My computer is infected with Happili redirect problem.

maxmaxmax45 · ‎04-01-2012

Since 3-4 days ago, I've noticed that occasionally when I searched the internet using google, I was rediected to Happili.com or gimmeanswer.com. I am using norton internet security version 19.6.2.10. I tried its full system scan but it couldn't detect this Happili problem. I searched the forum and found out that this problem may need personalized special attention with using TDSS killer, combofix or OTL which I have no idea at all what they are. I'm really frustrated because I cannot work properly with this "redirect" virus. Any suggestions will be highly appreciated.

iahawks32 · ‎03-22-2012

I have the happili.com virus on my computer. I would appreciate any help in getting this removed.

I have attached a log of my computer.

cgoldman · ‎06-25-2008

Please check your NIS it seems out of date. Have you upgraded to the latest version? Please check your Support About version number.

you are on 16.8.3.6 and should be running 19.6.1.8.

Please advise how you come to know you are infected? Is it because you are being redirected?

Have you run malwarebytes?

Have you tried Norton in safe mode?

Suggest you rename your existing hosts file to hosts.ori

Just post what you do not understand and you will get specific instructions from someone.

Quads · ‎07-21-2008

Lets check for required system files and MBR carefully first so if something gets removed I know what I have to replace before I check for things like Java to be on the safe side.

Please read carefully and follow these steps.
Download TDSSKiller hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. (replace the hxxp with http)
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back

Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back

Quads

iahawks32 · ‎03-22-2012

Here is my file from the TDSS Killer. I am working on the other steps next.

iahawks32 · ‎03-22-2012

Here is the other log.

Mikołaj · ‎02-03-2012

Where Happili.com attempts to evade its removal and terminates or disallows true antispyware downloading, the problem is usually resolved when you run your OS in safe mode. To start Safe Mode session, please restart your computer and before Windows starts loading press F8 and hold it until you enter Windows Advanced Options Menu; by using your keyboard choose the following option: Safe Mode with Networking, and let Windows start in Safe Mode. Try to download the antispyware of your choice again. If Happili.com still blocks remover download – act as follows:

Step 1: click Start at the left bottom corner of your monitor

Step 2: choose Run in its menu

Step 3: type “command” in the line and click OK or press Enter

Step 4: in the window that is to appear type “notepad”

Step 5: once notepad is open, insert the following text into Notepad by copy and paste:

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[-HKEY_CLASSES_ROOT\secfile]

Step 6: save the resulted file as “exefix.reg” (no quotes) at the Desktop. When saving, please choose All Files at the “Save As” drop-down list. Open “exefix.reg” file (on your Desktop) and press “Yes”. After that you can download Spyware Doctor and other legitimate anti-spyware applications or remove Happili.com files and registry entries manually.

Quads · ‎07-21-2008

Don't do the below, it's useless as for a start I have the logs which means the programs have run, so .exe's run The re4g fix is not required.

Useless but could cause problems.

Quads

Mikołaj wrote:
Where Happili.com attempts to evade its removal and terminates or disallows true antispyware downloading, the problem is usually resolved when you run your OS in safe mode. To start Safe Mode session, please restart your computer and before Windows starts loading press F8 and hold it until you enter Windows Advanced Options Menu; by using your keyboard choose the following option: Safe Mode with Networking, and let Windows start in Safe Mode. Try to download the antispyware of your choice again. If Happili.com still blocks remover download – act as follows:
Step 1: click Start at the left bottom corner of your monitor
Step 2: choose Run in its menu
Step 3: type “command” in the line and click OK or press Enter
Step 4: in the window that is to appear type “notepad”
Step 5: once notepad is open, insert the following text into Notepad by copy and paste:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[-HKEY_CLASSES_ROOT\secfile]
Step 6: save the resulted file as “exefix.reg” (no quotes) at the Desktop. When saving, please choose All Files at the “Save As” drop-down list. Open “exefix.reg” file (on your Desktop) and press “Yes”. After that you can download Spyware Doctor and other legitimate anti-spyware applications or remove Happili.com files and registry entries manually.

Quads · ‎07-21-2008

The Avast log shows no defs loaded, did you have it download the definitions set when it asks??

Quads

Quads · ‎07-21-2008

With the definitions added the log should have an extra line I have added one in red below.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 18:33:44
-----------------------------
18:33:44.789 OS Version: Windows 6.0.6002 Service Pack 2
18:33:44.789 Number of processors: 2 586 0x170A
18:33:44.790 ComputerName: HOME-PC UserName: Andy
18:33:49.837 Initialize success

[ TIME ] AVAST engine defs: [Def databse number]

18:34:10.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:34:10.543 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
18:34:10.593 Disk 0 MBR read successfully
18:34:10.597 Disk 0 MBR scan
18:34:10.601 Disk 0 unknown MBR code
18:34:10.605 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
18:34:10.637 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
18:34:10.644 Disk 0 scanning sectors +625135616
18:34:10.699 Disk 0 scanning C:\Windows\system32\drivers
18:34:18.843 Service scanning
18:34:37.082 Modules scanning
18:35:46.225 Disk 0 trace - called modules:
18:35:46.293 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
18:35:46.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cc50e8]
18:35:46.653 3 CLASSPNP.SYS[8260e8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85aab8a0]
18:35:46.662 Scan finished successfully
18:37:15.054 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Downloads\MBR.dat"
18:37:15.064 The log file has been saved successfully to "C:\Users\Andy\Downloads\aswMBR.txt"