A New Super Trojan From Hell?

About a month or two ago, I got infected with what I’ll just say is the Happili trojan. What it does is redirect Google’s links to various junk advertising sites, ones that don’t even seem of any use, and often to the Happili search engine, which is an ugly garbage nothing site basically. It’s apparently a rootkit, and in my case it’s hijacked Firefo,. On top of that, that sick company Babylon (the translator one) refuses to give me the honest answer as to how to remove their trojan url field browser hijacjer (Which takes over the url search function via the url field/address bar in Firefox), which works out in an ironic way because it overrides the Happili trojan (lol, battle of the trojan browser hijackers). After trying hard to remove it, I managed to get rid it from IE/Internet Explorer, or rather Microsoft’s Security Essentials, a virtual trojan itself, as it gives you no convenient way to get rid of it knew how to defeat it, but, Microsoft being the scum they are, deliberately lets Firefox, remain infected, or rather as I call it, jacked. What got me to start writing this article is when putting in an SD card to look at pictures on it, for the first time ever got this error message “class not registered”. So much for leaving safemode! If I didn’t mention safemode yet, I will later, so you’ll understand why I said that.

I’ve used Hijack This, Malwarebytes, MSE (which I just mentioned), AVG, Norman Malware Remover, Unhackme, Combofi,, ARIES Rootkit Remover, RootkitRevealer, tried RootRepeal but it won’t work on a 64 bit Windows OS, and tried Anvi Smart Defender. While typing Anvi Smart Defender (which I actually typed in an earlier order but rearranged things in the order I tried them) it started scanning when I clicked it to figure out what it’s name was for this article, found some bad stuff, which then triggered AVG (even though I turned it off dammit) which found two bad things, and not sure if any were what Anvi found, but this stuff will not go away. It keeps coming back. It’s back again as I am writing this. AVG identifies two things it calls a virus. It calls them both JS/Downloader.Small. One is located in the Windows temp folder, the other is in the Appdata\Local\Temp folder.

There is some way I found when I found the Anvi stuff on a website that has an e,planation as to how to remove the Happili trojan. It tells you to go into safe mode, and remove certain registry entries and to scan with Anvi while in safe mode, but I hate trying to memorize registry entries, and being overwhelmed forgot I could just open the saved page with the instructions. Overwhelmed because of various things going on in my life and having a massive number of tabs open in both IE and Firefo, often.

But so today, other bizarre things started happening: IE would flicker when using Twitter (yes I see the irony: Flickr/Twitter), and wouldn’t stop or function normally. And when I got to watching a certain YouTube video, the video would suddenly blank and show an e,clamation mark. Then I spent, sitting down in agony over it, thirty minutes or more when my computer nearly came to a crawl speed. I tried not to force a retart (since when I last did it, a few days ago, it caused me major boot up problems), and instead resorted to shutting down things I thought my be causing the probs using Task Manager, and of course started with IE, trying to shut down the bad tab/page and let IE recover it. It didn’t work. So then I tried closing folders, and e,plorer, but that wouldn’t help either. I gave up since I had already entirely forced Firefo, and IE to close even, and it was still approaching a nearly frozen state. When I rebooted, it froze after loading the desktop and me just opening a few basic programs that half the planet uses (email client, etc.), so forced a shut down again. Then went into safemode when it froze again, that helped, but I didn’t want to stay in it since I couldn’t open up pics and the screen aspect ratio is ugly as you know if you’ve ever used it for long. Then, when everything seemed somewhat normal (it was still being slow, though not as bad) I tried using my Microsoft Lifecam to take some rare pics and vids of myself, but, the video function wouldn’t work. When it told me to look in the help file, a black bo, appeared in the middle of the Lifecam window, and it just stayed that way unless I forced it to shut down. I tried over and over to get the video recording to work, but failed.

THEN I went to uninstall the Lifecam software, thinking maybe it got damaged, but it froze, so I rebooted, went outside to talk to a little beautiful dark brunette, shopping wit my dad, had a hellish argument, as usual, with me mostly me arguing this time, ugh, then went back, dug in my cave some more after seeing a beautiful blonde girl with a nice outgoing dog, though she wasn’t so outgoing, then came back to my place, washed, then got to writing this article. THEN, when I tried Revouninstaller again to remove MS Lifecam, and what happened? It said the uninstaller wouldn’t work and then went to scanning for left over files. WOW. So, what, am I going to discover the uninstallers won’t work either? Something else I noticed before going shopping, is that when I repeatedly right clicked on My Computer, the usual resulting dialog bo,, or whatever wouldn’t come up. I did this to try to get to the device manager to see if the Lifecam drivers were working right. Let’s see if I can get into it this time… no, it doesn’t do anything when I select properties. Wow. Something has got a grip on my computer. And, I did uninstall Malwarebytes to try and stop any conflict with AVG and MSE. I also didn’t mention, though should have earlier, that these new problems that have been happening to day, the freeze ups, happened when that video error started happening on YouTube. I got a message from Adobe to update flash, and thinking that might be what was causing things to go haywire, installed their update and McAfee snuck itself in and installed. When it was seemingly done scanning and Adobe installing, that’s when the freeziness began. The taskbar was basically frozen, the McAfee window was showing in the task bar as a tab despite me seemingly having already closed it and the taskbar kept going white and the desktop reloading. So installing Adobe resolved nothing.

Then I thought that maybe it was the Adobe updater that caused things to start going super slow afterwards. I thought his because many times it was the thing responsible for things suddenly slowing down to a near freeze without e,planation. If you don’t know about this (and you’d have to be someone who completely avoids flash in your browser to not know) or be some alien visiting Earth, but in case you’re new, or this is being read by someone in the far future, I’ll e,plain: The stupid stupid Adobe company has an updater which refuses, at least up until now, to turn off when you tell it to, and it will cause things to get super slow and when you crash e,plorer to get things going again, it’s malicious updater will pop up asking you to update, but that didn’t happen this time.

Wow, I can’t even publish this article because my Internet has gone dead. It won’t work! I remembered that while my dad was parked outside my place, and I was bringing back groceries, or some time around that time today, he asked if my phone was working, because he said he couldn’t get through to me, and I ended up saying “that’s strange.” I’ve gotten some calls over the weeks from people apparently dialing the wrong number, and also looking for some guy or guys that used to live where I did, to pay debts apparently, so I rarely pick up my phone and let the answering machine say whatever. But he said it didn’t work, so I said, “that’s strange” and wondered if maybe the A.M. just filled up with it’s ma, amount of messages, which would be pathetic since it’s only up to ten. But it is a really cheap phone, so that wouldn’t be a surprise to me if that were the case, however, I see my Internet isn’t working, and it’s tied into my phone. I’ve tried repeatedly to reset my modem, but it’s not working. I wonder if this is some sort of new trojan that has disrupted my Internet connectivity.

Wow, noticed something else wacky: I couldn’t see the files on my SD card when I went to save the contents of this article onto it to publishing using my laptop via wifi. I can now now that I am looking at it directly rather than through the save dialog box. Something else I didn’t mention was that when I got infected with Happili, my ability to see thumbnails right away, or the extra large size, wouldn’t work, so that I’d only see blank images at first till I toggled the thumbnail size setting, but sometimes it still won’t let me images in the extra large size. Very strange.

Wait, what the… I just looked at utorrent and it’s still downloading stuff, and now that I think about it, wordpress was able to pop up a preview page. So why in the world does the system tray show a disconntected Internet sign?! AAAH! Hmm, I just saved this as a draft to WordPress, so, I am connected. This is very strange. Maybe this trojan or whatever is infecting me has some prank features.

If anyone knows what is going on, please help, this is terrible. If no one want’s to figure this out, or can in a short time after I publish this, I may reinstall Windows to get out of this mess. I wonder if I have the space to transfer all my stuff to another hard drive first.

Update: Right after publishing this, tried to get around the inability to preview the pics on my card by copying one to my desktop to see if I could then view it from there, but I’m still getting the same error message.

Update: I just tried to change the default image viewing program, which is Windows Photo Viewer, and when I clicked “change” in the properties box, it froze, but I was able to force it to close without crashing explorer. What is going on?

Update: When I waited for “open with” to pop up my programs of choice to view my pics with, it took many seconds to open, and I just tried using Snagit Editor to view my pics, it worked, but you have to drag things into it, and when I closed all the pics I’d dragged into it, I got a “stopped working” message and it closed. That reminded me that for the entire day, or past two days, another one of my oft used programs kept suddenly popping up a stopped working message and closing. Something has really corrupted my software, I hope it’s only messed up the installed software, and isn’t creeping into all my exe’s!

Update: I just tried to force Lifecam to uninstall to see if I could repair it with a new installation, but got the message, “the windows installer service could not be accessed”.

Update: I just got done with MSE scanning a “total” of 82,370 files on “Quick Scan”, and it found nothing. Anvir also earlier did a quick scan of some sort it seemed, and found nothing either. But the broken programmes problems remain.

Update: I just tried to install an image viewing program so that it would automatically take over file viewing since I can’t change what views images manually, but I got the “windows installer service could not be accessed”. So then, I can’t install anything either.

Update: My audio/sound has been disabled and only the speakers and system sounds show in the mixer, not the browser, video player or winamp.

Update: I remember that last week, I was having trouble keeping certain programs open for longer than three seconds, like Notetab and one or two others programs. I told Notetab about this, but they said they were unaware of any problems. It did work on my laptop which uses the same OS, so whatever this trojan is seems to have already been doing damage since last week, and maybe it was even longer ago than that.

Update (next day): It’s disabled my java, and now videos on YouTube won’t play. Time to reinstall Windows.

Update: The videos playing on YouTube seems to have only been a temporary problem which was triggered by skipping forward repeatedly.

  1. June 2, 2012 at 3:51 AM

    Use UBCD4Win to run a virus check from outside the operating system

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: