Browser redirect issues - possible Happili infection? (help, Quads...)

Norton Security | Norton Internet Security
21

Renamed combofix.exe as badfile.exe but got the same error:

 

CFScript Name Error

Were you trying to run CFScript?

The name, CFScript appears to be incorrectly spelt

22

Shift Combofix to the system root directory   C:\combofix.exe,  bad..... or what ever.   and try from it located there.

 

Quads

23

Just want to confirm my guess that I need to move the cfscript.txt file to same location?

24

Probably easier to have them both in the same location unless you want to have the small C:\ windows open and still have the desktop showing and drag the script right across.

 

Quads

25

That did it - ComboFix ran with no issues this time.  As you said would happen after CF finished, got a couple of warnings about programs trying to perform illegal operations on registry keys marked for deletion.  Rebooted as instructed, and that seems to have resolved it.  CF log is attached.

26

Download a new  copy of Combofix like the main instructions in the past and so on, on to your desktop but this time run it without any script.

Have to make sure one of the files is gone.

 

You Could also have  a permissions problem with files / folders.

 

Also you do or did have Malwarebytes running with it's realtime protection running (another security product), or it could be that the infection hurt Norton.

 

Quads

27

Downloaded a new copy of CF to the desktop and ran it as instructed.  (Did not delete the copy we placed in the root directory since you didn't say to do so - hope that was ok.)  Logfile is attached.

28

Forgot to add - didn't have any other security product running that I am aware of.  Removed mbam several steps ago, when instructed to do so.  Norton seems to be running OK now - the error code I reported getting previously when attempting to access the security history is no longer occuring.

 

29

The file detected is a False Positive  ( I went and looked it up)

 

Please read carefully and Slowly

 

 Please scan with ESET next   Using Internet Explorer


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Attach the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

 

Quads

30

Wow, that one took awhile.  Came up clean, though - that's a relief.

 

Log is attached.

31

Time to start the cleanup process,

 

Double click on OTL.exe to run it.  Right click OTL.exe and select run as administator for Vista and Win 7.

Click the Scan All Users checkbox.

Change file age to 60 days


 

Press the 

 

 

An OTL.txt will be created.

 

Quads

32

Log is attached!  :)

33

OK, 

 

While I am creating a script are you getting redirects now either in Internet Explorer or Firefox??

Also how is your system going now??

 

Quads

34

No more redirects noted, and no further errors experienced in Norton.  Security history does show some medium risk items that I'm not sure I understand, so I'm not sure if these are cause for worry.  Security history activity column says: Unauthorized access blocked (access thread/process data). Log says it has to do with Norton Tamper Protection - it is attached if needed.

35

Unauthorised access alerts by anti-tamper is nothing to worry about

 

Start OTL,   under   Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom)  and run the script. (Red Run Fix Button)

 

The output log, should be placed in the C:\ _OTL folder after.

 

Quads

36

Done.  Hope this is the correct log.

37

Start OTL again but this time click the Black ClenUp button, then make sure the C:\_OTL folder is deleted.

 

After that you are free to go on your merry way.  You are now fixed / Solved.

 

If you want Malwarebytes download the Free version to install and don't click the Trial button

 

Quads 

38

Ran OTL as instructed, and verified that C:\_OTL directory is gone. 

 

Thanks for everything, Quads.  Don't know what I would have done without your help.  Have a great day! :smileyhappy:

39

Hi Quads -

 

Does Symantec have a department that corporations can connect with to address this virus?

 

Thank you!

40

Symantec has the SSR

 

The redirct has a handful of causes it's not always the same or Unlikely.

 

Quads