| VID |
27301 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
MALWARE |
| Detailed Description |
The "SAHAgent" program has been installed on the system.
The presence of this program is sometimes perceived as Spyware that can secretly monitor system activity. Generally, Spyware runs background process without their knowledge, which may violate your privacy or explose your confidential information to attacker or another computer. The SAHAgent, also called Golden Retriever, ShopAtHome, ShopAtHomeSelect, is a Winsock 2 Layered Service Provider that redirects visits to merchant sites in order to take the affiliate fees from them automatically. ShopAtHomeSelect's servers(199.221.131.110) tracks your browsing habits by recording each visit to a merchant site with a unique ID. Also, It downloads and executes arbitrary code from its controlling server, as a silent update feature. It may slow Opera or other applications, particularly when accessing its servers.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
http://www.spywareguide.com/product_show.php?id=700
http://www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtml
http://www.safersite.com/PestInfo/s/sahagent.asp
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove it from your system using the following methods, if it's silently installed without the users knowledge or the use of it dose not match your security policy.
1. Using the uninstaller for it on the Add/Remove Program entry.
2. Using spyware/adware removal program or Vaccine(Anti-Virus) program. You can use the following programs:
- Norton AntiVirus: http://www.symantec.com/downloads
- McAfee VirusScan: http://download.mcafee.com/default.asp |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
