AmeliaG

Anyone here have any luck getting rid of Happili malware? Suggestions for approaches?

__________________
GFY Hall of Famer

AltStar Hall of Famer



Blue Blood's SpookyCash.com

Babe photography portfolio

u-Bob

format, reinstall.

BIGTYMER

Can you restore to a previous day?

Babaganoosh

Start off with rkill.
http://www.bleepingcomputer.com/down...ti-virus/rkill

Then use tdsskiller.
http://support.kaspersky.com/faq/?qid=208283363
If it won't run, rename the exe.

Then run malwarebytes and restart.

__________________
I like pie.

u-Bob

Once a system has been compromised, the only way to be sure you get rid of everything is to wipe it clean and reinstall. Annoying? yep, but it's the only way.

Babaganoosh

That's not true at all.

__________________
I like pie.

seeandsee

How did you got that malware?

__________________
BUY MY SIG - 50$/Year

Contact here

u-Bob

When a system has been compromised you know 1 thing: That the system has been compromised.

Based on the output of the system or programs running within that system, you can't know what the attacker has done. You can't know what the attacker has installed. You can no longer trust any info the system provides. Why? Because the system has been compromised. That's security 101.

Ken Thompson already made that point back in 1984 (or 1985) with his "reflections on trusting trust" (or "reflecting on trusting trust") presentation. (Remember his famous c compiler trojan?).

DVTimes

http://www.malwarebytes.org/products/malwarebytes_free

its free

download then scan.

if it does not work (some Malware stops this softwar running), go into safemode.

to go into safe mode shut your pc down then when you restart press f8.

if you go info safe mode with net access you can then update the softear or download it if you did not already download it.

__________________
The Affiliate Program

Babaganoosh

Relax. It's a little Windows trojan, not stuxnet. If you want to reformat after your computer catches a cold, have at it but it's almost never necessary.

__________________
I like pie.

DVTimes

I posted this if its any help:

http://www.dvtimes.com/2012/04/18/ma...-malware-free/

__________________
The Affiliate Program

Mrwww

Malware Bytes.

__________________


DattonMedia
Affordable design and media.
Daniel Datton // ICQ: 9 0 5 9 2 8
support@dattonmedia.com

DVTimes

Just to note:

You can have as many anti-Malware softwear progs on your pc as you wish. Scan your pc every week at least.

But its recomended only one ati-virus softwear as they often run 24/7. Its not uncommon to have two running and find they have problems together. So only have one.

__________________
The Affiliate Program

u-Bob

You're making a lot of assumptions here.

What do we know?
We know her pc got infected.
We know the happili malware was identified on her pc.
So we know this little Windows trojan somehow made it onto her pc.

The question now becomes: How?
Browser exploit? other exploit? email? an already existing infection (a bot herder selling installs)?

If its a browser exploit, how do we know this infection is the first and/or only one to occur based on this attack vector?

We could go on and on, but ultimately the only way to be sure is to wipe an reinstall.


Having an image of a clean system at hand will save you a lot of time and will even be quicker than downloading, installing and messing with all kinds of antimalware tools.

DVTimes

seems a bit of an overkill.

these days many pc's do not have the windows file on disc.

plus as long as she has all her data backed up, what is the worst that would happen?

i do not think its the same as a virus, but some anoying bit of softwear that just anoys you.

i do not think we are at the stage just yet were your pc is being infected by a supercomputer that is planning on ruling earth.

that said mabe i have been sent back in time to tell her not to clear her pc as i am making sure my computer mater does rule earth.

__________________
The Affiliate Program

u-Bob

hence my advice of making an image of a clean system.

Other malware programs could remain behind.


The question of the attack vector remains. How did it get in? Browser exploit? Bundled with something she installed? Installed by a bot herder? ...

Best-In-BC

Nothing 100%, reformat!

__________________
Vacares - Web Hosting, Domains, O365, Security & More
Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains

DVTimes

i see your point.

but as i say as longf as all data is backed up, i would not be too worried.

personaly if you have the room, i would have one pc for pic and vid editing that is not conected to the net (except for mabe updates) and one for going online.

but i still think its an overkill to do what you sugested.

i have had lots of nasty stuff on my pc. i have an old pc with vista. and so far not needed to clear it.

with xp i was having to re-do it from scratch every few months.

softwear today seems much more secure.

i also suspect that they may target tablet and phones more as i bet they are more vunrabel and i bet do not have much protection.

Or to put it this way, why invade the usa when you can invade canada.

__________________
The Affiliate Program

KingNigel

Restore to factory settings.

__________________
OKPay Sponsors
Load your OKPay account directly with Moneybookers, Liqpay, Bitcoin, Cashu, RBK Money,... No need for a 3rd party exchanger.
Payment gateway modules for OSCommerce, Zen-Cart, VirtueMart, cubecart, 3dcart,... available. Find out more.

Babaganoosh

I am making a lot of assumptions? I'm not the one suggesting reformatting for a silly little trojan. You're assuming that the world is out to get you with next level worms that are hell-bent on your destruction. This is the real world. This is just garbage malware.

Serious question: Do you gut the interior of your home and remodel every time you find a spider?

__________________
I like pie.

Tom_PM

I think for MOST people, the idea of reformatting is just so daunting that they never consider it except if their system is absolutely trashed. However if you have a great recent backup. it's never a bad way to go since you can be very sure it's all clear. I wouldn't knock it, but I also wouldn't do it as a first attempt. I'd probably go for a system restore point and all the standard scans as have been suggested then consider it.

__________________
43-922-863 Shut up and play your guitar.

AmeliaG

Unfortunately MalwareBytes can't clean this particular annoyance. I actually thought I'd gotten rid of it with a system restore and some suggestions from BleepingComputer, but it had only been reduced, not eradicated. And now I don't have an older system restore.

I'm going to try that Panda thing next.

__________________
GFY Hall of Famer

AltStar Hall of Famer



Blue Blood's SpookyCash.com

Babe photography portfolio

DVTimes

did you try in safe mode?

__________________
The Affiliate Program

DVTimes

I found this:

http://www.myantispyware.com/2012/04...edirect-virus/

__________________
The Affiliate Program

garce

Happili? WTF? Is that an Apple thing?

I didn't even watch this:

garce

I have an Aunty Spyware. She lives in my mind and tells me secrets about people who open email attachements, and click links to websites that they've never heard about.

Supz

malwarebytes is usually the best

signupdamnit

U-bob's advice is safest but if you can't do that then it is what it is.

Try all of them Panda, Security Essentials, Malwarebytes, AVG. Try in both normal and safe mode (it can make a difference and it can help to do both as strange as it sounds) and when it looks like you got them all run another pass to be sure.

It also appears that this malware often tries to infect the disk controller to digitself in really deep. http://www.techsupportforum.com/foru...ck-641028.html http://spywarehammer.com/simplemachi...topic=12815.45

Looks like they had some success here so you might try that approach http://forums.techguy.org/virus-othe...ont-leave.html Basically you need to wipe out all places where the malware is hiding. Often these things infect a system in many different ways. If you don't get every last piece it will come right back. Check for bogus DNS and proxy entires too as described.

signupdamnit

You can have more than one anti-virus program. You just can't have two which have an automatic on-access (real time) scanner enabled at once. The reason is that usually unless you really know what you are doing they will constantly eat resources and interact with one another in a way which could seriously hinder performance. For many people it's too hard for them to figure out how to disable the real time scanner on the others but if you can figure it out then it's not a bad idea at all to keep a couple on your computer to use as backups. That way when you suspect something and the main one isn't doing the trick you can manually update the others if need be and run manual scans.

Aka_Bluey

When you get it sorted out look at getting Acronis, it can make a image of your hole c drive, for me it works out about a gig a minute to backup to an ex drive.

Acronis True Image Home
http://www.acronis.com/homecomputing...cts/trueimage/

Also at the same time get the Add on Plus Pack
Add-On - http://www.acronis.com/homecomputing...age/#plus-pack
Ability to Restore to Dissimilar Hardware - Whatever the make, model or installed components of your new computer, Plus Pack restores everything back to its proper form.



.

__________________
Things that make ya go hmmmm....

sandman!

there are tons of computer stores that will do the work for you.

__________________
Need WebHosting ? Email me for some great deals [email protected]

cess

Or restore a backup image of the drive. I always use sandboxie, I've never seen any virus get around it. Even if one did I keep backups and it only takes about 15 to 20 minutes to restore. Although none of that probably helps Amelia's current situation now that the virus is on her PC and she probably doesn't have backups. signupdamnit has the best advice here for her problem, although there's a lot of good antiviruses out there.

__________________