A
AndyManchesta
Hi Alice The only shop at home i know is shop at home
select search which is usally bundled with grokster and
Imesh and a few other p2p sharing programs,but it needs
fixing as it records your internet actions and is a
search hijacker,slows your pc down and downloads and
executes code without you knowing.
I agree with you that it is a severe one as it enters it
self into the winsock settings so removing it can cause
loss of internet connection if it goes wrong.The obvious
thing is run a scan with Microsoft Antispy in safe mode
and see if it clears it but apart from that im not sure
of programs that will definitly remove this so will have
to give manual removal instructions.
Heres the removal instructions and fixes if you lose your
internet connection,If you are not sure of anything just
reply before starting and i will help where i can.
Removal
Check Control Panel's Add/Remove Programs entry
for 'ShopAtHomeSelect Agent'. Use it to remove the
software then restart the computer.
You can delete the damaged
'{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}'
entry inside the 'Downloaded Program Files' folder, the
'SAHUninstall.exe'
file in the 'Windows' folder to clean up if you like.
If the entry for ShopAtHomeSelect remains in your
Add/Remove Programs even though the software is
uninstalled, you can get rid of it by opening the
registry
(Start->Run->regedit) and deleting the key
Take your time with this part first open regedit then go
to HKEY_LOCAL_MACHINE then click the plus (+) next to it
then go to SOFTWARE and click the plus (+) Then MICROSOFT
and click the + then WINDOWS and the + then CURRENT
VERSION and + and finally to UNINSTALL and + again to
open the folder find SHOP AT HOME and delete it
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Uninstall\ShopAtHomeSelect Agent'.
Next find the key (using the same process as above
clicking the pluses (+) untill you get to the run folder)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run . Delete the 'SAHAgent' entry.
Next, deregister the LSP part of ShopAtHomeSelect. The
easiest way to do this is to use a tool such as LSPFix.
http://www.cexx.org/lspfix.htm
Download to your desktop and then run,once started click
the box that says 'I know what im doing'
Tell it to 'Remove' lsp.dll and 'Keep' the rest.
(It is possible to remove LSPs by hand by editing the
registry,but it involves loads of registry values and it
would be easy to make a mistake so think the lsp fix is
far easier to use but make sure you only choose to remove
lsp.dll and nothing else
Next, open a DOS command prompt window (from Start-
Note** you can copy and paste these in one line at a time
starting from the top and working down (The second line
is one command from regsvr32 to WEBinstaller.dll")
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program
Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
Restart the computer and you will now be able to delete
the files
Search for them if you want as that might be faster but
enable hidden files and uncheck the hide for all known
types box.Search for all files and folders in my computer
(Enable viewing of hidden files and folders and
extensions; Start Windows Explorer and click on
your main hard drive, usually c:\. Then select Tools from
the top of Windows Explorer and then Folder Options. Go
to the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types.
tracking.tmp
vg.dat
v.dat
lsp.dll
SahDownloader.exe
SahAgent.exe
from the System folder (inside the Windows folder;
called 'System' on Windows 95/98/Me or 'System32' under
Windows NT/2000/XP).
Also search for these and delete if found:
sahagent.log
cleansahagent
ntmsjrnl
pestinfoimportme
goldenretrieve
sahupdate
xmlparse
xmltok
atpartners
bundle.exe
You can also delete the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean up if you
like.
Id also advise clearing out any temp files as this will
also use them folders:
Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.
Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp)
Then thats it.Its been killed but i want to post these 2
LSP fix programs just incase you need them as if you make
a mistake you might not be able to get on the net to let
us know without the help of either of these.They both are
free and work well so you dont have anything to worry
about and they will get you back on the net within 60
seconds if needed.
The First Is Winsock2 Fix : And is for Windows 98, 98SE,
or Windows Me
http://www.greyknight17.com/spy/Winsock2Fix.zip
Download w2fix.exe to the desktop. (Important: w2fix.exe
cannot be run from a floppy disk as the program reboots
the computer and a floppy disk would interfere with the
boot sequence.)
Note: If you accidentally downloaded the program to a
location other than the Desktop, copy it to the Desktop
now
Double click on the w2fix file on your Desktop and follow
the on-screen instructions. You will be prompted to
reboot your computer twice before the fix is complete.
You can delete the w2fix.exe file from your computer
after the fix is installed.
The Next is Winsock XP fix:
http://www.snapfiles.com/download/dlwinsockxpfix.html
Follow the same instructions as above
Then its done and everything will be deleted,Maybe your
antispy programs will have removed most of this but might
of left one or two items in place which would explain it
coming back each day but this will remove it for good and
although ive pointed out you might lose your internet
connection with the links ive provided even if you do its
not a problem and can be fixed really fast.There maybe
easier ways to deal with this but as far as i know this
is the only sure way to delete the process and all
connected files.
Good Luck Andy
select search which is usally bundled with grokster and
Imesh and a few other p2p sharing programs,but it needs
fixing as it records your internet actions and is a
search hijacker,slows your pc down and downloads and
executes code without you knowing.
I agree with you that it is a severe one as it enters it
self into the winsock settings so removing it can cause
loss of internet connection if it goes wrong.The obvious
thing is run a scan with Microsoft Antispy in safe mode
and see if it clears it but apart from that im not sure
of programs that will definitly remove this so will have
to give manual removal instructions.
Heres the removal instructions and fixes if you lose your
internet connection,If you are not sure of anything just
reply before starting and i will help where i can.
Removal
Check Control Panel's Add/Remove Programs entry
for 'ShopAtHomeSelect Agent'. Use it to remove the
software then restart the computer.
You can delete the damaged
'{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}'
entry inside the 'Downloaded Program Files' folder, the
'SAHUninstall.exe'
file in the 'Windows' folder to clean up if you like.
If the entry for ShopAtHomeSelect remains in your
Add/Remove Programs even though the software is
uninstalled, you can get rid of it by opening the
registry
(Start->Run->regedit) and deleting the key
Take your time with this part first open regedit then go
to HKEY_LOCAL_MACHINE then click the plus (+) next to it
then go to SOFTWARE and click the plus (+) Then MICROSOFT
and click the + then WINDOWS and the + then CURRENT
VERSION and + and finally to UNINSTALL and + again to
open the folder find SHOP AT HOME and delete it
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Uninstall\ShopAtHomeSelect Agent'.
Next find the key (using the same process as above
clicking the pluses (+) untill you get to the run folder)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run . Delete the 'SAHAgent' entry.
Next, deregister the LSP part of ShopAtHomeSelect. The
easiest way to do this is to use a tool such as LSPFix.
http://www.cexx.org/lspfix.htm
Download to your desktop and then run,once started click
the box that says 'I know what im doing'
Tell it to 'Remove' lsp.dll and 'Keep' the rest.
(It is possible to remove LSPs by hand by editing the
registry,but it involves loads of registry values and it
would be easy to make a mistake so think the lsp fix is
far easier to use but make sure you only choose to remove
lsp.dll and nothing else
Next, open a DOS command prompt window (from Start-
Note** you can copy and paste these in one line at a time
starting from the top and working down (The second line
is one command from regsvr32 to WEBinstaller.dll")
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program
Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
Restart the computer and you will now be able to delete
the files
Search for them if you want as that might be faster but
enable hidden files and uncheck the hide for all known
types box.Search for all files and folders in my computer
(Enable viewing of hidden files and folders and
extensions; Start Windows Explorer and click on
your main hard drive, usually c:\. Then select Tools from
the top of Windows Explorer and then Folder Options. Go
to the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types.
tracking.tmp
vg.dat
v.dat
lsp.dll
SahDownloader.exe
SahAgent.exe
from the System folder (inside the Windows folder;
called 'System' on Windows 95/98/Me or 'System32' under
Windows NT/2000/XP).
Also search for these and delete if found:
sahagent.log
cleansahagent
ntmsjrnl
pestinfoimportme
goldenretrieve
sahupdate
xmlparse
xmltok
atpartners
bundle.exe
You can also delete the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean up if you
like.
Id also advise clearing out any temp files as this will
also use them folders:
Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.
Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp)
Then thats it.Its been killed but i want to post these 2
LSP fix programs just incase you need them as if you make
a mistake you might not be able to get on the net to let
us know without the help of either of these.They both are
free and work well so you dont have anything to worry
about and they will get you back on the net within 60
seconds if needed.
The First Is Winsock2 Fix : And is for Windows 98, 98SE,
or Windows Me
http://www.greyknight17.com/spy/Winsock2Fix.zip
Download w2fix.exe to the desktop. (Important: w2fix.exe
cannot be run from a floppy disk as the program reboots
the computer and a floppy disk would interfere with the
boot sequence.)
Note: If you accidentally downloaded the program to a
location other than the Desktop, copy it to the Desktop
now
Double click on the w2fix file on your Desktop and follow
the on-screen instructions. You will be prompted to
reboot your computer twice before the fix is complete.
You can delete the w2fix.exe file from your computer
after the fix is installed.
The Next is Winsock XP fix:
http://www.snapfiles.com/download/dlwinsockxpfix.html
Follow the same instructions as above
Then its done and everything will be deleted,Maybe your
antispy programs will have removed most of this but might
of left one or two items in place which would explain it
coming back each day but this will remove it for good and
although ive pointed out you might lose your internet
connection with the links ive provided even if you do its
not a problem and can be fixed really fast.There maybe
easier ways to deal with this but as far as i know this
is the only sure way to delete the process and all
connected files.
Good Luck Andy