 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top 25 Spyware:
Glossary Latest Detections  |
 |
Spyware/SAHAgentAlias: ShopAtHomeSelect, SAHAgent
Description: This Remote Administration tool was created with a certain purpose: it has a "downloader" and "dropper" function. It was designed so, that once inside the system, it downloads and installs a bigger virus. This RAT originated in August 1999 (Golden Retriever 1.1B), but later in September 2001 a newer version appeared. The author of this pest is a hacker called Noa. Threat type: Spyware - Spyware is any software application that gathers information from the user's PC and transmits it to the Spyware author (usually hackers, but sometimes corporations). The information is gathered and transmitted without the user's knowledge or consent. Spyware applications may steal sensitive corporate information and transmit it to competitors. Spyware also degrades PC performance and can consume huge amounts of bandwidth, especially on corporate servers. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy. Detection: SpyNoMore detects Spyware/SAHAgent: Yes Threat risk: High Risk  Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans. Symptoms:
Running Process Signatures: N/A File Signatures: %WINDOWS%\downloaded program files\sahuninstall_.exe %WINDOWS%\downloaded program files\sahagent_.exe %WINDOWS%\system32\lsp.dll %PROFILE%\administrator\recent\shopathome.lnk %WINDOWS%\system\lsp.dll %WINDOWS%\downloaded program files\sahdownloader_.exe %WINDOWS%\system32\sahhtml.exe %WINDOWS%\poh.exe %WINDOWS%\system32\lsp.xx %PROFILE%\local settings\temp\umqltg4cl_.exe %PROFILE%\administrator\recent\shopathomeprivacy.txt.lnk %WINDOWS%\downloaded program files\lsp_.dll %WINDOWS%\system32\sahagent.exe %WINDOWS%\system32\h0033snv.dll %PROFILE%\locals~1\temp\bundle.exe %PROFILE%\local settings\temp\sahupdate\sahdownloader_.exe %WINDOWS%\sahuninstall.exe %WINDOWS%\downloaded program files\xmlparse_.dll %WINDOWS%\system32\sahdownloader.exe %PROFILE%\administrator\recent\goldenretrievereula.txt.lnk %WINDOWS%\downloaded program files\sahhtml_.exe %WINDOWS%\system32\bks.dll c:\sahagent.log %WINDOWS%\lgu4a0mt.exe %WINDOWS%\system32\sahagent1019.exe %PROFILE%\administrator\recent\shopathomememberagreement.txt.lnk %WINDOWS%\downloaded program files\xmltok_.dll %WINDOWS%\system32\ti4bg5f3.exe %WINDOWS%\system\sahdownloader.exe %WINDOWS%\system32\gah95on6.exe %WINDOWS%\temp\bundle.exe Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: %WINDOWS%\system32\sahimages Registry Signatures: HKCR\typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5} HKCR\webinstaller.execute HKLM\software\winsock2\layered provider sample HKLM\software\microsoft\windows\currentversion\uninstall\m3mtlgp HKLM\software\vgroup HKCR\interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc} HKCR\webinstaller.execute.1 HKLM\software\microsoft\windows\currentversion\uninstall\shopathomeselect agent HKCR\clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2} HKCR\interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8} SpyNoMore Collected Residual File Signatures: N/A
| | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||
|
||||
 |
|
 | ||