VideoHelp Forum
+ Reply to Thread
Results 1 to 11 of 11
Thread
  1. I got this kind of virus. Sometimes, when I do a Google search, I get redirected to a website called happili. There is a fair amount on the web about this, but no clear simple way on how to solve the problem. I used a lot of tools such as malwarebytes, tdss killer, windows defender, etc, but all didn't show any problem. Then someone on Bleeping Computer suggested I disable all foxfire add ons/plugins because the virus may somehow be getting in through the plug ins. I had just uninstalled foxfire and supposedly all personal data, but when I reinstalled foxfire, I found 15 add ons/plugins were installed. (See screeenshot.)
    My question is: Why and how did foxfire install all those add ons/plugins without my doing anything? I like to be told and given the option if something is going to be installed. I've now disabled all the add ons/plugins. I haven't had the happili redirect in a while, but since the redirect occurrence was quite random and not often, I can't be sure if I really solved the problem.
    Attached Images      
    Last edited by jimdagys; 2nd May 2012 at 16:12.
    Quote Quote  
  2. Member TreeTops's Avatar
    Join Date: May 2010
    Location: Oregon
    Search Comp PM
    Did the Foxfire version, that you removed, have those addons? If so, then that info was retained somehow and the new version of Firefox that you installed picked that info up.
    Quote Quote  
  3. Yes, the removed version of foxfire had those add ons/plugins. I thought I told the uninstaller to remove all personal data, and I also deleted a remaining foxfire folder, before I reinstalled a clean copy of foxfire. Then, how do I truly uninstall foxfire - and get rid of all those 15 ad ons/plugins?
    Quote Quote  
  4. Member dragonkeeper's Avatar
    Join Date: Jul 2003
    Location: United States
    Search Comp PM
    Murphy's law taught me everything I know.
    Quote Quote  
  5. Member
    Join Date: Mar 2008
    Location: United States
    Search Comp PM
    When you uninstall, if you really want to get rid of everything, you have to delete the stuff in appdata. For example:
    \Documents and Settings\userid\Application Data\mozilla
    \Documents and Settings\userid\Local Settings\Application Data\Mozilla

    Those are the XP paths; probably a little different for Vista/7.
    Quote Quote  
  6. There is no "userid" on my computer. I only have the following choices. (see screenshot) Which folder should I choose?
    Attached Images  
    Quote Quote  
  7. I'm a Super Moderator johns0's Avatar
    Join Date: Jun 2002
    Location: canada
    Search Comp PM
    Userid is the main user folder such as jim or john,since you didn't name one yourself its the Administrator folder.
    I think,therefore i am a hamster.
    Quote Quote  
  8. Thank you for that information about Administrator folder. It seems that uninstalling Foxfire is basically useless as far as getting rid of all kinds of Foxfire related data. I did a search on "firefox" and came up with a lot of files/folders. (see screenshot). I am curious what those "Cameleon" folders are. (See red circle on screenshot.) Certainly seems a lot of places for viruses to hide.
    Note: I initially ran Malwarebytes and it quarantined some malware, but the google redirect still continued after subsequent runs of Malwarebytes showed no malware.
    Attached Images  
    Last edited by jimdagys; 2nd May 2012 at 21:14.
    Quote Quote  
  9. Member
    Join Date: Jul 2001
    Location: NY
    Search Comp PM
    you might want to look into a file called gooredfix.exe. This is a free tool used to detect and fix firefox redirection viri. I downloaded it a long time ago. About 70k in size. If you do a google search for gooredfix you will get more info on what it does as it sounds like it might fix your issue
    want to see some true 3d clips, custom figures, some hardcore music and other crap?? Check out my youtube page www.youtube.com/mazinz2
    Quote Quote  
  10. Member
    Join Date: Mar 2008
    Location: United States
    Search Comp PM
    The "chameleon" is a part of malwarebytes technology and it's normal you'll find those names in there.
    Just look at the full path of the files you found, it will give an indication of what it is.

    For example, the chameleon - malwarebytes. Prefetch folder, a windows facility that keeps track of programs
    startup for performance reasons, the rest is start menu, shortcuts, etc,etc.
    Last edited by davexnet; 3rd May 2012 at 17:16. Reason: typo
    Quote Quote  
  11. The way I look at it, the 4 files that Malwarebytes quarantined (see above screenshot, red circle) were the cause of the actual Google redirect virus. Those virus files apparently created some data in my Firefox folders. I think this data is what creates the redirect. I think Malwarebytes can only get rid of the virus, not the data that the virus created. So I think that is why the redirect still occurs after Malwarebytes shows a clean computer. The above comment about gooredfix.exe might be able to delete the offending data. For now, I've just disabled all Firefox add ons, and the redirect seems to have stopped.
    Since I can use public library computers (which re-image on each boot), I think I will run gooredfix.exe,
    look at the result, then try to put those viruses (from my Malwarebytes quarantine) in the computer, then run gooredfix.exe again and see what data was put into the Firefox folders. During these steps, I can also check for Google redirect on Firefox.
    Last edited by jimdagys; 3rd May 2012 at 21:08.
    Quote Quote  



Similar Threads