Recently we contracted a virus of some sort that is redirecting every search we do to the Happili website. I have tried researching this virus but so far have found no ways to clear it. I tried the BleepingComputer site to download the DDS file but it won't download for some reason. Can anyone offer assistance as to how to clear this virus?
There are lots of reports about this on various forums going back a couple of years. The recent variants may in some cases be associated with a rootkit infection and you may need to ask for help from the techs at BleepingComputer or one of the other specialist malware-removal forums.
In several of the reported cases the helpers have identified P2P or BitTorrent programs as a potential source of infection. If you have any of those they will ask you to uninstall or disable them. Also, if you have Java check that it's the latest version (and also check to see if you have any older versions on your PC).
I don't know what you've tried already. Have you run any of -
- a full McAfee scan with the latest DAT update?
- Microsoft Malicious Software Removal Tool?
- Microsoft Live Safety Scanner?
Try downloading anything you need in 'Safe Mode with Networking' reached by tapping F8 repeatedly while booting up and it's usually number 2 on the ensuing menu but that varies on some machines.
Alternatively if you have access to a good machine, download the installer for whatever it is to a USB Flash Drive and rename it in the process as you save it so that it wont be recognized by the infection.
Did you try System Restore to before all this happened? That can also be invoked in Safe Mode of you have to.
This isssue is mainly because of 3 virus.
1. Boot Sector Virus.
3.One Dll file in the Start Up
Edit by Hayton : hidden link in (3) above removed and shown below. There's nothing wrong with providing a link to an external malware-removal site, but all such links should be evident in the post, not hidden.
Message was edited by: Hayton on 19/04/12 03:40:08 IST
Can we get some more help on this? I use Mcaffe, but was disapointed to see on the Norton message boards that they added a fix for the happili issue. Is this in the works?
Well for all I know Stinger may fight it. http://stinger.mcafee.com/ It catches the more strange malware that regular antiviruses have problems with and it is updated frequently.
I didn't see a tool on Norton's site that dealt with but did find a thread stating that their virus removal service had fixed it (I assume that as all the thread said was they fixed it). McAfee has a similar service and they use all kinds of tools, often ones we recommend for free. Like Norton it is a paid service.
I can pretty well be assured that it wasn't their antivirus that got rid of it because these kinds of things are built to fool antiviruses - all of them.
Message was edited by: Ex_Brit on 18/04/12 6:04:22 EDT AM
Always have extra anti-malware software on hand and several are suggested here: https://community.mcafee.com/docs/DOC-2168
Norton doesn't have a threat-specific removal tool for this infection, only the Backdoor.Tidserv removal utility which sometimes fails to clean infected memory modules. It depends on the version of the ZAccess rootkit.
I've just run Stinger on two infected machines. One had the boot sector rootkit and Backdoor.Win32.ZAccess.jfd. Stinger did good job and removed both infections. File: https://www.virustotal.com/file/0c37d530990af9368e74e256c70b11576904a187d6ae0df4 17f8466706d43401/analysis/
My other PC had Backdoor.Win32.ZAccess.ivz and Stinger didn't remove it. By the way, McAfee fails to detect it too. I send it to McAfee labs, https://www.virustotal.com/file/15064b1bd44265520cb84603464777035e7b2b6445354534 62b248f05b0ecd08/analysis/
Another interesting thing about this infection - it works on Macs. I'm not sure if it's exactly the same malware, I suspect it might be the Flashback malware.
But it certainly redirects users to happili.com, here's a more detailed write-up about happili: http://deletemalware.blogspot.com/2012/04/remove-happili-redirect-virus-uninstal l.html
So, either cyber crooks have cross-platform malware or they simple joined several different pay-per-click networks. Any thoughts on this?
That's interesting. I don't profess to be knowledgeable about these things but I do know that new variants are appearing constantly and that may be what's happening here.
I have just spent way too long diagnosing and cleaning the Hapilli virus. In the end, I seem to have had success by simply booting into safe mode and running Malwarebytes (I happen to havbe the pro version, but I'm sure a recent version of the free type will work just as well). I think my infection was rather uncomplicated, but I was completely disappointed at the major AV players' inability to ID the threat. Cheers.
ASUS Sabertooth X58 MB
Intel Core i7 Bloomfield CPU
Windows 7 Ultimate 64