IE 6 dead after spy/ad-ware removal

  • Thread starter Thread starter Almo
  • Start date Start date
More on the issue.
http://www.doxdesk.com/parasite/ShopAtHomeSelect.html
--

In case you are not able to reach the site, here the removal text.

Removal
There should be an entry in the Control Panel's Add/Remove Programs entry
for 'ShopAtHomeSelect Agent'. Use it to remove the software then restart the
computer.

You can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry
inside the 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in
the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean
up if you like.

If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even
though the software is uninstalled, you can get rid of it by opening the
registry (Start->Run->regedit) and deleting the key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop
AtHomeSelect Agent'.

Manual removal
As with all software that uses Winsock2 LSPs, you should be very careful
removing ShopAtHomeSelect by hand: if you slip up you may lose all
networking ability.

First, open the registry (Start->Open->regedit) and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . Delete
the 'SAHAgent' entry.

Next, deregister the LSP part of ShopAtHomeSelect. The easiest way to do
this is to use a tool such as LSPFix. Tell it to 'Remove' lsp.dll and 'Keep'
the rest.

(It is possible to remove LSPs by hand by editing the registry, but it's
quite a bit of effort and it's easy to make a mistake. If you want to try
anyway, run 'regedit' and find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pro
tocol_Catalog9 . For each key in Catalog_Entries, open the
'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does
delete that entry. Renumber the remaining keys so that they count up from
000000000001 one at a time, and set the 'Num_Catalog_Entries' value in
Protocol_Catalog9 to the highest key number you have. See, I told you it was
a lot of effort.)

Next, open a DOS command prompt window (from Start->Programs->Accessories)
and enter the commands:

cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
Restart the computer and you should be able to delete the files
'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe' and
'SahAgent.exe' from the System folder (inside the Windows folder; called
'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP). You
can also delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean
up if you like.



Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm
 
Many thanks! The LSPFix utility linked to at the site you
referenced did the trick. I might add that Ad-Aware, a
freebie, found and removed the SAH stuff while SpyHunter,
a $30 item, missed it.
-----Original Message-----
More on the issue.
http://www.doxdesk.com/parasite/ShopAtHomeSelect.html
--

In case you are not able to reach the site, here the removal text.

Removal
There should be an entry in the Control Panel's Add/Remove Programs entry
for 'ShopAtHomeSelect Agent'. Use it to remove the software then restart the
computer.

You can delete the damaged '{30402FF4-3E71-4A1C-9B4B- 1CD3486A9FB2}' entry
inside the 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in
the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean
up if you like.

If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even
though the software is uninstalled, you can get rid of it by opening the
registry (Start->Run->regedit) and deleting the key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers ion\Uninstall\Shop
AtHomeSelect Agent'.

Manual removal
As with all software that uses Winsock2 LSPs, you should be very careful
removing ShopAtHomeSelect by hand: if you slip up you may lose all
networking ability.

First, open the registry (Start->Open->regedit) and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi on\Run . Delete
the 'SAHAgent' entry.

Next, deregister the LSP part of ShopAtHomeSelect. The easiest way to do
this is to use a tool such as LSPFix. Tell it to 'Remove' lsp.dll and 'Keep'
the rest.

(It is possible to remove LSPs by hand by editing the registry, but it's
quite a bit of effort and it's easy to make a mistake. If you want to try
anyway, run 'regedit' and find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSo ck2\Parameters\Pro
tocol_Catalog9 . For each key in Catalog_Entries, open the
'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does
delete that entry. Renumber the remaining keys so that they count up from
000000000001 one at a time, and set
Click to expand...
the 'Num_Catalog_Entries' value in
Protocol_Catalog9 to the highest key number you have. See, I told you it was
a lot of effort.)

Next, open a DOS command prompt window (from Start-
Programs->Accessories)
and enter the commands:

cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
Restart the computer and you should be able to delete the files
'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownload er.exe' and
'SahAgent.exe' from the System folder (inside the Windows folder; called
'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP). You
can also delete the registry key
Click to expand...
HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean
 
Back
Top