This is exactly same as the hot topic running about hotoffers.info started by Chrstine. I was surfing the web looking for games info sites, and all of a sudden this site popped up for a place called "Hot Offers.info". A bunch of crap shortcuts got put on my desktop, and everytime I take them off, they just come back. My home page has been changed to http://www.hotoffers.info/ad0179/, and changes back to that even after I fix it. In my taskbar on the bottom right, there is a red x in a circle and a yellow caution symbol which LOOK like the Windows symbols, but aren't - they keep popping up these warnings about viruses and spyware, and if you click on the red x, either right or left click, the Hot Offers site pops up again, so I can't remove it. My Norton AntiVirus keeps informing me of constant attacks on my computer coming inbound. My Spybot keeps informing me of changes to the registry. Whatever website I happen to be looking at constantly just changes to another Hot Offer [bleep] page. I also keep getting a windows box telling me:
Error #317 – Microsoft Windows Security Warning X
X Your Windows is corrupted with spyware virus.
You must patch your PC urgently to protect your system.
Private info is accessed by ports:
-8080
-3128
You can patch your PC for free now and delete all spyware viruses.
Click OK to chose and download free spyware removal using AntiSPY
OK Cancel
I have run everything your forum suggsets before posting a Hijack log: Ad-Aware, , SpyBot, both on-line scans, Microsoft Spyware Beta1 etc etc . My system also has Mcafee Antivirus on it, and has since before this program showed up.
I have been fighting with this for the past one wekk but in vain.
here's my Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:55:15 PM, on 4/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\VIGNES~1\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0271/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RevertSettings] 8o”
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] firewire.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://bgldm1-web.f...0016/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110622788014
O17 - HKLM\System\CCS\Services\Tcpip\..\{32BC7875-3A08-4039-8BA2-75F17ECC217B}: NameServer = 61.1.96.69 61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{32BC7875-3A08-4039-8BA2-75F17ECC217B}: NameServer = 61.1.96.69 61.1.96.71
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe