Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: trojan.happili

25 Sep 2012   #1
atombom360

64 Home
 
 
trojan.happili

I am still getting redirected to different webpages after seaching on google before and after the Malware bites scans listed below.

Quote   Quote: Originally Posted by atombom360 View Post
Yesterday Norton pops up with some DLL file and it was causing a problem. Norton apparently deletes it and today this popped up.

There is a problem starting
C:\Users\Adam\AppData\Local\CRE/CrashDumps\dmwjuxb.dll

The Specified module could not be found



Wish I stumbled across this forum sooner I know I will be back.


1st Scan


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:02:03 AM
mbam-log-2012-09-25 (01-02-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200594
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Temp\0.24464547194445685 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

2nd Scan

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
Malwarebytes : Free anti-malware download

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:07:03 AM
mbam-log-2012-09-25 (01-07-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200268
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Now I ran a 3rd full scan and a new trojan popped up.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

9/25/2012 1:19:57 AM
mbam-log-2012-09-25 (01-19-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380950
Time elapsed: 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Xenocode\Sandbox\Horizon\2.3.3.2\2012.08.11T23.35\Native\STUBEXE\8.0.111 2\@PROGRAMFILES@\SFT\GuardedID\LicMgrEP.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


How bad is this trojan and should I still be concerned? What causes pages redirecting?


My System SpecsSystem Spec
.

25 Sep 2012   #2
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64
 
 

Hi,

Please do the following:

1. Copy & paste the following bold text into a new instance of NotePad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


2. Save this file as as flush.bat on your desktop.
3. Right-click on this file, and choose to Run as administrator. The computer will automatically reboot when the script has run.

Once rebooted, do the following:

4. Download TFC to your desktop from here.
5. Right-click on TFC.exe, and choose to Run as administrator.
6. Click the Start button to delete all temporary files - do not interrupt the process.
7. Once completed, it might automatically reboot your system - if not, reboot your system anyway.

Use your system as normal and report back any further issues.

Quote:
Scan options disabled: P2P
Be careful with Peer-2-Peer networking /torrents.

Regards,
Golden
My System SpecsSystem Spec
25 Sep 2012   #3
atombom360

64 Home
 
 

I do everything you said twice to be sure and my webpages still continue to get redirected.
My System SpecsSystem Spec
.


25 Sep 2012   #4
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64
 
 

Please copy & paste the contents of your HOSTS file here.
My System SpecsSystem Spec
26 Sep 2012   #5
atombom360

64 Home
 
 

Needed a little more info so I google this site How to: Check and repair the Hosts file

Went to system 32 and the Hosts file is a sam file type? Named lmhosts.sam
My System SpecsSystem Spec
26 Sep 2012   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Are you using Firefox or Google as you browser? If so, uninstall all add-on's, then uninstall either FF or Google.

Next: download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now: Follow Golden's advice, above and let your computer reboot once again.

We can see if the re-direct is gone if you run an online scan with ESET:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
Reply

 trojan.happili




Thread Tools





Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Also hit by Happili
Hi, I was recently browsing on Internet Explorer 8 when I was suddenly being redirected from search engines to obvious malware sites. Looked it up and it's definitely the "Happili virus" as it's colloquially known. I uninstalled IE8 and installed Firefox, and while the problem perisisted, when...
System Security
Another Happili Virus
So it seems I am not alone here, but Happili is taking over my seaches, any help would be appreciated!
System Security
Happili Virus
Hello, I seem to have also contracted the Happili Virus on my PC. I know there are multiple posts on this but they all seem to be following different steps on a case-specific basis so I figured to start my own. Please let me know how I can remove thise as it's become a substantial nuisance. ...
System Security
Happili infection
I also seem to be a victim of the Happili redirect virus and am looking for guidance. Is the process to remove this virus essentially the same for everyone? I have Windows 7 64 bit and IE. After reading this forum, I've installed and run ComboFix, attachment below. Thanks!
System Security
Happili virus as well
Hello, i recently just got the happili virus, ive recently checked this site and what i found didnt work for me. I have malewarebytes and tried full scan and it didnt detect it. i have also downloaded google chrome to avoid the problem but now i get happili as well, just less frequently then...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:35.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App