has flown under the radar for a long time, tricking users into believing it was just annoying adware. But security experts have discovered that it is much more dangerous. To prevent downloading viruses and malware, always be cautious when downloading files and software, never ignore alerts on your web browser alerting you of harmful sites, and only click on trusted links. Finally, never click on pop-up ads even if the offer is attractive. As the saying goes, if it seems too good to be true, it probably is.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.