Jump to content

Sign in to follow this  
Enchantra

Need Computer advice

Recommended Posts

Heya!

A few months ago my sister got herself a nice Dell computer. She has a Firewall, spyware removal, and antiviral software all working on her computer and updated regularly.

 

Well suddenly she is having a problem where everytime she boots up her computer it will not let her connect to the internet because something in Winsock has been changed. She has been going into the files, fixing everything. Then she also fixes it in the registry. After all this she is finally able to get on the internet, only to have the problem reappear everytime she reboots or turns on her computer.

 

So what might this be? I was thinking it was probably some malicious spyware that has attached itself to her computer somehow.

 

She would be most grateful for the help.

 

PM me if you would like her email address as she currently has her computer on waiting for any advice she can get.

Share this post


Link to post
Share on other sites

Has she run some spyware removal recently? If so, did the internet 'poop-out' right afterwards? If so, then that there malicious spyware killed her winsock (she was right).

 

Hard way to fix it: Re-extract Winsock.

 

What OS is she running?

Share this post


Link to post
Share on other sites

Hate to spam this topic, but I did some research on this a few weeks ago for my folks (Dad's not the most compute-savvy guy out there).... Here's what most likely kit her, if the scenario I described above is indeed what happened:

 

SAHAgent is an adware implemented as LSP ( Winsock 2 Layered Service Provider). It redirects visits to merchant sites in order to take the affiliate fees from them automatically. SAHAgent adware is also known as Golden Retriever, ShopAtHome, ShopAtHomeSelect.

SAHAgent is a Winsock2 Layered Service Provider. If you merely delete registry entries and files (as some spyware removal tools do), you stand a good chance of losing your network and Internet connections.

 

 

Also, as a fix... I've never tried

WinSockXPFix... But I've heard good things. It's freeware.

 

Again, Hope I'm helpin!

Share this post


Link to post
Share on other sites

Again, sorry... if it IS SAHAgent, here's the full removal instructions:

 

Follow these removal instructions to remove SAHAgent from your computer:

 

  1. Click Start > Settings > Add/Remove Programs > Control Panel, and select the entry 'ShopAtHomeSelect Agent' and click 'Remove' to remove the software.

  2. Reboot your Windows.

  3. Once you have uninstalled via Add/Remove programs, you can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry inside your 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean up.

  4. If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even though the software is uninstalled, you can remove it by opening the registry editor (Start > Run > regedit) and deleting the key:

      'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ ShopAtHomeSelect Agent'.

 

 

If the above procedures do not work for any reason, you may manually remove SAHAgent, but at great risk of losing your network and Internet connections:

 

  1. Open the registry editor (click Start > Open > regedit ).

  2. Navigate to the key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

 

      In the right pane delete the 'SAHAgent' entry.

  3. Deregister the LSP part of ShopAtHomeSelect.

      In the registry editor, find the key

      HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ WinSock2 \ Parameters \ Protocol_Catalog9. For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have.

  4. Open a DOS command prompt window (from Start > Programs > Accessories) and enter these commands:

 

      cd "%WinDir%\System"

      regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"

      cd "..\Downloaded Program Files"

      del WEBinstaller.dll

      del SAH*.exe

      del setup.inf

      del xmlparse_.inf

      del xmltok_.inf

      del C:\sahagent.log

      Note: %WindDir% is a variable, by default this is c:\windows on Windows 95/98/Me/XP or c:\winnt on windows 2000/NT.

  5. Restart the computer.

  6. Open the System folder (inside the Windows folder; called 'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP), delete the following files:

      'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe', 'SahAgent.exe' and 'SAHhtml.exe'

  7. Open Windows folder, delete the file SAHUninstall.exe.

  8. Delete the following registry keys to clean up:

 

      HKEY_LOCAL_MACHINE\SOFTWARE\VGroup

      HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2\Layered Provider Sample (or the

      entire Winsock2 key since it is a duplicate of the real key)

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App

      Management\ARPCache\ShopAtHomeSelect Agent

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S

      hopAtHomeSelect Agent

Share this post


Link to post
Share on other sites

She just came over and extracted the needed files from my computer as that is what Microsoft told her to do. She is using those files to replace the corrupted ones. I have this weird feeling it isn't going to work.

 

I kind of figured it was malicious spyware causing the problem.

 

She is running XP Home Edition as am I.

 

I will pass along the links. Thanks.

Share this post


Link to post
Share on other sites
Enchantra, if that doesn't correct the issue, pls get us some verbatim error msgs or screenshots.

I will see what I can do, but I don't have access to her computer.

Share this post


Link to post
Share on other sites
Enchantra, if that doesn't correct the issue, pls get us some verbatim error msgs or screenshots.

I will see what I can do, but I don't have access to her computer.

Sure ya do; if you use MSN Messenger, there's a remote assistance feature. she can ask you for assistance, and you can look at her desktop from there....

 

but wait. her internet isn't working when this problem is in place.

 

NEEEEVERMIIIIIIND. :-D

 

 

Just have her hit printscreen then dump it into a word doc or MSPaint window, and save it. once she gets the system back online she can send it. ;)

Share this post


Link to post
Share on other sites
I don't use MSN Messenger anyways.

But it's got such nifty things that only come standard if you jump in bed with the operating system giant.

 

I'd know, I'm sitting in the belly of the beast right now, doing tech support. :)

Share this post


Link to post
Share on other sites

Gah, no thanks. In fact you very well might have chatted with my sister as she called Microsoft yesterday and today regarding the issue.

Share this post


Link to post
Share on other sites
Gah, no thanks. In fact you very well might have chatted with my sister as she called Microsoft yesterday and today regarding the issue.

If she called in on home, I wouldn't have. I do pro level support on servers, she'd have called in on the personal level support line.

Share this post


Link to post
Share on other sites

Well She went and did everything Microsoft told her to do. The problem still existed. So The Polo, she did what you suggested. She thought it was fixed, she rebooted and the problem had returned. Whatever she picked up is mean and nasty.

 

So now she is doing the one and only thing she thinks will fix it. She just formatted her hard drive and is reinstalling windows...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×