|
ws2help.dll is a legitimate windows file. It's full name is Windows socket 2 helper for windows NT. It is also found in XP and Vista. in the default location C:\Windows\System32, C:\Windows\System32\dllcache and C:\Windows\SoftwareDistribution\Download. Therefore if you find this file anywhere else on your computer you can be sure it is a virus. These are some of the places where it has been located %ProgramFiles%\internet explorer\ws2help.dll
%ProgramFiles%\messenger\ws2help.dll
%ProgramFiles%\windows media player\ws2help.dll
%Windir%\ws2help.dll This article provides thorough detection and removal instructions. All the tools/ software mentioned in this article are freeware.
|
Aliases: You can see a list of the aliases on this link |
| Turn system restore Off : The malicious files are also saved in the system restore backup. You need to turn system restore off in order to remove them. You can turn it on again after cleaning the computer. Click here to read more... |
Delete Files: These are the locations where ws2help.dll was found on different infected computers %ProgramFiles%\internet explorer\ws2help.dll
%ProgramFiles%\messenger\ws2help.dll
%ProgramFiles%\windows media player\ws2help.dll
%Windir%\ws2help.dll Here are some other files that are found alongwith ws2help.dll Variation1
%AppData%\Wplugin.dll
%Windir%\Wplugin.dll
%ProgramFiles%\Messenger\msmsgs.exe.local
%Windir%\explorer.exe.local
%ProgramFiles%\Messenger\ws2help.dll
%Windir%\ws2help.dll see report Variation2 %ProgramFiles%\Internet Explorer\11677
%ProgramFiles%\Internet Explorer\ws2help.dll
%ProgramFiles%\Internet Explorer\ws2_42.dat
%ProgramFiles%\Internet Explorer\ws2_42.dll
%System%\11677 see report
%System% refers to the System folder. By default C:\Windows\System (in Windows 95/98/Me), C:\Winnt\System32 (in Windows NT/2000), or C:\Windows\System32 (in Windows XP and Vista).
%ProgramFiles% is C:\Program Files
%Windir% is C:\Windows or C:\Winnt
%AppData% is C:\Documents and Settings\[UserName]\Application Data.
|
| View Hidden Files: Before you could delete ws2help.dll and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders Click here to read more |
| Boot in safe mode: Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them. Click here to read more |
| End Process in the Task Manager: If you find any of the files listed above running in the Task Manager, you can select it and press End process button after making sure that it belogs to the virus and is not a legitimate windows process, that will help you to delete it from the hard disk later. Click here to read more |
Remove entry from Windows Startup: Look in the windows startup, by opening the system configuration utility and remove the entries of ws2help.dll and other files listed above. Click here to read more
|
Unable to open Task Manager and/ or registry editor - If that happens, you can try these free tools to enable the task manager and the registry tools again. Click here to read more If you do not see Folder Options in all Windows Explorer menus and in Control Panel you can enable it by editing registry. Click here to read more |
| Run CCleaner : If you manage to find ws2help.dll and associated files and delete them, even then there will be associated entries in the windows registry. If you run a free temp files/registry cleaner called CCleaner, that will help you to automatically clean the registry from the virus entries as well as the temp folder . Click here to read more |
Block the sites/ ports: Keep yourself protected with a firewall, you can see the logs of the firewall to see if there is any suspicious communication to and from your computer which you are not aware of. |
| Run system file chekcer: Windows has a built in tool called system file checker. It scans the computer to see if any of the windows system files are corrupt/missing and replaces them with a good copy. you should run this tool so that it will replace the deleted/ modified system files. Click here to read more |
Delete the registry keys manually: If you are brave enough to do so. You can edit the registry by using the windows built in registry editor. Click here to read more See the registry entries created by this worm on the infected computer on the reports links provided in the "Delete Files" section All the Best
reference with permission from Threatexpert |
