Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Removal attempts for Happili virus did not work


02 May 2012   #1

Windows 7
 
 
Removal attempts for Happili virus did not work

Hello all,
Noticed there were a ton of threads for this already so I tried the instructions from a number of different methods. I use google chrome; the problem does not happen on Firefox. Seems none have worked.

After following the instructions in this thread: Need help removing Happili redirect virus the virus was still on my computer. I used Combofix, then ESET, then TFC (you can find two logs and error reports attached). Downloaded all today. Combofix has since been uninstalled and deleted from the computer.

These did not work, so I tried a Kaspersky TDSSKiller scan, which found nothing. I then tried my Malwarebytes Anti-Malware software (after updating for the latest version), which found nothing. My daily AVG scan has yet to bring up anything either.

Yet every google search, when I click on a link for the first time, I get re-directed. It's not always to a Happili page either, about 20% of the time it goes to a different landing page. Thoughts? Any advice would be greatly appreciated.

-Matt




Attached Files
File Type: txt ESETthreats.txt (2.8 KB, 9 views)
File Type: txt log.txt (22.0 KB, 9 views)
My System SpecsSystem Spec
.

02 May 2012   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

First lets flush the dirty DNS cache and restore MS's Hosts file

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

After rebooting, update Java
  • Download the latest version of Java Runtime Environment (JRE) 7.
    Java SE Downloads
  • Scroll down to where it says "Java Runtime Environment (JRE) 7u3 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586-p.exe to install the newest version.
Now,

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
03 May 2012   #3

Windows 7
 
 

Thanks Jacee! Attached are the two logs.


Attached Files
File Type: txt Attach.txt (6.6 KB, 10 views)
File Type: txt DDS.txt (23.9 KB, 14 views)
My System SpecsSystem Spec
.


04 May 2012   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sorry I'm so late at getting back to you ...

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
My System SpecsSystem Spec
04 May 2012   #5

Windows 7
 
 

No worries on the delayed response. Here's the ComboFix log attached.

As a sidenote, and maybe this helps you where to look? After updating Java I did a few test searches and found that the Happili redirect is happening less, but I'm still getting redirected to click-get-answers-fast and a couple of others. Is this the same virus?


Attached Files
File Type: txt ComboFixLog.txt (22.7 KB, 11 views)
My System SpecsSystem Spec
05 May 2012   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.


Totally uninstall Google Uninstall Google Chrome - Google Chrome Help

Reboot ...

Let me know if you're still being redirected.
My System SpecsSystem Spec
05 May 2012   #7

Windows 7 Home Premium 64 Bit
 
 

I had this redirect virus before, in addition to,what Jacee said, just makes sure there are no entries in your host file, run superantispyware, and reset chrome's settings. Hope this works for you as it did for me
My System SpecsSystem Spec
06 May 2012   #8

Windows 7
 
 

It seems re-installing Chrome and updating the settings fixed the re-direct issue. I can't thank you enough! Will reply to this thread if I discover problems persist.
My System SpecsSystem Spec
06 May 2012   #9

win 7 64
 
 

How are people getting this? I've read its chrome but can't find any info as to how people are getting it.
My System SpecsSystem Spec
06 May 2012   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

@ mjstein3
Please uninstall Combofix (it won't do you any good to keep it. It's just a tool we use):

Click START Search
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Now download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

***TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

This is a tool to keep!
My System SpecsSystem Spec
Reply

 Removal attempts for Happili virus did not work




Thread Tools



Similar help and support threads for2: Removal attempts for Happili virus did not work
Thread Forum
Another Happili Virus System Security
Happili Virus System Security
Solved Another happili virus System Security
Happili virus as well System Security
Infamous happili virus System Security
happili virus removal System Security
happili virus! anyone? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:40 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33