Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Need help removing Happili redirect virus

12 Apr 2012   #1

Windows 7 64-bit
Need help removing Happili redirect virus


I have contracted the evil Happili redirect virus and need assitance in eradicating it. I saw from a previous post that you had requested the attached files so I generated those. I'm lost from here.

Thanks in advance.

Attached Files
File Type: txt Attach.txt (7.6 KB, 86 views)
File Type: txt DDS.txt (19.5 KB, 48 views)
My System SpecsSystem Spec
13 Apr 2012   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

First, I want you to flush the dirty DNS cache and restore Microsoft's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
attrib -h -s -r hosts
echo localhost>HOSTS
attrib +r +h +s hosts
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

After you have done the above,

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
My System SpecsSystem Spec
14 Apr 2012   #3

Windows 7 64-bit

Hello Jacee - Thank you very much for the assistance. I have followed the directions so far and have attached the combofix log.

Best regards,

Attached Files
File Type: txt combofix.txt (26.0 KB, 242 views)
My System SpecsSystem Spec

15 Apr 2012   #4

Windows 7 64-bit

Hello Jacee - This appears to have worked. I'm not seeing the redirects anymore. Does this complete the process? Don't want to assume anything. Please advise.

And once again, I can't thank you enough for the assistance. You and others like you provide an awesome service that help many, many people.

My System SpecsSystem Spec
15 Apr 2012   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
15 Apr 2012   #6

Windows 7 64-bit

Hello Jacee - Showed as finding 1 virus. Please see attached.


Attached Files
File Type: txt ESETSCAN.txt (182 Bytes, 244 views)
My System SpecsSystem Spec
15 Apr 2012   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Okay, good. Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

After rebooting/restarting your computer:
Click on the Start button and then select Run from the menu. In the run box type (or copy/paste) ComboFix /Uninstall and click OK. Note the space between the X and the /, it needs to be there.

Download Secunia Personal Inspector and update all programs that are vulnerable to security exploits. Free Computer Security - Personal Software Inspector (PSI) - Secunia
Uncheck any "bundled" toolbars, search engines, etc that may be included with the setup.
My System SpecsSystem Spec
16 Apr 2012   #8

Windows 7 64-bit

Hello Jacee,

This set of instructions is now complete as well. PSI found and patched 4 unsecure programs. Thanks again for all of your assistance. Life is better!

Best Regards,
My System SpecsSystem Spec
17 Apr 2012   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1

You're welcome

Now, remove Combofix ....
Click on the Start button and then select Run from the menu. This will open up the Run box.
Copy/Paste combofix /uninstall (Please note that there is a space between combofix and /uninstall), click on the OK button or Enter on your keyboard.
You can now delete the ComboFix.exe program from your computer
My System SpecsSystem Spec
21 Apr 2012   #10

Windows 7 Ultimate x64

Hi I followed the instructions here, dns cache, combofix, TFC and dled PSI, but I'm still getting redirected to happili. I attached my combo and ESET log. I'm not sure what to do now.

Attached Files
File Type: txt combolog421.txt (21.4 KB, 42 views)
File Type: txt ESETScan.txt (792 Bytes, 28 views)
My System SpecsSystem Spec

 Need help removing Happili redirect virus

Thread Tools

Similar help and support threads
Thread Forum
Need help removing redirect virus
I'm experiencing random redirects when I either do a search or sometimes click a link. I'm being redirected to searches and sites that usually start with a similar web address of "". I have run MSE, Superantispyware, and Malwarebytes, yet all have been unsuccessful in resolving...
System Security
Happili redirect problem. Is it fixable or one of those rootkits?
So I started getting redirected to happili for some searches in google chrome. A few times it redirected me to some other random webpage. I fear that I got this problem by connecting to an unsecured network last night. I ran combofix to see if that would work but I still get redirected. I have...
System Security
Happili redirect
So my google searches sometimes (but not always) redirect to Happili pages instead. I followed the directions in this thread, but a few hours later, it happened again. So it must not be cleared all the way. The first log is from ComboFix. You'll see that I didn't manage to disable AVG all the...
System Security
Help with removing happili virus
Hi there! Recently it seems as though my Google searches are being redirected to happili more and more often (and I think once to infomash?). Anyway, it seems as if people on here have been very helpful in helping folks remove this virus but, it also looks like the instructions vary on a system...
System Security
Happili virus as well
Hello, i recently just got the happili virus, ive recently checked this site and what i found didnt work for me. I have malewarebytes and tried full scan and it didnt detect it. i have also downloaded google chrome to avoid the problem but now i get happili as well, just less frequently then...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:21.
Twitter Facebook Google+