Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Solved: Happili and GimmeAnswers Redirect Virus


  • Please log in to reply
8 replies to this topic

#1 champ203r

champ203r

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 07 April 2012 - 03:23 PM

I wanted to take a few minutes and try to help all the poor soles like myself that got zapped in past few weeks with this re-birth of this Happili and GimmeAnswers redirect. It turned out to be a very tough rootkit infection that NOTHING could identify except for the following 2 programs that i installed and ran in the order shown.... everything is clean now.... and these are user friendly tools....

Instructions:

I downloaded the following 2 programs and ran them in the order shown. I downloaded them onto a thumb drive from another machine that was clean and then plugged the thumb drive in and ran each of the installations and ran them both.... one of the programs below actually creates a random named executable... i forget which one.... you just need to do a show details sorted by latest to oldest and the .exe will show on top of your list of files.

>>>>> Norton Power Eraser ( http://security.symantec.com/nbrt/npe.aspx )

This thing found several issue and cleaned them all up. The happili virus was starting to try to broadcast emails to everyone and this program above even found that bad problem and cracked it immediately ! I don't recall if it asked for a reboot but i think it did after i ran it.

>>>>> AVG Anti-Virus Free Edition ( just download the free one.... http://free.avg.com/us-en/homepage )

This software is awesome! I'm running it now on my machine free.... it has an Anti-Rootkit Scan and many other things. It detects everything live and has a deep rootkit scan that is 'active' and you can run it when if you want.

I really think that most of you just need to run these 2 programs and you will be solved as i was..... all the other exports of reports and running killers and other dangerous routines... didn't help....not for this virus... but the above 2 programs helped and solved it....immediately..

I hope this helps someone...

The AVG screen snapshots:

Posted Image
Posted Image

Here are some pics:

Edited by Budapest, 07 April 2012 - 03:32 PM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 PM

Posted 07 April 2012 - 06:55 PM

Hello, would you post the 2 removal logs as that info would be helpful.


Warning ...

Norton Power Eraser includes detection and removal capabilities for security risks that impersonate legitimate applications (for example, fake antivirus software), often known as "scareware", "rogueware" or "scamware". The tool uses aggressive techniques to detect malware, so there is a risk that it could flag certain legitimate programs for removal. You should carefully review the scan results page before removing any files.


It may be as dangerous to run as some other tools you alluded to.

Edited by Queen-Evie, 08 April 2012 - 10:29 AM.
fixed code tag

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 champ203r

champ203r
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 April 2012 - 07:38 AM

I put out there for the common user what I did to get my problem fixed. If anyone doubts the integrity of Symantec's own web site and is suggesting that they are promoting virus-laden software, i do not agree with that theory and i personally would not spent a second worrying about that.. Symantec is not that stupid. Norton Power Eraser and the URL I provided are from the home Symantec web site. Good luck to everyone having Happili problems. I hope my post helped someone.

Edited by champ203r, 08 April 2012 - 07:55 AM.


#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 April 2012 - 10:11 AM

He's not saying that. He's saying that Symantec acknowledges that this particular product is prone to false positives. The solution may have worked for you but it may cause problems for others.

#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:17 PM

Posted 08 April 2012 - 10:14 AM

I put out there for the common user what I did to get my problem fixed. If anyone doubts the integrity of Symantec's own web site and is suggesting that they are promoting virus-laden software, i do not agree with that theory and i personally would not spent a second worrying about that.. Symantec is not that stupid. Norton Power Eraser and the URL I provided are from the home Symantec web site. Good luck to everyone having Happili problems. I hope my post helped someone.


No one is suggesting that Symantec is "promoting virus-laden software".

What WAS mentioned by boopme is Power Eraser is a very POWERFUL tool which could POSSIBLY tell you that LEGITIMATE programs are threats and should be removed. It is up to the user of the tool to determine if a result is a legitimate program.
Since Symantec is not that stupid, that is why they mention this fact on the page you linked to.

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.


Edited by Queen-Evie, 08 April 2012 - 10:37 AM.


#6 champ203r

champ203r
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 April 2012 - 01:15 PM

Ok, i get it an apologize.

It worked great for me.

I'm seeing an awful lot of people without answers and having to rebuild with this Happili Virus. It prevent me from having ot do that.

Good luck everyone.

#7 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 08 April 2012 - 03:41 PM

So...you will provide the 2 removal scan logs that boopme asked for?

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#8 champ203r

champ203r
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 April 2012 - 07:48 PM

I don't know how to provide removal logs.. i just rand the software packages, they saw rootkits and got rid of them... sorry.... good luck... i'm moving on... this was my office machine and i don't want to mess around with any additional programs providing new virus analysis logs. Good luck.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 PM

Posted 08 April 2012 - 10:13 PM

Ok, well thanks for posting your solution. I am sorry if i came off as scolding. I wasn't. Just pointing out an issue that may affect another user or a novice to look at what you are about to remove, It's like the blue text we have posted above the "Am I Infected" forum ....

do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users