ShopAtHomeSelect is a Winsock 2 Layered Service Provider that redirects visits to merchant sites in order to take the affiliate fees from them automatically.

Also known as

Golden Retriever .

Distribution

Bundled with Grokster (around the start of 2003) and iMesh 4.

Also installed by the FavoriteMan parasite from May 2003.

Advertising

No.

Privacy violation

Yes. Each visit to a merchant site is recorded by ShopAtHomeSelect's servers with a unique ID that could be used to track browing habits.

Security issues

Yes. The software can download and execute arbitrary code from its controlling server, as a silent update feature.

Stability problems

On testing, seemed to cause Opera to run quite slowly. Would occasionally make the desktop show an hourglass pointer for a while when accessing its servers.

Removal

There should be an entry in the Control Panel's Add/Remove Programs entry for 'ShopAtHomeSelect Agent'. Use it to remove the software then restart the computer.

You can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry inside the 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean up if you like.

If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even though the software is uninstalled, you can get rid of it by opening the registry (Start->Run->regedit) and deleting the key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent'.

Manual removal

As with all software that uses Winsock2 LSPs, you should be very careful removing ShopAtHomeSelect by hand: if you slip up you may lose all networking ability.

First, open the registry (Start->Open->regedit) and find the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . Delete the 'SAHAgent' entry.

Next, deregister the LSP part of ShopAtHomeSelect. The easiest way to do this is to use a tool such as LSPFix . Tell it to 'Remove' lsp.dll and 'Keep' the rest.

(It is possible to remove LSPs by hand by editing the registry, but it's quite a bit of effort and it's easy to make a mistake. If you want to try anyway, run 'regedit' and find the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 . For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have. See, I told you it was a lot of effort.)

Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the commands:

Restart the computer and you should be able to delete the files 'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe' and 'SahAgent.exe' from the System folder (inside the Windows folder; called 'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP). You can also delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\VGroup to clean up if you like.