3 Replies Latest reply on Jul 7, 2012 1:16 PM by kuttus

    trojan.happili Browser Hijack malware

      Does anyone know how to get rid of the browser hijack malware that Malwarebytes refers to as "trojan.happili"?

        • 1. Re: trojan.happili Browser Hijack malware
          Peacekeeper

          Well seems a manual removal may be the way to go see this page

           

          and read this

          https://community.mcafee.com/message/235738

          • 2. Re: trojan.happili Browser Hijack malware
            Hayton

            This one may be difficult to track down and remove. I've seen a couple of removal attempts where it goes, but comes back later.

             

            One thing that might help is to use System Restore to go back to a pre-infection stage; always assuming you know when that was. If that's successful you'll need to re-download any McAfee and Windows updates. If you don't know when the Happili redirects started, it might be better to attempt a cleanup.

             

            First : get CCleaner and use it to purge all your temp directories (you'll need to check where they are and add them to the list). You can select most of the boxes but leave any entries for log files and McAfee unchecked. There's a registry cleaner option in CCleaner but use it with caution : analyze rather than delete unless you're sure what you're seeing is unnecessary.

             

            You should also check that your Hosts file (in c:\windows\system32\drivers\etc\) hasn't been modified, and if you know how to examine your router settings then check those as well. To reset your Hosts file to the default see this Microsoft Support article : http://support.microsoft.com/kb/972034

             

            Next : are you seeing this only in one browser, or more than one? There was a thread on the Mozilla forums where it was traced to a Firefox add-on (Translate This 2.0) and the instructions for removal seem to work :

            http://support.mozilla.org/en-US/questions/924949

            http://www.seabreezecomputers.com/tips/happili.htm

            http://majorgeeks.com/GooredFix_d7057.html   -  this is for Firefox only.

             

            The basic removal process for other browsers consists of running TDSSKiller (in case this is a rootkit infection) and Malwarebytes. (There are plenty of other programs which the experts on specialist removal forums use, but the report logs they produce aren't always easy to understand).

             

            On the Happili website there is a small link at the bottom of the Home page that says "Disclaimer". This takes you to  hxxp://www.happili.com/inner.php?page=disc (the link has been obfuscated) where you will see the following statement :

             

            Over the last few days we have seen a number of complaints concerning redirects and unwanted software and we are deeply concerned that our users are experiencing these issues. Please note, We promote Happili.com in a variety of ways, mainly through search engines (SEM), and we also outsource some of the marketing budget to a third party. This issue is outside of our control.

            We do not engage in ANY use of adware, spyware, redirect or other invasive techniques. These issues are detrimental to our reputation as a publisher and we do not want to be associated with it.

            In the case that you have willingly/unwillingly installed a software that is redirecting your web requests: We understand your frustration, and have no affiliation with the source of the software, they choose to send their traffic to a variety of sources of which we are just one of them. However, we are actively trying to identify the source.

            NOTE: These redirects cannot be detected/removed by any major malware/spyware/anti-virus detection software including: Malwarebyes, AVG, Norton, Spy-bot, Avira, McAfee, etc.

             

            They recommend GooredFix, but don't seem to realise that it won't work on IE or Chrome. For IE, open the browser in no-add-on mode; for Chrome, click on the spanner/wrench and select Tools-->Extensions then uncheck all the extensions - and see, in each browser, whether the redirects still happen.

            • 3. Re: trojan.happili Browser Hijack malware

              This isssue is mainly because of 3 virus.

               

              1. Boot Sector Virus.

              2. Trojan.ZeroAccess

              3.One Dll file in the Start Up

               

              http://123seminarsonly.com/Blog/how-to-remove-happili-virus

               

              https://community.mcafee.com/message/235723