Freshness Warning
This blog post is over 21 years old. It's possible that the information you read below isn't current and the links no longer work.

Ever heard of a product called webHancer? I hope you never do. The name implies that it enhances something about your web experience, when in reality all it’s enhacing is their wallets.

When the product is installed on your computer, it sends statistical information about your internet connection to their servers. The type of data they collect is network perfomance information like DNS lookup times, packet roundtrip times and the like. Then they sell that data to other Web sites that are interested in knowing what type of network performance their customers are getting. How does that enhance your experience? I don’t know.

So why on earth would someone install this software? The short answer is that they wouldn’t. WebHancer seems to know this, so they have enlisted the help of “distribution partners” that install the software for them. A distribution partner is a third-party software developer that gets paid by webHancer to include webHancer software in their download.

So what’s my problem with this? First of all, you are not generally told that webHancer is being installed or why it’s being installed. I’m an advocate of always informing users what you are doing. Second, In order to collect all that data from you, webHancer alters your network stack. Not a problem — until you try and remove the software. According to webHancer, if the software is removed “improperly” (whatever that means), you will lose your internet connectivity. And trust me, it happens.

I’m not sure how I got webHancer, but Friday I removed the software improperly using Ad Aware. Ad Aware removes spyware from your computer and webHancer is one of the packages it removes.

Once I removed it, my Internet connection was gone. I tried following webHancer’s instructions for fixing the problem, but to no avail. I tried the instructions from another site. Still no connection. So I tried removing and re-installing TCP/IP, but that didn’t work either. In the end, I had to completely re-install Windows 2000 to get things working again.

I don’t know what software that I installed was infected with webHancer. But I’d like to so that I could inform you what to watch out for. If you know of any software that uses this, please let me know. I’d like to start making a list to inform everyone.

September 20, 2005 10:12 PM

I hate this piece of lkdjflkjdfkj (*censored*)kdjfkjf(*beep*). I don't know how I got it but one morning I woke up and I had no internet connection. I thought Telus is down so I just waited, and waited and waited. Next morning my connection was still down. I decided to call Telus and talk to a representative. After following instructions it was clear that I could be reached and I could reach Tellus through the command line, so that meant my connection was fine, but there's something wrong with my computer! So in search for spyware/adware/whatever, I ran Ad-Aware and it found something called web-enhancer which it could not remove. I then wondered what a heck this was and I did my homework to research it...Only then I was beginning to see my hopless situation. I am so mad that I seriously want to sue the company that makes it. After trying just about every method of removing and reinstalling and removing the stupid Web Enhancer thing, I started smashing stuff around my house. I don't want to format, and I've ran out of inanimate objects to dump my stress on. What CAN I do? I definately don't want to reinstall Windows, cos I have TONS of files on my computer.

October 18, 2005 1:10 PM

My son picked up a bundle of spyware/Trojan last night. The station was virtually frozen afterwards, it could not get to the web. Desktop had no response. My wife rebooted the station several times. It stayed the same. I tried to kill the many running suspicious processes under wintop (I am using win98) but I could not get them all, either no terminate option or auto restarting after termination, a typical malware behaviour. I should have attempted to uninstall the bundle but it was hard to get around and I don't trust any spyware to uninstall themselves. I booted the station into DOS and deleted all new program directories and their contents (about a dozen of them created within the same minute) This was the biggest attack I ever encountered. That stablized the station, it rebooted almost cleanly but pc-cillin complained about not able to find the mail socket on start up. The station stayed calm but I could not get to the web. I was able to ping the outside world. The routing table and DNS were correct but I could not telnet nor ftp out. It complained about socket failure everywhere. I had reinstalled TCP/IP for all NIC's but it did not help. I spent the whole night getting nowhere, banking the desk!@#$%... The next action could mean reinstalling windows with an old registry. That would be tonight or perhaps even tomorrow night's project. Mean time between recovery from a windows failure has been bad for me. It is around 2 days and nights, comparing to a couple of package reinstallations or kernel recompile, i.e. 10 minutes or so, for linux. Today getting to the web at work, I can tell the bundle contained at least webhancer, istsrv and 180search. Webhancer is the one hijacking my sockets and assisting the other spywares. My son mentioned that a pop up offered him to install toolbar after he downloaded some icons. He definitely answered no but the bundle still managed to install themselves onto the station. I told him to close the window by the frame without answering the question or even power down the entire station if it happened again. We cannot trust the intruders to respect our choice. When I read about webhancer, my first response was how can it be legel for any company with a name to do such a terrible thing. Has anybody managed to sue them? It has been years since webhancer is known to the public. To my surprise webhancer's office may be just in my neighbourhood. Unfortunately they use a P.O. box as address, otherwise I'll vocie my complaints in person. Some of the cleanup procedures had better work. It looks like we are just 50/50 or worst in getting the sockets back without the painful windows reinstall....

April 3, 2006 7:02 PM

ha - i used to work for webhancer.

April 13, 2006 8:03 AM

I removed Webhancer with Spybot. I ran it as normal and it detected the bug but could not remove it; then it recommended I reboot and run Spybot again. This time it succeeded. I had not been able to connect to the internet without disabling Norton security first, which was a bit worrying.

Joe S.
April 27, 2006 4:56 AM

You ignorant twits! Like most software, if you just delete it it's bound to cause problems. All one needs to do is follow webHancer's instructions BEFORE using any other methods for removal. If you do that, no problems. As for the name "webhancer": the idea is that by collecting all this information and, yes, selling it to websites, it helps to improve the user experience. BTW, why do all these idiots install software without reading the notices that come up? BECAUSE IT'S FREE and all these cheapskates are just the kind of morons that would install FREE software and then complain about it.

April 30, 2006 3:05 AM

Joe S is the ignorant one, you can delete it with their 'uninstall' program. Do you really think they will leave you alone? Loads of debris left after the uninstall is usual. I haven't installed this but then i am careful of what I install

July 24, 2006 8:05 AM

UNLIKE what Joe S said, I actually did NOT install this terrible Webhancer by choice. I am almost certain that I got it just from "looking" at a website (can't remember the actual name, sorry) that gives you codes for cool pictures to put on myspace, etc. All of a sudden, dropspam.com was on my screen and then I saw dropspam icons on my desktop. I immediatly ran all 8 adware/spyware and virus programs that I have and they found webhancer and dropspam and supposedly took them off my laptop. I ran the spyware virus programs over and over and it never found anything after that. Well, I was still having major problems surfing the web, as it came to a complete hault time after time. Finally, last night I tried Windows LiveOne beta (for free) and it found MORE locations that they were hiding in (and it told me EXACTLY the precise location it found them too) and suddenly, my internet speed is back up to par and things seem to be going well now! You can find this on Windows main website under virus programs. Beth

October 4, 2006 11:06 AM

webHancer is an canadan company I say we boycot candan products and call the canday government evey day and complane webHancer about the this company. Yes I know this will be hard to boycot candan products, but I will not drink Labatts Blue any more or anyother candan beers. Also call Webhancer and BUG the crap out of them tel 1-866-432-8328 1-613-254-9738 1-800-canada 1-800-622-6232

November 13, 2006 6:54 PM

A very good anti-spyware removal utility is spybot search and destroy and it is free! It keeps my computer free of spyware (even tracking cookies) and it seems to remove them in the correct manner. I had webhancer and i removed it "improperly" without going to add/remove programs and i did not lose my connection. It worked perfectly and webHancer was killed from my machine. AntiVir personal edition classic is also free and with its new update ,7.0, it works faster and protects itself from being shutdown or removed by viruses. It even has a read/write active scanner that can detect iruses in the most inconspicuouis places on your hardrive.

Bonus Level
January 13, 2007 1:16 PM

Hi, In my case, Bullguard detected and removed Webhancer, and indeed, my internet connection was gone. BUT IT WAS VERY EASY TO REINSTATE MY CONNECTION: I am using Internet Explorer, and upon loosing my internet connection, there was a very nice link in the 'webpage not found' window from Internet Explorer that led to a kind of Microsoft diagnostic tool by which I could re-instate my 'sockets' or whatever in just ten seconds. I rebooted, and everything works great now. But it's true, Webhancer is leaving debris, because I see Bullguard keeps on getting attacked all the time by Webhancer, and has to block it over and over again.

Cranky in Canada
July 18, 2007 3:01 PM

Well, before you tar and feather Canada, better look at the spyware companies in the US. But there are ways to fight them. Find out who their clients are .. who is using the spyware. Let the client know how mad you are. I lost 9 accounts for one company and had the FCC all over them. Did it stop them, I'm sure it did not. But fight as best you can. Try letters to the editor in national papers, and in the papers of the hometown of the head office. Shame them a little. When corporate boob from XYZ Company is at the next Chamber of Commerce lunch, you think he wants to explain spying on American families? By the way, I checked on webHancer. Hard to find out all their clients, but read this website listing for a well known name who would hate the pubilicity http://www.crn.com/it-channel/18835826 Best of luck

January 2, 2008 12:06 PM

Apparently, webHancer is back, and stronger than ever. After using Spybot Search & Destroy (which actually SAFELY removes this pain in the balls) BEFORE you even DREAM about removing this cretin to computers across the world - make sure you go here and download a very nice little app that will bring your internet connection back to life, should you lose it. http://www.cexx.org/lspfix.htm

May 6, 2008 12:15 AM

hi i had webhacer on my pc just removed it before i google this site i used virgin media pc guard to remove it internet connection fine

May 17, 2008 2:57 PM

It would seem that spybot isn't removing it this time, not from my system at least and not after a reboot and running on startup. Fun note, it disables task manager, runs in safe mode, and apparently disallows connection to websites that deal with easy removal methods (including spybot's forums).

Call McNamey
July 6, 2008 8:14 PM

Jeric I think that's not quite right -- I think other packages are getting installed (as a result of whatever it was that we ran to install the webHancer -- for me it was a keygen for Winrar3.71). Have a look in your C:\windows folder, and sort by time/date. Look for about 20-30 files (.exe, dll, and such) created about the same time. Notice that they are named with names similar to actual windows files, but slightly different. Googling them results in spyware descriptions for these files, but unfortunately deleting them hasn't stopped my popups.. As for WebHancer, spybot tries to delete it after a reboot, but I think whenever it gets to the two webhancer files/folders, it results in a bluescreen and reboot. I have a core 2 duo e6600 on a ga-965p-s3 motherboard (gigabyte). This repeats indefinitely unless I power off the system, and of course the problems are still there. I also had a couple of other trojans (smitfraud-c.coreservice and one other) which keep coming back as well.. im' going to reboot into safe mode and see if I can just delete the webhancer files from the command prompt. I really hope someone finds out where these guys reside in Canada. I for one would not mind taking some time off to burn down their building.

These are the last 15 comments. Read all 21 comments here.

This discussion has been closed.

Recently Written

The Trap of The Sales-Led Product (Dec 10)
It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7)
One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16)
When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27)
An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24)
Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.
How to advance your Product Market Fit KPI (Oct 21)
Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19)
Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17)
Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2022 Adam Kalsey.