ShopAtHome

Description: Spyware
Risk Level: High
Date of First Occurence: Tuesday, April 15, 2008
Software Developer: Balcaro Group
Brief Info: ShopAtHome is a browser redirector that monitors your browsing behavior and online purchases.
Removal: This threat can be removed using "Spyware Terminator"

REMOVER SPYWARE »

Geographical Distribution of Threat "ShopAtHome"

Threat Info

View All

Detected Items

  1. Detected Files: %SYSDIR%\lsp.dll MD5: F2068DC9D8F5DE841055283FD8DC88EA Size:114688 MD5: 82FC25E85FD781BD44056F575C70FB5F Size:69632 MD5: E2ADDF35DD4888741F722FEA41D717FF Size:57344 MD5: 1796FE864A7A19348E017F69D0BEFEDB Size:53248 MD5: F82365EB1DD2319B39BDE1B808004AC9 Size:110592 MD5: D6E72137C788F57E5FEA11B518C4C4A7 Size:1476608 MD5: 8101C8992D8CD1D91D45292E79F6CDC0 Size:286770 MD5: 5763119A76E4079294B9C119D76717CF Size:53248 MD5: FB770776D4F3B11648D0E84503B5334D Size:214448 MD5: DCB46045F375BC4397EC4FD5164DCA32 Size:40960 MD5: 97B82E0F361336B28F37E12AD6D571C3 Size:53248 %DOWNLOADEDPROGRAMFILES%\WEBInstaller.dll MD5: 5309C94CF4493CC71C5693544F504A3A Size:90112 MD5: E48772297289EF3AD9142F9CE88035CD Size:165600 MD5: C63D9FDD79EC358B9EEF3ED7A37A27DB Size:90112 MD5: 0F323A618E2CCD0E626E3D2514A93042 Size:90112 MD5: EE129B4BBCB620F522A878B940304652 Size:90112 MD5: 15E44D4E0F992BCB3F2AB321BA70E190 Size:90112 MD5: D97EDD31DA535F46E0FAA0F485F39368 Size:165544 MD5: 4B90B86D12FCA7EE1118C3F088453AE8 Size:90112 MD5: 9329DB2428D5AC1CA7A16E5D4F8EA76D Size:90112 MD5: A8F10D29DA0352AE61B4029F1D81B46E Size:192512 MD5: B523453E41ABD4584ED684F42CBD1A13 Size:58880 MD5: A87340BA30CEA2379D88ACBDBED02F1B Size:282624 and more.... %TEMP%\liqp7c25q_.dll MD5: FBB539182AA6A6BDC69ADC4206C0D6F5 Size:73728 MD5: DEF8EF86BB82A5B943B3C50F0BAC3C46 Size:73728 %SYSDIR%\sahagent1020.exe MD5: 56C0405F8B9ADAD66EE85D34166B3DED Size:55216 %SYSDIR%\sahagent1019.exe MD5: 8C947E1D5F8872596CA6D6032EBA7C6C Size:55217 %SYSDIR%\sahagent1002.exe MD5: 4A959605D3305F80466251B0AC8427DA Size:74079 %SYSDIR%\SahHtml.exe MD5: F3D9E62C8E8E03EF5D37168A7C43976F Size:258048 MD5: 80A102E183B89DF285FFEC16170D0519 Size:31744 MD5: 37E0D2946D5F3C2B027CD645432C1A6E Size:55808 MD5: 6FC117188F3B506EB9C6774770C22823 Size:32768 MD5: 1F52944F81B9EA236AA0579887D3F184 Size:77824 MD5: D7149B70AED0585CA8505B0583173586 Size:31232 MD5: 747A516217EEFFABA6E8D1C90646CC76 Size:77824 %SYSDIR%\sahagent1006.exe MD5: 0F93AF96A40DB6E49ED1022C1196B4FD Size:74591 %SYSDIR%\SahAgent.exe MD5: 0A3F8B1D0FB60626DAD0EAA62958FB1F Size:266240 MD5: 7862A81D5D5157FE1F67D124777909E8 Size:158720 MD5: C84AEC25F1C54A03EC7AFCFCC40B77F8 Size:159744 MD5: 2C6456C0815BFA7F0E8256D1303AA58D Size:237568 MD5: F52981EBE5E8680AF3F4CB3215D03F35 Size:146944 MD5: 0173627DCB381C93A38D8EF86E3E85EC Size:154112 MD5: 178B9FBB8B8172ADF724429F846DD140 Size:233472 MD5: 05E5A05F373C3DA1AE7488A7C2338D37 Size:237568 %SYSDIR%\sahagent1025.exe MD5: AAB62575C1E8F2AEE4D649B6369C83BD Size:55055 %SYSDIR%\sahagent1014.exe MD5: D714A6EA3DDEDA8A3167D76E20A48C40 Size:55217 %SYSDIR%\sahagent1003.exe MD5: 82344899BC34CE448A909F5BB7C56E5C Size:74075 %SYSDIR%\sahagent1018.exe MD5: A8A064BE899B31934AEF9E875C3D4F51 Size:55217 %SYSDIR%\sahagent1008.exe MD5: 4250EE75F2832C6281D69DF43B289BCD Size:74591 %SYSDIR%\sahagent1004.exe MD5: D023AAAC181DB7D2FFC58ACC440DB1E1 Size:74076 %SYSDIR%\sahagent1013.exe MD5: 4B0AC991E704868CDB1FF25258D0EF6F Size:55217 %SYSDIR%\sahagent1007.exe MD5: 33636F46C59DF8C8CDB33C068CEAD373 Size:74591 %SYSDIR%\sahagent1001.exe MD5: F0E70D8A757EC0A886E3397AADB8D4F5 Size:74078 %SYSDIR%\sahagent1021.exe MD5: 3EF572280BABDE6B74D8DF19039262CD Size:55054
  2. Detected Files with variable Filenames: MD5: E48772297289EF3AD9142F9CE88035CD Size: 165600 %DOWNLOADEDPROGRAMFILES%\WEBInstaller.dll %WINDIR%\downloaded program files\WEBInstaller.dll MD5: 6C1D1C05BC464C0833BA5D64C77DC4A8 Size: 30720 %SYSDIR%\njms9jlq.exe %SYSDIR%\aj1b43j5.exe %SYSDIR%\88roi6kq.exe %SYSDIR%\b1ikt287.exe %SYSDIR%\d916v9su.exe %SYSDIR%\hsm81pq6.exe %SYSDIR%\21v56mr1.exe %SYSDIR%\4vt5pat2.exe %SYSDIR%\phdrs7g7.exe %SYSDIR%\c45nklo9.exe %SYSDIR%\35u5bt9d.exe and next 36 variations. MD5: 59646564DF10DA24257B3AA65FED6CEC Size: 17920 %SYSDIR%\8amd4m99.exe %SYSDIR%\3u6g1ki3.exe %SYSDIR%\qv1sk31h.exe %SystemDiskRoot%\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1648\A0357083.exe %SYSDIR%\4ftkn9hf.exe %SYSDIR%\6jdegdrd.exe %SYSDIR%\05u7qbh3.exe %SYSDIR%\0kqklni9.exe MD5: 9554093EE6A38C2747A3E87122E6E863 Size: 61952 %WINDIR%\da086rou.exe %WINDIR%\1lgejlfc.exe %WINDIR%\sotnr7bl.exe %SystemDiskRoot%\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1648\A0357082.exe %WINDIR%\9m5144r1.exe %WINDIR%\576b59j4.exe %WINDIR%\vcocog1j.exe %WINDIR%\fo0j8c38.exe MD5: 681523655B8A5436484D03CBF5AEC59D Size: 343617 %SYSDIR%\2omhgh1d.exe %SYSDIR%\l8dkcerc.exe %SYSDIR%\bd77eib1.exe %SystemDiskRoot%\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1648\A0357081.exe %SYSDIR%\0hgb6udd.exe %SYSDIR%\5sgt9mdv.exe %SYSDIR%\hq2ke51k.exe MD5: 07EE4D73FF5F9005FBE4FA0F1D386C97 Size: 204288 %SYSDIR%\ce6nc5vh.exe %SYSDIR%\3un0ncis.exe %SYSDIR%\ue7cup7b.exe %SYSDIR%\stg589rk.exe %SYSDIR%\8vmhfotr.exe MD5: D97EDD31DA535F46E0FAA0F485F39368 Size: 165544 %DOWNLOADEDPROGRAMFILES%\WEBInstaller.dll %WINDIR%\downloaded program files\WEBInstaller.dll

Detecting items list:

  1. Files by Name %TEMP%\hqrhil7kg_.exe %TEMP%\liqp7c25q_.dll %TEMP%\umqltg4cl_.exe %windir%\umqltg4cl.exe %sysdir%\hqrhil7kg.exe %sysdir%\liqp7c25q.dll %sysdir%\SahAgent*.exe %sysdir%\SahHtml*.exe %sysdir%\lsp.dll %DOWNLOADEDPROGRAMFILES%\WEBInstaller.dll
  2. Files by MD5 MD5: 6C1D1C05BC464C0833BA5D64C77DC4A8 Size: 30720
  3. Files by CLSID or Name CLSID=49BE01EB-C941-4D8E-A82D-DB420D2F19C1 CLSID=30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2
  4. Registry Keys HKLM\SOFTWARE\VGroup

« Go to Software Database