8 Replies Latest reply: May 5, 2012 10:10 AM by MadMacs0
albertfromgeneseo Level 1 Level 1 (0 points)

My MacBook OS 10.5.8 has picked up the happili redirect problem.  How can I get rid of it?

  • 1. Re: how do you remove happili redirect?
    Carolyn Samit Level 10 Level 10 (89,725 points)

    Hi...

     

    OpenDNS prevents re directs, increases speed, adds security, includes anti phishing filters, blocks the flashback trojan, and it's free.

     

    Open System Preferences / Preferences then select the Network tab. Click the Advanced tab then click the DNS tab.

     

    Click +

     

    Enter these addresses exactly as you see them here.

     

    208.67.222.222

     

    Click +

     

    208.67.220.220

     

    Then click OK.

     

    More about OpenDNS here.

     

    Apple suggests using OpenDNS also  >    Safari 5.0.1 or later: Slow or partial webpage loading, or webpage cannot be found

  • 2. Re: how do you remove happili redirect?
    Linc Davis Level 10 Level 10 (118,270 points)

    Please read this whole message before doing anything.

     

    This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.

     

    Step 1

     

    The purpose of this step is to determine whether the problem is localized to your user account.

     

    Enable guest logins and log in as Guest. For instructions, launch the System Preferences application, select Help from the menu bar, and enter “Set up a guest account” (without the quotes) in the search box.

     

    While logged in as Guest, you won’t have access to any of your personal files or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.

     

    Test while logged in as Guest. Same problem(s)?

     

    After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.

     

    Note: If you’ve activated “Find My Mac” or FileVault in Mac OS X 10.7 or later, then you can’t enable the Guest account. Create a new account in which to test, and delete it, including its home folder, after testing.

     

    Step 2

     

    The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login.

     

    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. The instructions provided by Apple are as follows:

     

    • Be sure your Mac is shut down.
    • Press the power button.
    • Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
    • Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).

     

    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.

     

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

     

    Test while in safe mode. Same problem(s)?

     

    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of steps 1 and 2.

  • 3. Re: how do you remove happili redirect?
    ebdun Level 1 Level 1 (0 points)

    Having the same problem just performed both steps as Linc Davis suggested.  I did not have a problem while in guest account or safe mode.  Furthermore, I haven't been redirected in while back in my regular account mode since doing the check.  What does this mean?

  • 4. Re: how do you remove happili redirect?
    MadMacs0 Level 4 Level 4 (3,735 points)

    albertfromgeneseo wrote:

     

    My MacBook OS 10.5.8 has picked up the happili redirect problem.  How can I get rid of it?

    To the best of my knowledge, that's a PC only infection, but there have been similar infections for OS X in the past.

     

    This site was set up specifically to deal with those: http://www.dcwg.org/.

  • 5. Re: how do you remove happili redirect?
    elizabethfromkansas Level 1 Level 1 (0 points)

    Hey guys,

     

    I can confirm that happili is not a PC only infection because I just recently removed it from my computer. Happy!! Happili is gone even though I'm not very good with computers Anayway, I'm not sure about the DNS thing mentioned by MadMacs0. I think mine was called FlashBack trojan or maybe it was a virus. Can tell the difference really. I've read about this virus on CNET and there was a link to FlashBack Removal tool by one of the security vendors fsecure. Here it is http://www.f-secure.com/weblog/archives/00002346.html

     

    I ran this tool and the happili redirections seemed to have stopped. However, every once in a while it still happened. So, I ran it once again but this time I also reset the settings on Safari. And tada! the virus is gone. I believe this virus leaves behind a setting in Safari that is responsible for the redirections. I found this web browser reset trick on http://deletemalware.blogspot.com/2012/04/remove-happili-redirect-virus-uninstal l.html

     

    Thanks to whomever wrote this!

     

    Elizabeth

  • 6. Re: how do you remove happili redirect?
    MadMacs0 Level 4 Level 4 (3,735 points)

    elizabethfromkansas wrote:

     

    Hey guys,

     

    I can confirm that happili is not a PC only infection because I just recently removed it from my computer. Happy!! Happili is gone even though I'm not very good with computers Anayway, I'm not sure about the DNS thing mentioned by MadMacs0. I think mine was called FlashBack trojan or maybe it was a virus. Can tell the difference really.

    Good to know. You are correct, it wasn't the DNSChanger thing. There are still no known viruses for the Mac and the Flashback you had is either a Trojan or a Backdoor or probably both depending on who names it. But in your case, since you are running an obsolete OS, it did act like a virus, probably requiring little to no action on your part to become infected.

    I believe this virus leaves behind a setting in Safari that is responsible for the redirections. I found this web browser reset trick on http://deletemalware.blogspot.com/2012/04/remove-happili-redirect-virus-uninstal l.html

    That was just some cache left over from your visits there and resetting was exactly the right move.

     

    Now you need to assess the damage, if any.

     

    Watch all the financial web sites you visited after becoming infected, in case they were able to harvest usernames/passwords to those accounts. It would also be a good idea to change all those passwords, just in case.

  • 7. Re: how do you remove happili redirect?
    uggy Level 1 Level 1 (0 points)

    First thing you need to do is to update Java. Apple had this update available just after the infection started to spread.

    Some users are not right, this is not the PC ONLY infection. This virus infects Mac computers too. The MACs became more popular and hackers find them interesting to attack.

     

    Happili redirects your search results to some crappy website Happili.com. happili-redirect-malware.jpg


    There are some tools and instructions to remove Happili. For Macs F-Secure tool should do its job.

    But if you want to mess with the system yourself can look at the info provided by anti-malware site:

    http://www.2-spyware.com/remove-hapili-redirect.html

  • 8. Re: how do you remove happili redirect?
    MadMacs0 Level 4 Level 4 (3,735 points)

    uggy wrote:

     

    First thing you need to do is to update Java. Apple had this update available just after the infection started to spread.

    There is no update for OS X 10.5.8 users. The only protection is to turn Java off in the browser and/or use OpenDNS.

     

    The infection is actually Flashback which redirects you to several different advertising sites, including apparently hapili. As stated in the spyware site you mentioned, Intel Mac users unable to install the Apple update should use the tool provided by F-Secure and not "mess with the system."