What is winhelper86.dll?

winhelper86.dll is usually located in the 'C:\WINDOWS\system32\' folder.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Vendor and version information [?]

winhelper86.dll does not have any version or vendor information.

Digital signatures [?]

winhelper86.dll is not signed.

Hashes [?]

PropertyValue
MD54a73d025f4dac5db924ed90e37fe8fcd
SHA25692ccccfee3a7617ea8406bcdc48a93f76e5675a4b63d6dfbfe6f9534155fd659

What will you do with the file?

To help other users, please let us know what you will do with the file:



What did other users do?

The poll result listed below shows what users chose to do with the file. 100% have voted for removal. Based on votes from 33 users.

Votes
Keep0 %
0
Remove100 %
33

NOTE: Please do not use this poll as the only source of input to determine what you will do with the file.

Malware or legitimate?

If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.

Please select the option that best describe your thoughts on the information provided on this web page


Free online surveys

And now some shameless self promotion ;)

A screenshot of FreeFixer's scan result.Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.

If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.

Comments

Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.

I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.

Roger Karlsson writes

1 thumb

winhelper86.dll is malware.

http://www.virustotal.com/analisis/98a16ec75887505ca60ad73b6365f24fab650de3c6700beeaacba3c9bef9c7e9-1259139403

# 25 Nov 2009, 0:58

P@S@f writes

0 thumbs

When I remove it, my network goes down, and I couldn't fix it.

# 30 Nov 2009, 0:48

Roger Karlsson writes

0 thumbs

@Pasaf: Did you remove winhelper86.dll manually or did you use some tool to delete it?

# 30 Nov 2009, 2:06

P@S@f writes

0 thumbs

Roger Karlsson, I use Unlocker to delete it, because many applications did handle it. But then I find AVZ script to remove it totally, and recommendations about how to fix net(to fix it I just use tool call WinsockFix), but when I use script, virus still doesn't remove. Then I go to system32 directory and find there some else aplications viz. winlogon86.exe and winupdate86.exe(both were in startup, in regisry), I added them to AVZ script and run it, but when I reboot, my desktop cease load(I just see my wallpaper, but nothing) - no taskbar, no start menu, no desktop shortcuts. In Safe Mode I get such problem. And I hadn't task manager! So I boot from autobooting CD, launch Acronics Disk Director, copy explorer.exe to system32 and rename it to taskmng.exe, so I could launch Explorer by Ctrl+Alt+Del. I don't know what exactly that virus did with my registry, but I find many new keys created by it. Such as NoSetActiveDesktop and many else. I did all what I could, but my desktop didn't come back to me:(
And now when I was about to reinstall my Windows, I don't know what exectly I did(it was a moment when I remove Visual Studio 2005), but suddenly I see my desktop!!! All shortcuts and taskbar - all come back!!! And it was like be Windows loadng - in tray gradually steel appearing my programs(ICQ, Skype, etc.)
But I think when I reboot, all again lost:(

# 1 Dec 2009, 6:39

P@S@f writes

0 thumbs

P.S. Virus also damaged my codecs or audiodrivers(but I don't know, it could be just coincidence)

# 1 Dec 2009, 6:41

Roger Karlsson writes

1 thumb

@Pasaf: Let's begin with winhelper86.dll. This malware file is installed as a Winsock 2 Transport Service Provider. This means that if winhelper86.dll is deleted manually, or by a tool unaware of it being a Transport Provider you will break your network access.

If you, or anyone else run into this problem again, it's possible to repair to the broken Internet access with Freefixer.

This is done by first scanning your computer with FreeFixer. In the scan result, scroll down to "Transport Service Providers". Check the winhelper86.dll items for removal. Then click "Fix". This should repair the internet access. I've made a screenshot here which shows what I'm talking about:

http://4.bp.blogspot.com/_tUgxW0VPLAY/SxUzkLY0jrI/AAAAAAAAAKg/ZiGo90vyckA/s1600/fix-broken-network-connection.PNG


Regarding the missing desktop. This is probably caused by winlogon86.exe overwriting the following registry value:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, UserInit = C:\WINDOWS\system32\userinit.exe,"

To have your desktop back, you need to restore the above registry value. Since you got explorer.exe hooked up with Ctrl+Alt+Del, I'm sure you can start the registry editor to restore the registry value.

I ran into this problem about a week ago. This is how I manually restored the UserInit value:

1. I downloaded UBCD4Win:
http://download.cnet.com/UBCD4Win/3000-2086_4-10550208.html?part=dl-UltimateB&subj=dl&tag=button
2. I installed UBCD4Win on my second machine. I used the UBCD4Win program to create and burn a bootable CD-rom.
3. I moved the new CD-rom to the infected machine and restarted it.
4. The infected machine booted from the CD-rom instead of the hard drive. (You might have to configure the BIOS to boot from the CD-rom before the hard drive)
5. In the first menu that popped up when booting I chose "Launch the Ultimate Boot CD for Windows"
6. When the CD-rom version of Windows had booted completely I started the "Remote Registry" program, which is located on the desktop.
7. The "Select User Profile" dialog popped up. I chose Roger which is my username and the Registry Editor started.
8. In the left pane I located HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
9. In the right pane right-clicked on UserInit, chose Modify and changed the value data to:
c:\windows\system32\userinit.exe,
10. I ejected the CD-rom, and restarted the machine.
11. Now I could restart and log in without any problems.

Hope this helped you to fix the problems.

# 1 Dec 2009, 7:44

Andrew Record writes

1 thumb

This *86.* Virus is somewhat sophisticated. It runs a process named winupdate86 that disabled task manager, regedit, and XP system restore. Restarting in safe mode resulted in a stop.

The hijacked desktop wallpaper has a fake message claiming it found the "Win.NetSky" virus and "recomedes" spelled with a missing "n" that you run antivirus software,

I ended up downloading taskmanagerfix
http://www.taskmanagerfix.com/

After you run taskmanagerfix you need to hold the Control and alt keys down then repeatadly tap the delete key until the task manager window stays visible. After you end the winupdate86 process regedit works again, so I imagine Freefixer could be run.

I think the freefixer utility would find all the virus files at this point. Winhelper86 was *busy* when I tried to delete it manually. Unfortunately I didn't find freefixer until I had cleaned up most of the virus files manually. Freefixer is a great utility linked to a wonderful resource site!

# 18 Dec 2009, 15:20

Leave a reply