ok, so i have never posted before...but i'm by no means a newbie, just always had enough techies around me to get help first hand. I got about 9 years hard core computer use to draw from. Anyway.
So about an hour ago i got hit with HOTOFFERS.INFO the malware. tried everything everyone said, (but im not using hijackthis, though i got it) and had alot of experience with CWS...so i know about browsers needing to be closed and such. fought with it for a while. Some things i noticed...does this program learn on the fly? their malware that is. It seems like if i found a way to almost subvert it it would come back more tenacious, and was like many fearing a total re install. here's what i did.
tried using Alt-Tab to select the HTML page as active so i could Alt F4 it out. it worked. Then it came right back and i was unable to bring that page to the front the same way again. Then i deleted it from the running processes. the page went...and came right back but was now not listed in the running processes as if it was hiding! (mine was acting like a background image with my desktop icons appearing over it). i though, thats wierd. then i tried to view source on the window and delete the code and save the file, then went a step further and tried to delete the file itself. restarted and the page came up white, but it was still in control and i was still getting the error window (about the open port bit). Tried my anti virus (PC Cillan) and even tried their online scan, which found it and and said it couldnt remove it, im guessing becuse the browser window. tried ad-aware, spy subtract, CWS and good old fashion regedit. no luck. i may add here that all my proggies are updated daily and i scan every 6 hours or so (crazy i know, but it seems like i have somehow ended up in the digital equivalent of the old west, and I'm fightin like Doc Holiday). eventually plugged my net back in and ventured infected online looking for a cure. hit alot of sites with no resolution. then i hit here and saw the thread between crunchie and johnny mitchell. used 'killbox' (available here on the site, there is a link in Johnny Mitchels thread to get the file from crunchie i think) but did things a little different with same result.
i used killbox the way you said crunchie (did you write that proggie?) and after restart was able to remove the problem files (2 IE hijacks) with plain old ad-aware. just wanted to drop in my info to add to any knowledge data base existing. if anyone has any questions post em, but i got the average rig right now for the most part, runnin XP Home. Thanks again to Crunchie and Johnny Mitchell (more thanks naturally to Crunchie).