Happili redirect virus is a browser hijacker which redirects searches of google.com to happili.com and some other random pages. It’s very hard to notice the infiltration of this malicious software, but it may come bundled with other types of malware which comes with insecure downloads. It is almost impossible to search with google when you’re infected with this virus.
Happily redirect virus does affect Macs too. First thing you need to do is to update Java as this virus uses Java to infect Mac and PC computers. It will be a hard tast to remove this infection as it is used with zeroaccess malware, which is one of the worst malware ever made to the computer system. you will need special tool to remove Happily redirect.
Here are removal options for PC users:
Symantec offers ZeroAccess Fix Tool. This tool can detect and remove the infection, but it might not work with Happili redirect virus and other patest variants
Kaspersky offers TDSSKiller. This utility does find the infection and kill all malicious DLL.
Webroot has developed its own tool to remove special viruses like this.
After using any of tools mentioned above you need to scan you system with reputable anti-spyware software, like Spyhunter, STOPzilla or MalwareBytes anti-malware to remove remaining infection.
Removal instructions for MAC users:
you MUST update JAVA. This Java security update removes the most common variants of the Flashback malware. Apple support provides this information
F-secure developed flashback removal tool which can identify Happily redirect virus and remove it. DO NOT mess with manual removal if you are not advanced MAC user deeply familiar with the system. Use the automated F-secure tool.
When a computer is infected with Hapili redirect, user is taken to a website which is not the link that was shown when clickin on a google search results. These redirected pages might infect your PC even more. The only way to stop this browser hijacker is to stop it from making activity and to remove it from system. More about stopping it can be found in this article: What to do when Google/Yahoo/Bing results are redirecting. To remove it you have to run a full system scan with a reputable anti-spyware software. That will fix Hapily redirect
Happili redirect manual removal:
MANUAL REMOVAL FOR MAC USERS by F-Secure. PLease do not mess with the system if you are simple MAC user. use the automated tool.
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
4. Otherwise, run the following command in Terminal:
grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2%
5. Take note of the value after "__ldpath__"
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):
sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment
sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
sudo touch /Applications/Safari.app
7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
10. Otherwise, run the following command in Terminal:
grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%
11. Take note of the value after "__ldpath__"
12. Run the following commands in Terminal:
defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.
14. Run the following command in Terminal:
ls -lA ~/Library/LaunchAgents/
15. Take note of the filenames.
16. Run the following command in Terminal for each of the filenames obtained in the previous step:
defaults read ~/Library/LaunchAgents/%filename_obtained_in_step15% ProgramArguments
17. Take note of the paths with filenames starting with "."; if none of the entries have a filename starting with "." then you may not be infected with this variant.
18. Delete the files obtained in step 15 that have paths with filenames starting with ".", as well as the files obtained in step 17.