Also hit by Happili

RockPigeons · 03 May 2012

Hi,

I was recently browsing on Internet Explorer 8 when I was suddenly being redirected from search engines to obvious malware sites. Looked it up and it's definitely the "Happili virus" as it's colloquially known. I uninstalled IE8 and installed Firefox, and while the problem perisisted, when I disabled the extension Performance Cache 1.0 all redirects immediately ceased. Moreover, I installed IE9 and have had no redirect issues whatsoever. Due to this, I believe my problem is less severe than a clean-install-requiring rootkit, but I don't wish to take any chances and came here to get the right steps to putting this away for good.

DustSailor · 03 May 2012

Rock, welcome to Sevenforums!

Well, what antivirus software do you have installed? You might also install Malwarebytes to have it remove extra traces, and here is a quick removal tool for you from Microsoft: Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

RockPigeons · 03 May 2012

Currently I have Superantispyware and AVG Free 2012 in addition to Malwarebytes. The former I have turned off for the sake of accomplishing effective fixes, and the latter two I have active.

I had GMER running to scan the other day, but I had to shut my computer down for reasons unrelated to this situation, ending the scan--it took hours for it to run through the registry files, and was still on a single folder therein when the scan ended.

Is there a set of steps that I should follow? Apologies if I am slow to respond as of right now, but no later than 8:30 am EST I should be online to work through the fix process as directed.

DustSailor · 04 May 2012

Rock,

before you do anything else, let the safety scanner I sent to you previously run either downloaded from the internet or through a USB drive off of another computer (need to download it to the USB drive, then run it on the computer with the virus). Let it run for as long as it needs without stopping it. It can take hours. It will not install anything on your computer.

Then, update malwarebytes and run a full scan with it. You should be clean after that.

For good measure, make sure windows is completely updated through windows update (many updates close security loopholes). Update everything else, such as Java and Adobe flash. Update everything, like a madman, so that everything is secure. Then do this tutorial to fix any problems that may have been caused through the virus: SFC /SCANNOW Command - System File Checker - created by Brink

Then read on -

...From what I hear of tests performed and comments made here on this forum, AVG is one of the worst antiviruses. I would recommend another. Look here for a discussion on it: What's the Best Anti-virus?, otherwise I recommend Microsoft Security Essentials ...
*However before you install another Antivirus (Should only have 1 antivirus at a time installed or they will conflict), remove AVG with its removal tool: http://download.avg.com/filedir/util..._2012_2125.exe ...

You do not have to remove AVG if you like it for whatever reason. It is just strongly recommended due to experience (I've personally tested it myself). It is probably better than nothing, however (Though I'm not too sure about that one).

Best of luck! Feel free to ask me anything you aren't sure of, and I'll try my best to answer. Let me know how it goes.

RockPigeons · 04 May 2012

Thanks for the assistance! I'm running the MS Scanner right now. Presently there is a monolithic file or destination in the Temp Internet Files folder called UOIMPLGB. The window isn't frozen but it's been stuck on this one for quite some time and it's not elapsing time anymore. The other day, when I had GMER running, I ran into this same problem--GMER was stuck on it for upwards of two hours, and I had to give up and go to bed before it was even done with it.

EDIT: Scan has managed to go through that file. Took almost 20 mins but still much faster than GMER was on it.

DustSailor · 04 May 2012

Then delete all internet temp files. Under browsing history, select delete internet temp files, hit okay. you may have to go back and uncheck it after.

RockPigeons · 04 May 2012

Okay, scan is complete. It found a few Java exploiters, and Java has been updated and the malicious files removed. Started up Firefox, turned the Cache back on and no redirects were present.

The files were located under Appdata/Roaming from what I saw.

Thanks a lot for your help!

DustSailor · 04 May 2012

You're welcome. Glad it is fixed. Remember that updates are your friend, especially your antivirus :)

Note that if you do not use Java, it is a very good idea to disable all java add-ons and uninstall it. It has a higher potential of getting viruses.

Some internet games use Java, but not all. The database aspect of Open Office uses Java, but most people do not use it. Not sure if you have any such programs that may need java to function, but most today do not.

cheers