hotoffers.info browser hijacker

[Chris]

I'm having trouble removing the hotoffers.info hijacker from my comp. Every
time I try to set my home page to Google it changes back to
http://www.hotoffers.info/a0002/ . I have used a number of spyware removal
programs (spybot S&D, spysweeper, adware, xoftspy) to try to remove it. Even
Norton 2005 won't get rid of it. It's really annoying me because even when I'm
not connected to the net some program keeps trying to open my AOL browser every
10 mins or so and I keep getting windows security pop-ups telling me that "my
system is infected - click o.k. to choose and download free spyware removal
using AntiSPY" (yeah right!!!).

Any help in getting rid of this would be greatly appreciated.

Thanks in advance,

Chris.

 

[Beauregard T. Shagnasty]

I'm having trouble removing the hotoffers.info hijacker from my
comp. Every time I try to set my home page to Google it changes
back to http://www.hotoffers.info/a0002/ .

According to this page, an IE hijacker called hotoffers will be
removed by AdAware. This page is dated 3 Dec 2004.
http://www.lavasoftsupport.com/index.php?showtopic=53638&st=0&

Have you updated lately? Running the latest SE version?

I have used a number of spyware removal programs (spybot S&D,
spysweeper, adware, xoftspy) to try to remove it.

Xoftspy. Dump it:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Even Norton 2005 won't get rid of it. It's really annoying me
because even when I'm not connected to the net some program keeps
trying to open my AOL browser every 10 mins or so and I keep
getting windows security pop-ups telling me that "my system is
infected - click o.k. to choose and download free spyware removal
using AntiSPY" (yeah right!!!).

What does your firewall tell you? What program is trying to connect
and to where?

Any help in getting rid of this would be greatly appreciated.

Consider switching to a modern, unhijackable browser.
http://home.rochester.rr.com/bshagnasty/tips.html

 

[Chris]

thanks for help. I ran the latest version of AdAware and it found 3 examples of
hotoffers in the registry. After I removed them I re-ran AdAware and guess
what? they were still there! After deleting and quarantining them numerous
times, they still won't die. My firewall (McAffe personal firewall plus) does
nothing when my aol browser tries to open itself.

any ideas?

Thanks again,

Chris

 

[Max M.Wachtel III]

I'm having trouble removing the hotoffers.info hijacker from my comp. Every
time I try to set my home page to Google it changes back to
http://www.hotoffers.info/a0002/ . I have used a number of spyware removal
programs (spybot S&D, spysweeper, adware, xoftspy) to try to remove it. Even
Norton 2005 won't get rid of it. It's really annoying me because even when I'm
not connected to the net some program keeps trying to open my AOL browser every
10 mins or so and I keep getting windows security pop-ups telling me that "my
system is infected - click o.k. to choose and download free spyware removal
using AntiSPY" (yeah right!!!).

Any help in getting rid of this would be greatly appreciated.

Thanks in advance,

Chris.

Beginning of standard canned reply.

Update Windows. Use a firewall.
Use an Anti-Virus of your choice and keep it updated.
In Windows Explorer, set Folder Options to “show all files”.
Clean out all temp, cache, ect. files.
Download BeClean here:
http://boozet.xepher.net/beclean/

Download Sysclean from here:
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
Read this(it tells you how to use it!):
http://www.trendmicro.com/ftp/products/tsc/readme.txt
Reboot into safe mode and run Sysclean, write down results, then reboot
normally.
If offending file is in “restore” read this:
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Download AdAware from here:
http://www.majorgeeks.com/download506.html
Read the help files,download the winsock fix, and then Update and run
AdAware.
If you lose your Internet connection after running AdAware run the fix.
Winsock Fix here:
http://www.tacktech.com/display.cfm?ttid=257

Download Spybot Search+Destroy here:
http://www.safer-networking.org/en/download/index.html
Read this:
http://www.safer-networking.org/en/tutorial/index.html
Update and run Spybot (enable all protection).

Download Spyware Blaster here: (enable all protection)
http://www.javacoolsoftware.com/spywareblaster.html

Run a couple of online scanners (pick a different one than your main AV):

BitDefender:
http://www.bitdefender.com/scan/licence.php

Norton:
http://security.symantec.com/sscv6/...d=sym&plfid=23&pkj=XHPGJRSOMVZGYYTZXPE&bhcp=1

Panda:
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

eTrust:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

House Call:
http://housecall.trendmicro.com/housecall/start_corp.asp

If the previous do not solve your problems:
Download Bazooka here:
http://www.kephyr.com/spywarescanner/

Download SwatIt here:
http://swatit.org/

Download KL-Detector here
http://dewasoft.com/privacy/kldetector.htm

Download CWShredder here
http://www.intermute.com/spysubtract/cwshredder_download.html

Download HijackThis here:
http://www.majorgeeks.com/download3155.html
Install, run and save the log that is created. Don’t let it fix anything
yet!
You can find forums to post the log to have it analyzed here:
http://tomcoyote.org/hjt/

Download Stinger here:
http://vil.nai.com/vil/stinger/

Download eScan here:
http://www.mwti.net/antivirus/free_utilities.asp
Rename the downloaded file escan.zip and extract (with a zip program) to
C:\Downloads, which you will have to create. Run the updater
(kavupd.exe) and then run eScan (mwavscan.exe).

End of standard canned reply.

-max
--
Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)

 

[acidwill]

thanks for help. I ran the latest version of AdAware and it found 3 examples
of

hotoffers in the registry. After I removed them I re-ran AdAware and guess
what? they were still there! After deleting and quarantining them numerous
times, they still won't die. My firewall (McAffe personal firewall plus) does
nothing when my aol browser tries to open itself.

any ideas?

Thanks again,

Chris

I've got the same hijack on my pc.. seek and destroy said i have
coolwebsearch infections but stinger and my firewall don't pick it up.
Every 10 minutes IE redirects to a 'congratulations your our 90,000th
visitor page. Aaaargh.

Will

 

[Beauregard T. Shagnasty]

I've got the same hijack on my pc.. seek and destroy said i have
coolwebsearch infections but stinger and my firewall don't pick it
up. Every 10 minutes IE redirects to a 'congratulations your our
90,000th visitor page. Aaaargh.

CoolWebSearch is an Internet Explorer hijacker. Stinger is a specific
program for removing about forty of the newest viruses. CoolWebSearch
is not a virus.

Your firewall will not stop web pages and their code that you ask for.

You need the CWShredder, a specific tool for CoolWebSearch.
http://intermute.com/spysubtract/cwshredder_download.html

Then you need to consider upgrading to a modern, secure browser.
http://home.rochester.rr.com/bshagnasty/tips.html