Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe How to detect SAHAgent:
Files:
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe
Folders:
[%SYSTEM%]\sahimages
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
HKEY_CLASSES_ROOT\interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
HKEY_CLASSES_ROOT\interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
HKEY_CLASSES_ROOT\webinstaller.execute
HKEY_CLASSES_ROOT\webinstaller.execute.1
HKEY_LOCAL_MACHINE\software\vgroup
HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample
HKEY_CLASSES_ROOT\typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\m3mtlgp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\mo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\mo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/sahdownloader_.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\un
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hc13cfvo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hc13cfvo
Removing SAHAgent:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
No comments:
Post a Comment