|04 May 2012||#1|
HAPPILI and possible other infections/redirects
I recently came here to the forums to remove HAPPILI. I followed several of the steps in a certain thread but still got redirected to HAPPILI.
Now (a couple days later) I have stopped seeing HAPPILI redirect but am getting redirected to another fake search results page...very generic looking, no real "theme".
Also, my browser is now quite sluggish and Malwarebytes is blocking malicious IP addresses (18.104.22.168)
I have been using Symantec End Point and running Malwarebytes but this is beyond my know-how.
Thanks in advance.
Dell Latitude E6520
Windows 7 Pro x64 SP1
|My System Specs|
|04 May 2012||#2|
Hey Channel, welcome to Sevenforums. Take a look at this thread real quick and post back here: happili virus! anyone?
Post any logs here. Try Combofix as suggested. I will provide you with links to help you out. Please click on them to follow them.
What antivirus do you have?
...Before you do anything else, Delete Temporary Internet Files (ask if you need help), & let the Safety Scanner run either downloaded from the internet or through a USB drive off of another computer (need to download it to the USB drive, then run it on the computer with the virus). Let it run for as long as it needs without stopping it. It will not install anything on your computer. Note that Combofix is a similar tool and thus running the safety scanner is not necessary, but you may do it just to ensure no viruses remain.
Then, download/install & update malwarebytes and run a full scan with it. You should be clean after that.
For good measure, make sure windows is completely updated through windows update (many updates close security loopholes). Update everything else, such as Java and Adobe flash. Update everything, like a madman, so that everything is secure. Then do this tutorial to fix any problems that may have been caused through the virus: SFC /SCANNOW Command - System File Checker - created by Brink
If you have no antivirus, I recommend MSE...
Best of luck! Feel free to ask me anything you aren't sure of, and I'll try my best to answer. Let me know how it goes.
|My System Specs|
|05 May 2012||#4|
Welcome to SevenForums.
Run WDO, Windows Defender Offline. Use the link for WDO in my signature.
Run a full scan over all drives.
You will then have a clean system.
Next remove all anti-anything, any spy stuff, remove all of that junk.
Use MSE, Microsoft Security Essentials. Link in my signature.
Do not use Torrent software, do not visit torrent sites.
Use the WOT (web of Trust) add-on with your browser to help you spot questionable and bad sites.
Here's the procedure I use with WDO.
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.
Download Windows Defender Offline (about 764 kB)
You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows
NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.
You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.
The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe
For the curious, this program was originally name Microsoft Standalone System Sweeper.
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
Choose the option On a USB flash drive that is not password protected
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.
UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).
Since the malware database is sometimes updated several times in a day, always update before running.
PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives
The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.
RESULTS OF THE SCAN
The results will be in:
\Windows\Windows Defender Offline\Support,
file name format is MPLOG- as one or more files with a TXT extension which can be viewed with Notepad.
|My System Specs|
|Similar help and support threads|
Multiple serious infections
Trying to help a friend whose system was frozen with files hidden. Avast boot scan found numerous infections which it doesn't seem to fix since I've run it three times. So did Combofix after rKill, which unhid the files and otherwise restored performance. Still we get a popup at every boot from...
Also hit by Happili
Hi, I was recently browsing on Internet Explorer 8 when I was suddenly being redirected from search engines to obvious malware sites. Looked it up and it's definitely the "Happili virus" as it's colloquially known. I uninstalled IE8 and installed Firefox, and while the problem perisisted, when...
I get this every now and then, just with Facebook, no other web site. I use Chrome. Just now I tried to go to Facebook and was directed to Stock Market Not sure what this is. I've found that clearing temp data doesn't help. I use: ipconfig /flushdns ipconfig /release ipconfig /renew
|Browsers & Mail|
hey gang. I work at a service depot as a depot technician. I'm studying the MCTS, and a few of my collegues were discussing infections and how they're related to having or not having a NAT firewall device (hardware; i.e. router). Their argument was that not having a router vs. having a router...
i don't know when it started, but google's been getting redirected to cr0zybaner.com more often than it's been going to the intended link. just today it got redirected to hornymatches.com here's my most recent hijackthis log, if it helps: Logfile of Trend Micro HijackThis v2.0.4 Scan saved...
WARNING: Redirects from RLSLOG
I'm a active user of RLSLOG.net and have just been redirected to a site containing the 'Personal Antivirus' fake AV looking malware. Do not browse http://****.RLSLOG.net unless you have adequate security features installed Here a pic of the page I was redirected to The site then acts as...
© Designer Media Ltd
All times are GMT -5. The time now is 06:56.