How to fix Happili.com redirect without uninstalling Firefox

Created: April 18, 2012
Subscribe to Internet Tips and Tools Feed
f Share
-
G+ Share
-
Tweet
-
in Share
-
P in it
-

So you do a Google search in Firefox and you get redirected to Happili.com or other websites. You have done the normal procedures to remove a redirect virus and you no longer have redirects in Internet Explorer (or you never had redirects in Internet Explorer), but you still have redirects to happili.com in Firefox.

Note: There is no warranty for the use of this information. Use at your own risk. I am not responsible for any damage or loss of data for the correct or incorrect usage of the information provided on this page.

The normal procedures you tried were possibly installing and running the following programs:

  1. MalwareBytes Anti-Malware
  2. TDSSKiller.exe

The above may have removed a few DLL files from your C:\Windows\System32 folder. One of the files may have been 114K and another may have been 236K. This may have solved the redirect problem in Internet Explorer. But you are still being randomly redirected to happili.com and other websites when doing a Google search in Firefox. You are told that the "only solution left is to completely uninstall and reinstall Firefox." But that is not the case. The reason for the redirects in Firefox is because of an Extension that was installed in Firefox. By disabling that extension you will not have redirects anymore.

To test Firefox to see if it is an extension that was maliciously installed, run firefox in safe mode by doing the following:

  1. Click on Start -> All Programs -> Mozilla Firefox -> Mozilla Firefox (Safe Mode)

    OR

  2. Click on Start then type in firefox -safe-mode and press Enter. Click on Continue In Safe Mode if asked.
Now do some searches and see if you are redirected. If you are not redirected then it is an extension that is causing the problem. Close Firefox and restart Firefox in regular mode.

Look for the malicious extenstion that is causing redirects in firefox

Do the following steps to find the bad extension in Firefox:

  1. In Firefox click on Tools -> Add-Ons
    (Note: If you do not see a Tools menu option at the top of Firefox, first right-click on the Home button and Click on Menu Bar so that it is checked.
  2. On the left hand side click on Extensions
  3. Now disable each extenstion and enable just one extension and then restart Firefox. Do some searches and see if you are redirected. If not, enable just one more extension and restart Firefox and do some searches until you find out which extenstion is causing the redirects.
In a Windows PC that we were working on the name of the bad extenstion was Translate This! 2.0 By Mozilla Corp. When we clicked on more next to the extension description it had a date of Last Updated Wednesday, April 4, 2012. This was the exact date that the happili redirects started! Keep that extension disabled and the redirects will stop (unless you get infected again). If you want to know more about where this redirect extension is residing on the computer and where it might have come from then read on:

Where is the extension folder located on my PC?

You may have to look in a few places to find out where a Firefox extenstion is located. We will look in the registry.

  1. Click on Start -> Run or just type in the box in Windows Vista/7 and type: Regedit and press the Enter key.
  2. Double click through the following keys: HKEY_CURRENT_USER -> Software -> Mozilla -> Firefox -> Extensions.
    (Note: You may also have to look in HKEY_LOCAL_MACHINE -> Software -> Mozilla -> Firefox -> Extensions)
  3. Look at the right hand side. In the case of one computer the name of the extension was {E455F22B-7E82-11E1-826D-B8AC6F996F26} and the value was C:\Documents and Settings\username\Local Settings\Application Data\{E455F22B-7E82-11E1-826D-B8AC6F996F26}\
In Windows Vista/7 the offending folder would probably be something like: C:\Users\username\AppData\Local\{E455F22B-7E82-11E1-826D-B8AC6F996F26}

You may have to look at each folder value one at a time on the right hand side of the Registry Editor. A quick way to go to the folder locations is to double click on the Name. This will bring up the Value Data which contains the folder location for the extension. Press CTRL+C to copy the folder location and then click on Start -> Run (If Windows XP) and type CTRL+P to paste the folder location and press ENTER. Inside the folder should be a file named install.rdf. Double Click on install.rdf and then if asked how to open click on Select the program from a list and then click on Notepad. Look in the file for the same name of the offending extenstion name. It should be something like:
<em:name>Translate This!</em:name>.

To find the bad extension you may have to look through all the extenstion folders that are listed in regedit. Once you have found the correct extension you can delete it from the registry and you can delete the folder. Before deleting the folder you may want to look at the date and time of the folder and the files within the folder, then you can search for the same date and time in browser history to find out where you may have caught the virus.

Where did I get the redirect extenstion from?

Firefox History

In Firefox click on History -> Show All History and then go to the date and time that the virus extension folder had on it. In the case of the computer we were working on it was http://mrexcel.com.

Protecting your Computer from Further Infection

Many redirect viruses are getting on computers without permission through exploits in the following programs: Java, Adobe Flash and Adobe Reader. My recommendation is to just uninstall these programs and never install them again. But if you really need one or all of these programs then you have to constantly update them because they are constantly being exploited because the programmers are constantly leaving holes in them.

  1. Update Sun/Oracle Java (Recommend: Uncheck Install Toolbar during installation)
  2. Update Adobe Flash (Recommend: Uncheck Install McAfee Security Scan Plus)
  3. Update Adobe Reader (Recommend: Uncheck Install McAfee Security Scan Plus)

And of course you need to constantly update Windows.

Back to www.seabreezecomputers.com
Subscribe to Internet Tips and Tools Feed        

User Comments

There are 0 comments.

Displaying first 50 comments.