I got this kind of virus. Sometimes, when I do a Google search, I get redirected to a website called happili. There is a fair amount on the web about this, but no clear simple way on how to solve the problem. I used a lot of tools such as malwarebytes, tdss killer, windows defender, etc, but all didn't show any problem. Then someone on Bleeping Computer suggested I disable all foxfire add ons/plugins because the virus may somehow be getting in through the plug ins. I had just uninstalled foxfire and supposedly all personal data, but when I reinstalled foxfire, I found 15 add ons/plugins were installed. (See screeenshot.)
My question is: Why and how did foxfire install all those add ons/plugins without my doing anything? I like to be told and given the option if something is going to be installed. I've now disabled all the add ons/plugins. I haven't had the happili redirect in a while, but since the redirect occurrence was quite random and not often, I can't be sure if I really solved the problem.
+ Reply to Thread
Results 1 to 11 of 11
Last edited by jimdagys; 2nd May 2012 at 16:12.
Did the Foxfire version, that you removed, have those addons? If so, then that info was retained somehow and the new version of Firefox that you installed picked that info up.
Yes, the removed version of foxfire had those add ons/plugins. I thought I told the uninstaller to remove all personal data, and I also deleted a remaining foxfire folder, before I reinstalled a clean copy of foxfire. Then, how do I truly uninstall foxfire - and get rid of all those 15 ad ons/plugins?
Sounds like you have a Google redirect virus.
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.htmlMurphy's law taught me everything I know.
When you uninstall, if you really want to get rid of everything, you have to delete the stuff in appdata. For example:
\Documents and Settings\userid\Application Data\mozilla
\Documents and Settings\userid\Local Settings\Application Data\Mozilla
Those are the XP paths; probably a little different for Vista/7.
There is no "userid" on my computer. I only have the following choices. (see screenshot) Which folder should I choose?
Userid is the main user folder such as jim or john,since you didn't name one yourself its the Administrator folder.I think,therefore i am a hamster.
Thank you for that information about Administrator folder. It seems that uninstalling Foxfire is basically useless as far as getting rid of all kinds of Foxfire related data. I did a search on "firefox" and came up with a lot of files/folders. (see screenshot). I am curious what those "Cameleon" folders are. (See red circle on screenshot.) Certainly seems a lot of places for viruses to hide.
Note: I initially ran Malwarebytes and it quarantined some malware, but the google redirect still continued after subsequent runs of Malwarebytes showed no malware.
Last edited by jimdagys; 2nd May 2012 at 21:14.
you might want to look into a file called gooredfix.exe. This is a free tool used to detect and fix firefox redirection viri. I downloaded it a long time ago. About 70k in size. If you do a google search for gooredfix you will get more info on what it does as it sounds like it might fix your issuewant to see some true 3d clips, custom figures, some hardcore music and other crap?? Check out my youtube page www.youtube.com/mazinz2
The "chameleon" is a part of malwarebytes technology and it's normal you'll find those names in there.
Just look at the full path of the files you found, it will give an indication of what it is.
For example, the chameleon - malwarebytes. Prefetch folder, a windows facility that keeps track of programs
startup for performance reasons, the rest is start menu, shortcuts, etc,etc.
Last edited by davexnet; 3rd May 2012 at 17:16. Reason: typo
The way I look at it, the 4 files that Malwarebytes quarantined (see above screenshot, red circle) were the cause of the actual Google redirect virus. Those virus files apparently created some data in my Firefox folders. I think this data is what creates the redirect. I think Malwarebytes can only get rid of the virus, not the data that the virus created. So I think that is why the redirect still occurs after Malwarebytes shows a clean computer. The above comment about gooredfix.exe might be able to delete the offending data. For now, I've just disabled all Firefox add ons, and the redirect seems to have stopped.
Since I can use public library computers (which re-image on each boot), I think I will run gooredfix.exe,
look at the result, then try to put those viruses (from my Malwarebytes quarantine) in the computer, then run gooredfix.exe again and see what data was put into the Firefox folders. During these steps, I can also check for Google redirect on Firefox.
Last edited by jimdagys; 3rd May 2012 at 21:08.