msconfig startup programs

[Don]

I've been fighting a war with the SAHBundle/SAHAgent trying to remove it
from my system. It keeps adding the startup command in msconfig and I want
to remove it completely. I am also finding the same situation with the spy
sweeper program which I uninstalled but the startup command keeps
reappearing in msconfig. I have gone through the various removal options and
deleted the key in my registry
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) but it
continues to reappear as soon as I close the view. I have already removed
the item from the ...documents and settings\%user name%\local settings\temp.
My ad-aware se plus program identifies and removes it over and over and over
.... and it still reappears. How can I remove items from my msconfig startup
options (and my system completely) so that it won't return?

 

[WTC]

I've been fighting a war with the SAHBundle/SAHAgent trying to remove it
from my system. It keeps adding the startup command in msconfig and I want
to remove it completely. I am also finding the same situation with the spy
sweeper program which I uninstalled but the startup command keeps
reappearing in msconfig. I have gone through the various removal options
and deleted the key in my registry
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) but it
continues to reappear as soon as I close the view. I have already removed
the item from the ...documents and settings\%user name%\local
settings\temp. My ad-aware se plus program identifies and removes it over
and over and over ... and it still reappears. How can I remove items from
my msconfig startup options (and my system completely) so that it won't
return?

Removal Instructions
http://sarc.com/avcenter/venc/data/adware.sahagent.html

 

[Don]

Been there done that ..., it doesn't accomplish what I'm posting about. NEXT
??

 

[Don]

Still no answer and the SAHAgent is outsmarting the experts. Can't anyone
help me??? Symantec doesn't help ... Microsoft's new beta spyware program
doesn't fix it and I'm still looking for the right answer. HELP !!!!

 

[WTC]

Still no answer and the SAHAgent is outsmarting the experts. Can't anyone
help me??? Symantec doesn't help ... Microsoft's new beta spyware program
doesn't fix it and I'm still looking for the right answer. HELP !!!!

You can try this

1. Create a directory on drive 'c:\' called Trend.
2. Download the following three items.
a. Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Download sysclean.com and save it in the directory 'c:\Trend'.
b. Latest Trend Pattern Files
http://www.trendmicro.com/download/pattern.asp
Download and save the Trend Pattern files by obtaining the ZIP file in
the directory 'c:\Trend'. For example, lpt265.zip. Extract the contents of
the ZIP file to the directory 'c:\Trend'.
3. Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4. Reboot your PC into Safe Mode.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315222
5. Using both the Trend Sysclean utility (by double-clicking the
sysclean.com in the 'c:\Trend' directory), perform a full scan of your
platform and clean/delete any infectors/parasites found. A few cycles may be
needed.
6. Restart your PC and perform a 'final' full scan of your platform using
the Trend Sysclean utility.
7. Re-enable System Restore and re-apply any System Restore preferences.
(Suggest 400 to 600 MB of disk space to be used).
8. Reboot your PC.
9. Create a new Restore Point.

 

[Don]

I'll try this .. at least it's worth the efffort. I'll hope for the best and
post the results. Thanks -

 

[Don]

Well, it was worth the try but it didn't cure the problem. The trend scan
ran 3 or 4 times in safe mode with the system retsore disabled and this
morning ehrn I rebooted there was the Ad Watch announcement that my msconfig
had been modified and the SAHBundle was back in the registry. Tough nut to
crack here....???

 

[WTC]

Well, it was worth the try but it didn't cure the problem. The trend scan
ran 3 or 4 times in safe mode with the system retsore disabled and this
morning ehrn I rebooted there was the Ad Watch announcement that my
msconfig had been modified and the SAHBundle was back in the registry.
Tough nut to crack here....???

You can try this
http://www.2-spyware.com/entry-sahbundle.html
or
http://www.securemost.com/articles/trou_3_remove_shopathomeselect.htm

If you cannot solve and want to continue to try to fix this problem, I would
suggest make a new post describing what you have tried.

 

[Don]

Through a VERY LONG process over the past 4 days I have found and fixed the
problem. Apparently the Ad Aware SE Plus had been infected somewhere/somehow
and the problem was in the "Ad Watch" part of the software. I went through
every process I could find/attempt and finally, in safe mode, I went through
the registry AGAIN and found and removed all instances and references of
SAHBundle. I had my modem disconnected and rebooted. The difference this
time was that I had disabled Ad Watch so that it did not restart with the
boot process. After booting I ran the Ad Aware scan and it found no spyware
or mention of the SAHBundle as previously found. I then started Ad Watch and
right away it showed the modification to the registry with the addition of
the Sahbundle. Needless to say, I no longer have the "Ad Watch" part of the
Ad Aware SE Plus on my system. What a battle !! But I always feel better
know why and understanding the reason and therefore the battle was worth the
effort. Thanks to all for their efforts and suggestions.

 

[WTC]

Through a VERY LONG process over the past 4 days I have found and fixed
the problem. Apparently the Ad Aware SE Plus had been infected
somewhere/somehow and the problem was in the "Ad Watch" part of the
software. I went through every process I could find/attempt and finally,
in safe mode, I went through the registry AGAIN and found and removed all
instances and references of SAHBundle. I had my modem disconnected and
rebooted. The difference this time was that I had disabled Ad Watch so
that it did not restart with the boot process. After booting I ran the Ad
Aware scan and it found no spyware or mention of the SAHBundle as
previously found. I then started Ad Watch and right away it showed the
modification to the registry with the addition of the Sahbundle. Needless
to say, I no longer have the "Ad Watch" part of the Ad Aware SE Plus on my
system. What a battle !! But I always feel better know why and
understanding the reason and therefore the battle was worth the effort.
Thanks to all for their efforts and suggestions.

Great to hear! I hope you still have all your hair left. These things can
make you pull out your hair. LOL.