cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 10

Google redirect to Happili site

Recently we contracted a virus of some sort that is redirecting every search we do to the Happili website.  I have tried researching this virus but so far have found no ways to clear it.  I tried the BleepingComputer site to download the DDS file but it won't download for some reason.  Can anyone offer assistance as to how to clear this virus? 

9 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: Google redirect to Happili site

There are lots of reports about this on various forums going back a couple of years. The recent variants may in some cases be associated with a rootkit infection and you may need to ask for help from the techs at BleepingComputer or one of the other specialist malware-removal forums.

In several of the reported cases the helpers have identified P2P or BitTorrent programs as a potential source of infection. If you have any of those they will ask you to uninstall or disable them. Also, if you have Java check that it's the latest version (and also check to see if you have any older versions on your PC).

I don't know what you've tried already. Have you run any of -

- a full McAfee scan with the latest DAT update?

- Stinger?

- Getsusp?

- Microsoft Malicious Software Removal Tool?

- Microsoft Live Safety Scanner?

- Malwarebytes?

Highlighted

Re: Google redirect to Happili site

Try downloading anything you need in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up and it's usually number 2 on the ensuing menu but that varies on some machines.

Alternatively if you have access to a good machine, download the installer for whatever it is to a USB Flash Drive and rename it in the process as you save it so that it wont be recognized by the infection.

Did you try System Restore to before all this happened?   That can also be invoked in Safe Mode of you have to.

Highlighted
Level 9
Report Inappropriate Content
Message 4 of 10

Re: Google redirect to Happili site

This isssue is mainly because of 3 virus.

1. Boot Sector Virus.

2. Trojan.ZeroAccess

3.One Dll file in the Start Up

Edit by Hayton : hidden link in (3) above removed and shown below. There's nothing wrong with providing a link to an external malware-removal site, but all such links should be evident in the post, not hidden.

http://123seminarsonly.com/Blog/how-to-remove-happili-virus

Message was edited by: Hayton on 19/04/12 03:40:08 IST
Highlighted

Re: Google redirect to Happili site

Can we get some more help on this? I use Mcaffe, but was disapointed to see on the Norton message boards that they added a fix for the happili issue. Is this in the works?

Highlighted

Re: Google redirect to Happili site

Well for all I know Stinger may fight it.  http://stinger.mcafee.com/   It catches the more strange malware that regular antiviruses have problems with and it is updated frequently.

I didn't see a tool on Norton's site that dealt with but did find a thread stating that their virus removal service had fixed it (I assume that as all the thread said was they fixed it).  McAfee has a similar service and they use all kinds of tools, often ones we recommend for free.  Like Norton it is a paid service.

I can pretty well be assured that it wasn't their antivirus that got rid of it because these kinds of things are built to fool antiviruses - all of them.

Message was edited by: Ex_Brit on 18/04/12 6:04:22 EDT AM
Highlighted

Re: Google redirect to Happili site

Always have extra anti-malware software on hand and several are suggested here:  https://community.mcafee.com/docs/DOC-2168

Highlighted

Re: Google redirect to Happili site

@dpoincelot,

Norton doesn't have a threat-specific removal tool for this infection, only the Backdoor.Tidserv removal utility which sometimes fails to clean infected memory modules. It depends on the version of the ZAccess rootkit.

@Ex_Brit,

I've just run Stinger on two infected machines. One had the boot sector rootkit and Backdoor.Win32.ZAccess.jfd. Stinger did  good job and removed both infections. File: https://www.virustotal.com/file/0c37d530990af9368e74e256c70b11576904a187d6ae0df417f8466706d43401/ana...

My other PC had Backdoor.Win32.ZAccess.ivz and Stinger didn't remove it. By the way, McAfee fails to detect it too. I send it to McAfee labs, https://www.virustotal.com/file/15064b1bd44265520cb84603464777035e7b2b644535453462b248f05b0ecd08/ana...

Another interesting thing about this infection - it works on Macs. I'm not sure if it's exactly the same malware, I suspect it might be the Flashback malware.

But it certainly redirects users to happili.com, here's a more detailed write-up about happili: http://deletemalware.blogspot.com/2012/04/remove-happili-redirect-virus-uninstall.html

So, either cyber crooks have cross-platform malware or they simple joined several different pay-per-click networks. Any thoughts on this?

Highlighted

Re: Google redirect to Happili site

That's interesting.  I don't profess to be knowledgeable about these things but I do know that new variants are appearing constantly and that may be what's happening here.

Highlighted

Re: Google redirect to Happili site

I have just spent way too long diagnosing and cleaning the Hapilli virus.  In the end, I seem to have had success by simply booting into safe mode and running Malwarebytes (I happen to havbe the pro version, but I'm sure a recent version of the free type will work just as well).  I think my infection was rather uncomplicated, but I was completely disappointed at the major AV players' inability to ID the threat.  Cheers.

ASUS Sabertooth X58 MB
Intel Core i7 Bloomfield CPU

24GB SDRAM

Windows 7 Ultimate 64

Jay

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community