Recently I was doing some company research on the Internet and spent a good deal of time going to a number of sites. I closed Internet Explorer, and when I went back in, I had a new toolbar from ShopatHomeSelect.com. It wasn't there the last time I was in IE, and it had installed without my knowledge. There were no cues that anything was installing when I was last in IE. I found I now had the ShopAtHome Agent in my list of Add/Remove programs, so I removed it. I was met with a cutesy message to the effect that "This is not spyware. Why do you want to remove such a great program?" which I, of course, ignored and continued with the process of uninstalling. I also went to the registry and removed a number of keys relating to ShopAtHome. I ran Ad-Aware and Spybot and was satisfied that SAH was gone.
I then went to IE and received a message that page could not be displayed. I could receive e-mail in Outlook, still had Internet connectivity, and everything else was working fine except IE. While troubleshooting, I went to Windows Explorer and tried to go to a site and that worked fine. I could pop up my Links toolbar and use Windows Explorer like IE without a problem, but I could only get to the Internet through Windows Explorer; IE had ceased to work. I'll spare you all of the steps, but I did go through uninstalling/reinstalling IE using steps in MS KB article 318378, with no results, and even restored WinXP from a restoration CD. Everything else still worked fine except IE. I had exported the registry keys I removed, so to test a theory that SAH was still the culprit, I restored those keys and IE started working again. The agent is no longer installed and I don't believe data is being sent to SAH (when I first noticed the toolbar, I would see an SAH address pop up before redirecting me to my chosen site but it no longer does that).
Today, I updated Spybot, ran it again, and it came up with a long list of SAH registry keys. Since the agent was uninstalled, I let Spybot get rid of those entries and IE stopped working again. I selectively restored them one by one, and have pinned the source of the problem to a VGroup registry key in HKLM/Software. Removing this key makes IE stop working. I went through and edited the string values, e.g., changed "DateToCheckForNewUpdate" from 2003-12-03 to 2045-12-03 (don't expect to be using this computer by then), so the values in those strings are entirely useless and mostly gibberish. IE is still working after editing all of the values, but I can't get rid of the entire Vgroup key.
Who are these people and why are they allowed to co-exist with decent folk? Does anyone have any information about problems with these [expletives deleted]?
Copied this post from Lockergnome
Brian G.
Securlon Consulting, LLC
I then went to IE and received a message that page could not be displayed. I could receive e-mail in Outlook, still had Internet connectivity, and everything else was working fine except IE. While troubleshooting, I went to Windows Explorer and tried to go to a site and that worked fine. I could pop up my Links toolbar and use Windows Explorer like IE without a problem, but I could only get to the Internet through Windows Explorer; IE had ceased to work. I'll spare you all of the steps, but I did go through uninstalling/reinstalling IE using steps in MS KB article 318378, with no results, and even restored WinXP from a restoration CD. Everything else still worked fine except IE. I had exported the registry keys I removed, so to test a theory that SAH was still the culprit, I restored those keys and IE started working again. The agent is no longer installed and I don't believe data is being sent to SAH (when I first noticed the toolbar, I would see an SAH address pop up before redirecting me to my chosen site but it no longer does that).
Today, I updated Spybot, ran it again, and it came up with a long list of SAH registry keys. Since the agent was uninstalled, I let Spybot get rid of those entries and IE stopped working again. I selectively restored them one by one, and have pinned the source of the problem to a VGroup registry key in HKLM/Software. Removing this key makes IE stop working. I went through and edited the string values, e.g., changed "DateToCheckForNewUpdate" from 2003-12-03 to 2045-12-03 (don't expect to be using this computer by then), so the values in those strings are entirely useless and mostly gibberish. IE is still working after editing all of the values, but I can't get rid of the entire Vgroup key.
Who are these people and why are they allowed to co-exist with decent folk? Does anyone have any information about problems with these [expletives deleted]?
Copied this post from Lockergnome
Brian G.
Securlon Consulting, LLC