Arcade File Downloads UsenetGeeks
Email
Confirm email
Articles Spyware Removal File Help Startup DB Tips Service DB News Hijack This! Analyzer

 

SAHagent Removal
NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Overview:
SAHagent is a browser hijacker that monitors all of the sites you visit and inserts affiliate code wherever possible to make THEM money instead of the referring website. As a webmaster that earns income off some affiliate programs I believe this is a truly aweful hijacking. This is commonly bundled with some kind of "free" software like Grokster and IMesh to make money for the developers of that software. It will contact it's home servers and log information about the sites you visit. There is also an automatic update which can potentially install additional junk onto your system without your permission. There's really no reason I've been able to think of for this to NOT be removed immediately.

brought to you by: http://www.shopathomeselect.com/

There might be a built in uninstaller for this application under add/remove there could be a listing for "ShopAtHomeSelect Agent"

Also Known As:
Golden Retriever Software
GRS
ShopAtHome
ShopAtHome.com
ShopAtHomeSelect

Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sahagent
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sahbundle

Reboot your system then:

Make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to the processes below should be deleted

End Processes (may or may not exist):
bundle.exe
sahagent.exe
sahagent1019.exe
sahdownloader.exe
sahhtml.exe
sahuninstall.exe
sahuninstall_.exe

Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.

Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.

atpartners.dll
lsp.dll
xmlparse_.dll
xmltok_.dll

Clean your Registry:

You should be back to normal IF this was your only problem. I suggest you post in our HJT forum since its not likely that this is your only bug. Read this first

Printer Friendly

Article Index:
Talk About it! -->
Copyright 2005 I Am Not A Geek Inc.