Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: trojan.happili


25 Sep 2012   #1

64 Home
 
 
trojan.happili

I am still getting redirected to different webpages after seaching on google before and after the Malware bites scans listed below.

Quote   Quote: Originally Posted by atombom360 View Post
Yesterday Norton pops up with some DLL file and it was causing a problem. Norton apparently deletes it and today this popped up.

There is a problem starting
C:\Users\Adam\AppData\Local\CRE/CrashDumps\dmwjuxb.dll

The Specified module could not be found



Wish I stumbled across this forum sooner I know I will be back.


1st Scan


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:02:03 AM
mbam-log-2012-09-25 (01-02-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200594
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Temp\0.24464547194445685 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

2nd Scan

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:07:03 AM
mbam-log-2012-09-25 (01-07-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200268
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Now I ran a 3rd full scan and a new trojan popped up.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:19:57 AM
mbam-log-2012-09-25 (01-19-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380950
Time elapsed: 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Xenocode\Sandbox\Horizon\2.3.3.2\2012.08.11T23.35\Native\STUBEXE\8.0.111 2\@PROGRAMFILES@\SFT\GuardedID\LicMgrEP.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


How bad is this trojan and should I still be concerned? What causes pages redirecting?

My System SpecsSystem Spec
.

25 Sep 2012   #2

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Hi,

Please do the following:

1. Copy & paste the following bold text into a new instance of NotePad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


2. Save this file as as flush.bat on your desktop.
3. Right-click on this file, and choose to Run as administrator. The computer will automatically reboot when the script has run.

Once rebooted, do the following:

4. Download TFC to your desktop from here.
5. Right-click on TFC.exe, and choose to Run as administrator.
6. Click the Start button to delete all temporary files - do not interrupt the process.
7. Once completed, it might automatically reboot your system - if not, reboot your system anyway.

Use your system as normal and report back any further issues.

Quote:
Scan options disabled: P2P
Be careful with Peer-2-Peer networking /torrents.

Regards,
Golden
My System SpecsSystem Spec
25 Sep 2012   #3

64 Home
 
 

I do everything you said twice to be sure and my webpages still continue to get redirected.
My System SpecsSystem Spec
.


25 Sep 2012   #4

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Please copy & paste the contents of your HOSTS file here.
My System SpecsSystem Spec
26 Sep 2012   #5

64 Home
 
 

Needed a little more info so I google this site How to: Check and repair the Hosts file

Went to system 32 and the Hosts file is a sam file type? Named lmhosts.sam
My System SpecsSystem Spec
26 Sep 2012   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Are you using Firefox or Google as you browser? If so, uninstall all add-on's, then uninstall either FF or Google.

Next: download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now: Follow Golden's advice, above and let your computer reboot once again.

We can see if the re-direct is gone if you run an online scan with ESET:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
Reply

 trojan.happili




Thread Tools



Similar help and support threads for2: trojan.happili
Thread Forum
Also hit by Happili System Security
Another Happili Virus System Security
Happili Virus System Security
Happili infection System Security
Solved Another happili virus System Security
Solved Happili redirect System Security
Happili virus as well System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:33 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33