06-12-2012 10:13 PM
I can't get rid of the Trojan.Happili redirect. Norton AntiVirus can't find it and Malwarebytes says it's quarantined and deleted it, but I'm still getting redirected from Google search result links. I had this issue last month, it seemed to be resolved, but now it's back. I've attached the Malwarebytes logs from today and from the last infection. Any help would be greatly appreciated.
Solved! Go to Solution.
06-12-2012 10:28 PM
Please do not run any tools unless instructed to do so.
Please read every post completely before doing anything.
Please read carefully
1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.
06-13-2012 12:03 AM
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.
Now drag the CFScript.txt into the ComboFix.exe
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
06-13-2012 07:29 AM
OK, Combofix has run. The requested report is attached. I left Combofix run unattended and it rebooted the system, so does that mean it detected Rootkit/Bootkit activity? Also I did get a warning message about registry keys being listed for deletion when I tried to open items, so I rebooted again per your instructions and it seemed to fix that. After the reboot, I tested a Google search and was NOT redirected.
Does this mean the issue is resolved? If no, what's next? If yes, how can I avoid this hassle again in the future?
Thanks again for your help.
06-13-2012 02:49 PM
Argh! Just tested and I'm getting redirects AGAIN! After running Combofix last night I was NOT getting redirects for a while...now the issue is back. What's the next step?
Thanks for all your time and expertise~
06-13-2012 04:56 PM
Please read carefully and Slowly
Please scan with ESET next
I'd like us to scan your machine with ESET OnlineScan
If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.