Not what you were looking for? Ask our experts!
Reply
Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: Happili.com Virus - How to Remove this pesky thing?

[ Edited ]

I am involved in this,   they will get there,   I am going to give them all the files I have (608) for these families, or the 42  droppers for zeroaccess over the last few days, if they want them.

 

I have already given websites.

 

NPE and fixTDSS is not meant to work with the latest families,  I have not seen the TDSS (TDL4) for quite some time.

 

Quads

Contributor
Carmie5
Posts: 12
Registered: ‎04-01-2012

Re: Happili.com Virus - How to Remove this pesky thing?

I was infected last Thursday with this nasty virus.  Just got my laptop back from Staples ($200 later) and it appeared that all was okay until I went to run Full System Scan and it froze at windows.old\windows\winsxs\catalogs . . .

 

I have been on Live Assist for over 3 hours and while the techs are nice, the issue has not been resolved.  We fan Full System Scan at least 10 times and the scan always got stuck at this point.


Not sure what is taking so long...

Visitor
grafaloff
Posts: 6
Registered: ‎04-02-2012

Re: Happili.com Virus - How to Remove this pesky thing?

Thanks for all of the answers and updates.

 

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

 

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

 

Gary

Super Spam Squasher
cgoldman
Posts: 2,929
Registered: ‎06-25-2008

Re: Happili.com Virus - How to Remove this pesky thing?


grafaloff wrote:

Thanks for all of the answers and updates.

 

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

 

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

 

Gary


Why not empty the JAva cache meanwhile?

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: Happili.com Virus - How to Remove this pesky thing?


grafaloff wrote:

Thanks for all of the answers and updates.

 

In my case, search is only redirected when using IE8. Search using Firefox seems to work fine. I have also noticed several problems with Java and Microsoft Installer.

 

Does anyone think it is ok to continue to use my laptop with Firefox while the Norton Techs work on a solution? Or, just shut the computer down?

 

Gary


Gary, 

 

They have only used Symantec products and that is the problem,  I don't even know it they know how to use more advanced scripting etc.

 

Quads

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: Happili.com Virus - How to Remove this pesky thing?

Norton's  Sonar has definitions for files as follows

 

Packed.Generic.344 FakeAV, zeroaccess
Packed.Generic.350 Trojan.zbot, zeroaccess / Pihar
Packed.Generic.360 Trojanzbot, Pihar, Zeroaccess added April 5, 2012

 

Hopefully that will stop a lot of droppers / installers for now, before more damage is done 

 

Example https://www.virustotal.com/file/fc2f91bfdd3be029db22423e39d460d2583b721fd801cedb8fb5d93220bcc37e/ana...

 

Quads

Visitor
grafaloff
Posts: 6
Registered: ‎04-02-2012

Re: Happili.com Virus - How to Remove this pesky thing?

Quads,

 

You are correct about Norton not being able to solve the problem with their own tools. It has been over a week now and they still have not fixed my computer. They told be before that they need 48 hours more to "research the problem". Doesn't give me much confidence in Norton produces.

 

Gary

Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: Happili.com Virus - How to Remove this pesky thing?

That is why I log first just to see what is out of place or is bad,  hopefully, sometimes it might take 3 or 4 logs.  but that way I know what I am to target, and what tools will work for what,   The logs are created without clicking a Fix button.

It's a bit different when it's like a Combination infection and one or more is visable  so that gets disabled or broken first,  Say a FakeAV.   I still leave the dead files in location until it's time to delete.

 

Without knowing what you are looking at, can cause disasters, a few on this forum,   Where Windows no longer Boots, Windows is broken, or a removal tool was using on whast is the wrong infection, Screwing things up.

 

That could be why you are having problems with Java and Windows Installer, you (with Techs) have used NPE, FixTDSS, and anything else causing a break or file deletion.

 

Quads

AllenM
Posts: 10,287
Topics: 225
Kudos: 2,152
Solutions: 379
Registered: ‎12-14-2008

Re: Happili.com Virus - How to Remove this pesky thing?

[ Edited ]

grafaloff wrote:

Quads,

 

You are correct about Norton not being able to solve the problem with their own tools. It has been over a week now and they still have not fixed my computer. They told be before that they need 48 hours more to "research the problem". Doesn't give me much confidence in Norton produces.

 

Gary


Hi Gary,

 

I was just informed by Symantec that this issue was resolved about a week ago. This infection should be detected as "Trojan.Tracur".

 

I have requsted that Symantec follow up with you.

 

Have you run any full scans with NIS recently?

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.4.0.13 * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.3.0.12
Bot Obliterator
Quads
Posts: 16,529
Registered: ‎07-21-2008

Re: Happili.com Virus - How to Remove this pesky thing?

[ Edited ]

Tracur has different variants as well.   Swift1low had  Happili redirect and it was Tracur,  I fixed awhile ago.   Stevo11, had one infection with  Happili redirect but it was Zeroaccess (max++).    Ended up infected 3 times with zeroaccess, with different redirect pages)

 

Quads