SAHAgent
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: SAHAgent

  1. #1
    Member
    Join Date
    Jan 2004
    Posts
    81

    SAHAgent

    I'm having a problem with this and was wondering if anyone could help. It's not in the Add/Remove programs anywhere and I can't find it in the registry either. Ad-Aware can't remove it but it gives the location and says it's in C:\_RESTORE\TEMP\LSP.0

    I was wondering: seeing as I've disabled system restore can I just delete the full restore folder from C: ? Or does anyone know of a program that will delete it without having to go through the registry? (This would be great because I can find it anywhere in there like I said, and I can't find any folders that are spoken of on the net in System either.)

    I would have got this sorted without having to make a thread, but I can't find any folders anywhere, not in Downloaded Program Files, Program Files, Windows, Add/Remove Programs, or anywhere else, it's pretty wierd. I've looked at several removal guides on the net but the registry keys offered aren't there at all when I use regedit.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  2. #2
    Member
    Join Date
    Jan 2004
    Posts
    81
    Here's the Ad-Aware log for SahAgent :

    Deep scanning and examining files (C: )


    SahAgent Object Recognized!
    Type : File
    Data : LSP.0
    Category : Data Miner
    Comment :
    Object : C:\_RESTORE\TEMP\
    FileVersion : 2, 0, 0, 1
    ProductVersion : 2, 0, 0, 1
    ProductName : ShopAtHomeSelect LSP
    CompanyName : ShopAtHomeSelect
    FileDescription : LSP
    InternalName : LSP
    LegalCopyright : Copyright 2004
    OriginalFilename : LSP.DLL


    I goto : My Computer > C: > _RESTORE but there's no \TEMP section! Madness!

    Non existant fu**!

    Is there a gang of crackers that waste into these companies? Can I worship them?
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    hey Eonfire;

    This should work. Back up your registry first, please!

    Removal
    There should be an entry in the Control Panel's Add/Remove Programs entry for 'ShopAtHomeSelect Agent'. Use it to remove the software then restart the computer.

    You can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry inside the 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean up if you like.

    If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even though the software is uninstalled, you can get rid of it by opening the registry (Start->Run->regedit) and deleting the key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent '.

    Manual removal

    As with all software that uses Winsock2 LSPs, you should be very careful removing ShopAtHomeSelect by hand: if you slip up you may lose all networking ability.

    First, open the registry (Start->Open->regedit) and find the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . Delete the 'SAHAgent' entry.

    Next, deregister the LSP part of ShopAtHomeSelect. The easiest way to do this is to use a tool such as LSPFix . Tell it to 'Remove' lsp.dll and 'Keep' the rest.

    (It is possible to remove LSPs by hand by editing the registry, but it's quite a bit of effort and it's easy to make a mistake. If you want to try anyway, run 'regedit' and find the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 . For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have. See, I told you it was a lot of effort.)

    Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the commands:
    cd "%WinDir%\System"
    regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"
    cd "..\Downloaded Program Files"
    del WEBinstaller.dll
    del SAH*.exe

    Restart the computer and you should be able to delete the files 'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe' and 'SahAgent.exe' from the System folder (inside the Windows folder; called 'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP). You can also delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean up if you like.
    http://www.spy-bot.net/ShopAtHomeSelect.asp
    http://computercops.biz/lsp-91.html

    http://www.kephyr.com/spywarescanner...ct/index.phtml

  4. #4
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    in my opinion it sounds like its in the system restore directory. So turn off system restore and than navigate to that directory and you should be able to delete it.

    If I'm way off... I'm sorry for posting usless crap.

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    One more little note. If you plan to do anything with LSP fix, make damn sure that you check with someone before you go removing anything from the winsock stack. If you screw it up, I can guarantee a complete reformat and reinstall... the winsock is very difficult to work with, and once it is hosed, bye-bye internet.

  6. #6
    Member
    Join Date
    Jan 2004
    Posts
    81
    Thanks Kurt but I tried those instructions already and got nowhere. Maybe Ad-Aware is playing up or something, I don't know.

    To start with, there's no {30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2} entry inside the Downloaded Program Files folder, nothing in Add/Remove, nothing at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ that says ShopAtHomeSelect anything, then no log in C: drive and no SAHUninstall.exe in the Windows folder either.

    Next onto manual removal : nothing at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run called SAHAgent. I got the LSP fix but didn't know how to use it and by this time I just gave up. (That and the fact that there's no \TEMP extension to the _RESTORE folder.)

    Finally there's no key called HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

    I'll just check all this again because it sounds unbelievable...............oops, there's NOTHING in Add/Remove, I guess I tinkered too much again. Oh well, at least I backed up my files this time. I've been changing the VCache and Swap File size + another couple of things, so do you reckon that by trying to get F-Zero to run faster I've caused this?

    I've gotta admit thought that I did check on the net and see someone with the same problem : SAHAgent and no \TEMP extension, so maybe it isn't just me.........yeah I checked all the registry keys again and nothing. I'm also having an error message when I boot up saying that the computer can't load everything, so I'm out.

    Sorry I forgot to PM you a reply a while back too Kurt, I've not been here in a bit but I did get my last problem sorted as far as I rememeber, I think it was with Firefox......

    Later anyway and thanks for trying to help.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  7. #7
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Eonfire, your problem sounds as if it's a little more advanced for the fixes that have already been posted, so I'm not sure that what I'm going to post will help any, but I wanted to share my recent experience with SAHAgent.

    I just dealt with SAHAgent on a friend's PC last night - let me just say that was an annoying piece of spyware because of how you have to remove it. I began by running an AdAware scan - AA picks it up properly as SAHAgent, but AA doesn't know how to remove it correctly.

    **WARNING** If you let AA remove SAHAgent it will hose your network connections, making Net access non-functioning.

    However, if this happens, you don't have to reinstall your OS - you can go to your Quarrantine area from AA and undo your changes, effectively placing SAHAgent back on your machine. Reboot, and your network connections are back.

    I ended up finding a working fix here (it's essentially what kurt_der_koenig posted):
    http://www.spyany.com/program/articl..._SAHAgent.html

    Be careful with this one guys and DON'T let AA remove it for you...
    - Maverick

  8. #8
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    Thanks Kurt but I tried those instructions already and got nowhere. Maybe Ad-Aware is playing up or something, I don't know.
    Sorry Eonfire, thats all I can think of! One of those things for me that I would need to be there to try to figure it out.

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Last year we had a lot of users with this and it was a real pain to try and fully remove it.

    Here's a few more options

    http://securityresponse.symantec.com....sahagent.html

    http://www.spy-bot.net/ShopAtHomeSelect.asp
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  10. #10
    Member
    Join Date
    Feb 2004
    Posts
    33
    Belcaro Group Inc., 7100 East Belleview Avenue, #305, Greenwood Village, CO 80111
    303-843-0302 Fax: 303-843-0377
    privacy@BelcaroGroup.com
    May be bundled with Grokster, IMesh, Favoriteman and from www.shopathomeselect.com

    These are the folks who put it out, if anyone lives near them, piss on the side of their building for me , too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides