Re: Happili.com Virus - How to Remove this pesky thing?

Quads · ‎07-21-2008

I am involved in this, they will get there, I am going to give them all the files I have (608) for these families, or the 42 droppers for zeroaccess over the last few days, if they want them.

I have already given websites.

NPE and fixTDSS is not meant to work with the latest families, I have not seen the TDSS (TDL4) for quite some time.

Quads

Carmie5 · ‎04-01-2012

I was infected last Thursday with this nasty virus. Just got my laptop back from Staples ($200 later) and it appeared that all was okay until I went to run Full System Scan and it froze at windows.old\windows\winsxs\catalogs . . .

I have been on Live Assist for over 3 hours and while the techs are nice, the issue has not been resolved. We fan Full System Scan at least 10 times and the scan always got stuck at this point.

Not sure what is taking so long...

grafaloff · ‎04-02-2012

Thanks for all of the answers and updates.

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

Gary

cgoldman · ‎06-25-2008

grafaloff wrote:
Thanks for all of the answers and updates.

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

Gary

Why not empty the JAva cache meanwhile?

Quads · ‎07-21-2008

grafaloff wrote:
Thanks for all of the answers and updates.

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

Gary

Gary,

They have only used Symantec products and that is the problem, I don't even know it they know how to use more advanced scripting etc.

Quads

Quads · ‎07-21-2008

Norton's Sonar has definitions for files as follows

Packed.Generic.344 FakeAV, zeroaccess
Packed.Generic.350 Trojan.zbot, zeroaccess / Pihar
Packed.Generic.360 Trojanzbot, Pihar, Zeroaccess added April 5, 2012

Hopefully that will stop a lot of droppers / installers for now, before more damage is done

Example https://www.virustotal.com/file/fc2f91bfdd3be029db22423e39d460d2583b721fd801cedb8fb5d93220bcc37e/ana...

Quads

grafaloff · ‎04-02-2012

Quads,

You are correct about Norton not being able to solve the problem with their own tools. It has been over a week now and they still have not fixed my computer. They told be before that they need 48 hours more to "research the problem". Doesn't give me much confidence in Norton produces.

Gary

Quads · ‎07-21-2008

That is why I log first just to see what is out of place or is bad, hopefully, sometimes it might take 3 or 4 logs. but that way I know what I am to target, and what tools will work for what, The logs are created without clicking a Fix button.

It's a bit different when it's like a Combination infection and one or more is visable so that gets disabled or broken first, Say a FakeAV. I still leave the dead files in location until it's time to delete.

Without knowing what you are looking at, can cause disasters, a few on this forum, Where Windows no longer Boots, Windows is broken, or a removal tool was using on whast is the wrong infection, Screwing things up.

That could be why you are having problems with Java and Windows Installer, you (with Techs) have used NPE, FixTDSS, and anything else causing a break or file deletion.

Quads

AllenM · ‎12-14-2008

grafaloff wrote:
Quads,

You are correct about Norton not being able to solve the problem with their own tools. It has been over a week now and they still have not fixed my computer. They told be before that they need 48 hours more to "research the problem". Doesn't give me much confidence in Norton produces.

Gary

Hi Gary,

I was just informed by Symantec that this issue was resolved about a week ago. This infection should be detected as "Trojan.Tracur".

I have requsted that Symantec follow up with you.

Have you run any full scans with NIS recently?

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)

Quads · ‎07-21-2008

Tracur has different variants as well. Swift1low had Happili redirect and it was Tracur, I fixed awhile ago. Stevo11, had one infection with Happili redirect but it was Zeroaccess (max++). Ended up infected 3 times with zeroaccess, with different redirect pages)

Quads