There are lots of reports about this on various forums going back a couple of years. The recent variants may in some cases be associated with a rootkit infection and you may need to ask for help from the techs at BleepingComputer or one of the other specialist malware-removal forums.
In several of the reported cases the helpers have identified P2P or BitTorrent programs as a potential source of infection. If you have any of those they will ask you to uninstall or disable them. Also, if you have Java check that it's the latest version (and also check to see if you have any older versions on your PC).
I don't know what you've tried already. Have you run any of -
- a full McAfee scan with the latest DAT update?
- Microsoft Malicious Software Removal Tool?
- Microsoft Live Safety Scanner?
Try downloading anything you need in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up and it's usually number 2 on the ensuing menu but that varies on some machines.
Alternatively if you have access to a good machine, download the installer for whatever it is to a USB Flash Drive and rename it in the process as you save it so that it wont be recognized by the infection.
Did you try System Restore to before all this happened? That can also be invoked in Safe Mode of you have to.
This isssue is mainly because of 3 virus.
1. Boot Sector Virus.
3.One Dll file in the Start Up
Edit by Hayton : hidden link in (3) above removed and shown below. There's nothing wrong with providing a link to an external malware-removal site, but all such links should be evident in the post, not hidden.
Well for all I know Stinger may fight it. http://stinger.mcafee.com/ It catches the more strange malware that regular antiviruses have problems with and it is updated frequently.
I didn't see a tool on Norton's site that dealt with but did find a thread stating that their virus removal service had fixed it (I assume that as all the thread said was they fixed it). McAfee has a similar service and they use all kinds of tools, often ones we recommend for free. Like Norton it is a paid service.
I can pretty well be assured that it wasn't their antivirus that got rid of it because these kinds of things are built to fool antiviruses - all of them.
Norton doesn't have a threat-specific removal tool for this infection, only the Backdoor.Tidserv removal utility which sometimes fails to clean infected memory modules. It depends on the version of the ZAccess rootkit.
I've just run Stinger on two infected machines. One had the boot sector rootkit and Backdoor.Win32.ZAccess.jfd. Stinger did good job and removed both infections. File: https://www.virustotal.com/file/0c37d530990af9368e74e256c70b11576904a187d6ae0df4 17f8466706d43401/analysis/
My other PC had Backdoor.Win32.ZAccess.ivz and Stinger didn't remove it. By the way, McAfee fails to detect it too. I send it to McAfee labs, https://www.virustotal.com/file/15064b1bd44265520cb84603464777035e7b2b6445354534 62b248f05b0ecd08/analysis/
Another interesting thing about this infection - it works on Macs. I'm not sure if it's exactly the same malware, I suspect it might be the Flashback malware.
But it certainly redirects users to happili.com, here's a more detailed write-up about happili: http://deletemalware.blogspot.com/2012/04/remove-happili-redirect-virus-uninstal l.html
So, either cyber crooks have cross-platform malware or they simple joined several different pay-per-click networks. Any thoughts on this?
I have just spent way too long diagnosing and cleaning the Hapilli virus. In the end, I seem to have had success by simply booting into safe mode and running Malwarebytes (I happen to havbe the pro version, but I'm sure a recent version of the free type will work just as well). I think my infection was rather uncomplicated, but I was completely disappointed at the major AV players' inability to ID the threat. Cheers.
ASUS Sabertooth X58 MB
Intel Core i7 Bloomfield CPU
Windows 7 Ultimate 64