I had gotten hotoffers.info last night, and after 2 hours of running programs like hijack this, cwshredder, ad-aware, Norton, etc., etc., etc., and none of it working, I FINALLY came across a solution that worked.

:!: Warning: BIG SMACK ON HEAD AHEAD :!:

On the bottom of the page on http://www.hotoffers.info/179/index.html is a link labelled "uninstall info". I clicked it and it lead me to this page: http://www.hotoffers.info/uninstall/index.html. Here's what it said:
{
How to uninstall?

1. You need to save file uninstall.exe from our server.

2. You need to launch this file.

3. Then open regedit.exe in your Windows directory. And find HKEY_CURRENT_USER "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UninstallHP.

4. Now please delete UninstallHP folder.

5. Now please write in your command field: regsvr32 /u popup_bl.dll

6. Press OK. You're free of this trojan!
}

I downloaded the file (I uploaded it in thread "Another HotOffers Hijack (HJT log incl)" page 2, and it's not letting me upload it again) and ran the file. My Windows went blank, so I had to reboot. After I rebooted, it wasn't changing my homepage anymore. I didn't even need to follow the other steps (although I might, now that I think of it, just to make sure it's ALL gone). I only tried this once and it worked. I'm not interested in getting the trojan again to see if this works every time, so please reply to this post to let me know if it worked for you so that I can feel good about doing my good deed for the day. :cheesy:

Who would have known that actually paying attention to what was on these stupid ad pages would have been at all beneficial? ;)

Ya a couple other sites ive been infected with do that maybe its the law to be removable or something.

Thank you!!!
It really works, and exactly as you've written in your message.I've downloaded the uninstall file and after I launched it windows went blank.After the reboot it was gone.Actually it was still there but when I changed my homepage to about:blank in ie's options menu it disappeared.
I still can't understand how a spyware or trojan or whatever it was lets you to delete itself from your computer. :?: Maybe they have souls and a context of mercy.
Thanks again.... :lol: :lol: :lol:

Well some do others dont kon4ay.biz doesnt have an unistall link

Well....I took the chance of installing the "uninstaller", as I was so freaking tired of dealing with hotoffers......

It looks like it worked, just as the others have said....by big fear is what the "uninstaller" could have installed that I cannot see, but is lying in wait.........*sigh

ReaperVelle

I had gotten hotoffers.info last night, and after 2 hours of running programs like hijack this, cwshredder, ad-aware, Norton, etc., etc., etc., and none of it working, I FINALLY came across a solution that worked.

:!: Warning: BIG SMACK ON HEAD AHEAD :!:

On the bottom of the page on http://www.hotoffers.info/179/index.html is a link labelled "uninstall info". I clicked it and it lead me to this page: http://www.hotoffers.info/uninstall/index.html. Here's what it said:
{
How to uninstall?

1. You need to save file uninstall.exe from our server.

2. You need to launch this file.

3. Then open regedit.exe in your Windows directory. And find HKEY_CURRENT_USER "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UninstallHP.

4. Now please delete UninstallHP folder.

5. Now please write in your command field: regsvr32 /u popup_bl.dll

6. Press OK. You're free of this trojan!
}

I downloaded the file (I uploaded it in thread "Another HotOffers Hijack (HJT log incl)" page 2, and it's not letting me upload it again) and ran the file. My Windows went blank, so I had to reboot. After I rebooted, it wasn't changing my homepage anymore. I didn't even need to follow the other steps (although I might, now that I think of it, just to make sure it's ALL gone). I only tried this once and it worked. I'm not interested in getting the trojan again to see if this works every time, so please reply to this post to let me know if it worked for you so that I can feel good about doing my good deed for the day. :cheesy:

Who would have known that actually paying attention to what was on these stupid ad pages would have been at all beneficial? ;)

Nice one Ceomoses. Was starting to get 'stressed' - was a real pain. Did what you said and so far so good.
Many thanks
mickeyp321.

Yes, I believe that it is the law to give a way to uninstall or unregister yourself from a site. The only problem is that most of the these things are being done by some of the most unethical people, so most of the times it is not even there, or when they do give you a link, it is at a place that is not easy to see...

If they were a little ethical, they would not have done this shit in the first place. Forcing me to come to their site and popping up some naked pictures will not bring them any businesss - at least not from me. Their site has not find its way into unrestricted zone..

Thanks for the info though. I will try it too. No, I did not read the whole page either, and the first time it popped up a nakedgirl, I blocked the site..

And yes, it seemed that it worked. God only knows what other shit they may installed on my computer through this uninstall.

Thank you for the info though.

And by the way, when I ran regsvr32 /u popup_bl.dll, it gave me a message

"popup_bl.dll is no tan executable file and no registration helper is registered for this file type"

unbelievable, man. It really worked. Thanks a bunch.

If anyone discovers other stuff this uninstaller installs, post it here!

Followed all the steps to uninstall. it worked for the night!!. But it came back the next morning. Dammmmmm!!!!!!

Mine has been okay for a few days now....

Is it a possibility that it did not come back, but you got infected by it again while browsing or probably you went to the same site that you got it from?

hmmm, i didnt really go to any sites excpet yahoo. Would clearing my temp internet files help?

I may be wrong, but isnt it a bad idea to download and install an executable file from the same person that gave you the trojan and highjack that screwed up your computer in the first place? To top it off you manually enter a registry entry for them, one that could potentially enable whatever it was that you just downloaded?

I read those instructions, looked pretty shady to me.

I've had it off of my computer for almost a week now. I checked with all my other stuff that I use for removing spyware for any sign of it, and there is no sign. Nothing has come up in adaware (which had detected it and "removed" it, only for it to come back), HJT, regmon, Norton, Spybot, etc. etc. The uninstaller didn't try accessing the internet (that would have come up on my ZoneAlarm). I would say that NoVa Audi just got reinfected somehow.

I may be wrong, but isnt it a bad idea to download and install an executable file from the same person that gave you the trojan and highjack that screwed up your computer in the first place? To top it off you manually enter a registry entry for them, one that could potentially enable whatever it was that you just downloaded?

I read those instructions, looked pretty shady to me.

Actually, no -- no registry entry were made. One was deleted according to the instruction. You are right to some extent. Anyone who would do such shit is unethical, and I have been monitoring my computer for a week, and I have another thread running here where Crunchie has been helping me for a few days now..I had that thread going even before Ceomoses posted the solution that worked fo him..I tried it too, and it worked and I have been clean for 5 days now..A few other people who have tried this are also okay.

I believe that by law, one is required to give a way to uninstall their programs. I am hoping there was some decency in these scumbags to give the users a way to get rid of their shit..... :evil:

hmmm, i didnt really go to any sites excpet yahoo. Would clearing my temp internet files help?

On someone suggestion, I had cleared ALL my temp files -- not only in the internet temp files, but everything under each Temp folder. Just leave the Temp folder and delete everything in it.

On someone suggestion, I had cleared ALL my temp files -- not only in the internet temp files, but everything under each Temp folder. Just leave the Temp folder and delete everything in it.

sorry for bad english..
I done the same..it works but....
i think my windows are unusual slow...like something is working in the background...before i done uninstall procedure i detected strange gif's in temp folder...when hit uninstall.exe from f.... site i reboot..then i had problem deleting unistall.exe but from command prompt it worked..i deleted all temporarly files..then i went to temp in win and delleted as well..but when i am online strange gifs again...all four letter...like dfgt ccfn ..someone with same problem? sometimes gif's dissaper..then some jggh.exe ...
also with netstat -a i se strange ports open like:
3062 , 3063 , 3064 , 3075
I thing miserys are not over!
Any comments?
i thing you undertand what i was trying to say...
Thanks

Worked for me TOO webfoot0 :)

I had gotten hotoffers.info last night, and after 2 hours of running programs like hijack this, cwshredder, ad-aware, Norton, etc., etc., etc., and none of it working, I FINALLY came across a solution that worked.

:!: Warning: BIG SMACK ON HEAD AHEAD :!:

On the bottom of the page on http://www.hotoffers.info/179/index.html is a link labelled "uninstall info". I clicked it and it lead me to this page: http://www.hotoffers.info/uninstall/index.html. Here's what it said:
{
How to uninstall?

1. You need to save file uninstall.exe from our server.

2. You need to launch this file.

3. Then open regedit.exe in your Windows directory. And find HKEY_CURRENT_USER "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UninstallHP.

4. Now please delete UninstallHP folder.

5. Now please write in your command field: regsvr32 /u popup_bl.dll

6. Press OK. You're free of this trojan!
}

I downloaded the file (I uploaded it in thread "Another HotOffers Hijack (HJT log incl)" page 2, and it's not letting me upload it again) and ran the file. My Windows went blank, so I had to reboot. After I rebooted, it wasn't changing my homepage anymore. I didn't even need to follow the other steps (although I might, now that I think of it, just to make sure it's ALL gone). I only tried this once and it worked. I'm not interested in getting the trojan again to see if this works every time, so please reply to this post to let me know if it worked for you so that I can feel good about doing my good deed for the day. :cheesy:

Who would have known that actually paying attention to what was on these stupid ad pages would have been at all beneficial? ;)

What the hell does that mean????

please help as sson as possible. thanks!

Now please write in your command field: regsvr32 /u popup_bl.dll

What the hell does that mean????

please help as sson as possible. thanks!

Now please write in your command field: regsvr32 /u popup_bl.dll

It means go to your Start Menu, choose Run, and when it pops up the box, type in regsvr32 /u popup_bl.dll, and then click on Ok Button.

I had gotten hotoffers.info last night, and after 2 hours of running programs like hijack this, cwshredder, ad-aware, Norton, etc., etc., etc., and none of it working, I FINALLY came across a solution that worked.

:!: Warning: BIG SMACK ON HEAD AHEAD :!:

On the bottom of the page on http://www.hotoffers.info/179/index.html is a link labelled "uninstall info". I clicked it and it lead me to this page: http://www.hotoffers.info/uninstall/index.html. Here's what it said:
{
How to uninstall?

1. You need to save file uninstall.exe from our server.

2. You need to launch this file.

3. Then open regedit.exe in your Windows directory. And find HKEY_CURRENT_USER "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UninstallHP.

4. Now please delete UninstallHP folder.

5. Now please write in your command field: regsvr32 /u popup_bl.dll

6. Press OK. You're free of this trojan!
}
I downloaded the file (I uploaded it in thread "Another HotOffers Hijack (HJT log incl)" page 2, and it's not letting me upload it again) and ran the file. My Windows went blank, so I had to reboot. After I rebooted, it wasn't changing my homepage anymore. I didn't even need to follow the other steps (although I might, now that I think of it, just to make sure it's ALL gone). I only tried this once and it worked. I'm not interested in getting the trojan again to see if this works every time, so please reply to this post to let me know if it worked for you so that I can feel good about doing my good deed for the day. :cheesy:

Who would have known that actually paying attention to what was on these stupid ad pages would have been at all beneficial? ;)

Thanks I had the @!&// thing for weeks now tried everthing....... THIS REALLY WORKS!!!!!!

Ok I seem to have the same problem now and the way you went about is not unistalling it because I can't get to the http://www.hotoffers.info/uninstall/index.html link. I can't get to any of the hotoffers links. When I try I am now getting directed to a http://here4search.com/ link that never loads anything. If someone could get me a copy of the unistall file I would be thankful.

Can someone please help me out here. I still need that unistall.exe file to remove this thing as far as I know.

i did the uninstall it deleted all my icons i restarted it wont stop taking over my browser

I tried this and it didn't work for me. I also noticed that there wasn't an uninstall link on any of the ads that were in my browser. I had to click on the one that was posted to download the uninstall file. UGH this is an annoying little SOB.

And NOW, every time I try to go to yahoo, it brings up one of their speical browsers...WTF!!

Any further help would be MUCH appreciated.

And yes, it seemed that it worked. God only knows what other shit they may installed on my computer through this uninstall.

Thank you for the info though.

And by the way, when I ran regsvr32 /u popup_bl.dll, it gave me a message

"popup_bl.dll is no tan executable file and no registration helper is registered for this file type"

I got this too...is this what it's supposed to do? EEK...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.