trojan.happili


  1. Posts : 5
    64 Home
       #1

    trojan.happili


    I am still getting redirected to different webpages after seaching on google before and after the Malware bites scans listed below.

    atombom360 said:
    Yesterday Norton pops up with some DLL file and it was causing a problem. Norton apparently deletes it and today this popped up.

    There is a problem starting
    C:\Users\Adam\AppData\Local\CRE/CrashDumps\dmwjuxb.dll

    The Specified module could not be found



    Wish I stumbled across this forum sooner I know I will be back.


    1st Scan


    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.25.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Adam :: ADAM-PC [administrator]

    Protection: Enabled

    9/25/2012 1:02:03 AM
    mbam-log-2012-09-25 (01-02-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200594
    Time elapsed: 1 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Adam\AppData\Local\Temp\0.24464547194445685 (Trojan.Happili) -> Quarantined and deleted successfully.

    (end)

    2nd Scan

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.25.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Adam :: ADAM-PC [administrator]

    Protection: Enabled

    9/25/2012 1:07:03 AM
    mbam-log-2012-09-25 (01-07-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200268
    Time elapsed: 1 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Now I ran a 3rd full scan and a new trojan popped up.

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.25.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Adam :: ADAM-PC [administrator]

    Protection: Enabled

    9/25/2012 1:19:57 AM
    mbam-log-2012-09-25 (01-19-57).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 380950
    Time elapsed: 25 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Adam\AppData\Local\Xenocode\Sandbox\Horizon\2.3.3.2\2012.08.11T23.35\Native\STUBEXE\8.0.111 2\@PROGRAMFILES@\SFT\GuardedID\LicMgrEP.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)


    How bad is this trojan and should I still be concerned? What causes pages redirecting?
    Last edited by atombom360; 25 Sep 2012 at 00:49.
      My Computer


  2. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #2

    Hi,

    Please do the following:

    1. Copy & paste the following bold text into a new instance of NotePad:

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    2. Save this file as as flush.bat on your desktop.
    3. Right-click on this file, and choose to Run as administrator. The computer will automatically reboot when the script has run.

    Once rebooted, do the following:

    4. Download TFC to your desktop from here.
    5. Right-click on TFC.exe, and choose to Run as administrator.
    6. Click the Start button to delete all temporary files - do not interrupt the process.
    7. Once completed, it might automatically reboot your system - if not, reboot your system anyway.

    Use your system as normal and report back any further issues.

    Scan options disabled: P2P
    Be careful with Peer-2-Peer networking /torrents.

    Regards,
    Golden
      My Computer


  3. Posts : 5
    64 Home
    Thread Starter
       #3

    I do everything you said twice to be sure and my webpages still continue to get redirected.
      My Computer


  4. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #4

    Please copy & paste the contents of your HOSTS file here.
      My Computer


  5. Posts : 5
    64 Home
    Thread Starter
       #5

    Needed a little more info so I google this site How to: Check and repair the Hosts file

    Went to system 32 and the Hosts file is a sam file type? Named lmhosts.sam
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #6

    Are you using Firefox or Google as you browser? If so, uninstall all add-on's, then uninstall either FF or Google.

    Next: download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

    Now: Follow Golden's advice, above and let your computer reboot once again.

    We can see if the re-direct is gone if you run an online scan with ESET:
    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push
    11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the button.
    13. Push
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:26.
Find Us