these spyware things keep coming back after i deleted them: bundle.exe sahagent-skyhorn.exe ai_loader.exe i ran adaware 6.0 (with recently updated reference list) and norton antivirus and norton couldnt delete them so i deleted them manually whenever they start to run the window im on suddenly is "deselected" as if i had clicked away onto another window or my desktop. i look through the task managers "processes" tab and sure enough i find one of those names i listed. so i search for the file and delete them. ten or twenty minutes later it happens again... help please! thanks clueless If you ever come across a fork in the road, pick it up.

bundle.exe & sahagent-skyhorn.exe are part of one problem, description and removal instructions at link below. http://securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html I can't find a thing about the other one, might be another portion of the same problem. _________________________ The internet is no longer a toy, it's a COMBAT ZONE!

thanks martin, i think its gone now does anyone know if this process is also adware: "SAgent2" its being run by system If you ever come across a fork in the road, pick it up.

Clueless: try this fo SAgent2: http://www.2-spyware.com/file-sagent2-exe.html Also, just for smiles, do a general clean out, since you have Win Xp do this: First dump your TIF, dump all cookies, dump TEMP files, dump recycle bin, http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam leave system restore disabled for a bit... If it says to reboot, do it manually and wait two full minutes before start-up. On start up go into safe mode. Run your AV, and Adaware and Spybot from SAFE MODE. Ignore download instructions if you don't need them, if you need to download them don't go into safe mode on the re-start above. Here's how I do it: Spybot: Download and Read the SpyBot tutorial here: http://s89223352.onlinehome.us/mirror/spybot/index1.php When you download it, before installing it, #1 log off the net, and #2 then disable your AV, and close it in close programs (ctrl alt delete), or your AV may read it as an invader and mess with it Download it, Unzip the program, and immediately check for updates, do so religiously every 3 days, install the updates. Don't run the scan until you have downloaded Ad-Aware so you can run them bith in SAFE MODE. Let it fix everything marked in red. Reboot but not with restart, shut it down for two full minutes. You’ve got two measely minutes and it’s worth it, and let Spybot run if it indicates. To add an item to your ‘Ignore List” click on the little ‘+’ sign next to the item and left click it to highlight it, then right click it and a menu appears, select the function you want. When you are done reboot again same way. Two full minutes shut sown is best. Ad-Aware: Download AdAware from http://www.lavasoft.de/ When you download it, before installing it, #1 log off the net, and #2 then disable your AV, and close it in close programs (ctrl alt delete), or your AV may read it as an invader and mess with it check for updates at "webupdate". Update religiously every 3 days. And install them AFTER you have #1 logged off the net, and #2 disabled AV and closed it in close programs. I use these settings (green check) From main window click "Start" then make sure " Activate in-depth scan" has a green check next to it. Put a black dot nest to "Use custom scanning options” and click Customize" next to it, then green check these options: "Scan within archives" ,"Scan active processes", "Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" "Scan my host-files" At the top of the “STATUS” page notice the Tweak (gear) icon. Click on it. The first setting is “Scanning Engine.” Click on the little plus sign next to it, and in the drop-down green check "Unload recognized processes during scanning", and “include basic Ad-Aware settings in log file”. Next click on the ‘+’ next to "Cleaning Engine" and in the drop-down green check "Let windows remove files in use at next reboot" and Delete quarantine objects after restoring” Click "proceed", that will save those settings. Click "Scan" When the scan finishes, mark everything for removal and delete it. Right-click the window and choose "select all" from the drop down menu, press ‘next’ and then ‘yes’ to the prompt: “remove all these entries”. However, if you have certain programs running that will give a false indicator of a browser hijack attempt, such as Script Sentry, which places a monitoring function in the registry and looks like a browser hijacker but is not, then you may want to add that to the ignore list because you want to keep it there to do it’s job. To add an item to the ignore list, put the a cursor on the file it reveals and left click it to highlight it, then right click it and a menu appears. Click on ‘ignore list.’ Shut down, two minute shut down is best, and let Adaware run on reboot if it indicates. Thresher

hey i got the same problem as you. it keeps messin with counter-strike. well i was able to turn it off temporarily in task manager. but when i opened an internet accessing program, such as AOL or internet explorer, it started again. when i did a search i found 2 files by that name. one was a .exe and the other was a .pf. i just deleted them both. not sure if that did the trick yet but its worth a shot. not much 2 type here. i gotz counter-strike fever.

i was wrong about deleting them both. it doesnt work they both come back. however i think i've found a temporary fix. im assuming that the .pf file holds the coding used by the .exe. if you delete it, it just comes back, but if you change the name of it... the .exe still runs but i havent experienced any deselecting yet, and i have restarted the computer. not much 2 type here. i gotz counter-strike fever.

I started having the same problem today. While searching the registry, I found these entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoLoaderAproposClient "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ai_loader" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\System32\\ai_loader.exe\" /HideUninstall /HideDir /PC=AM.SKHN /ShowLegalNote=nonbranded" "inimapping"="0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\"" "Mirabilis ICQ"="C:\\Program Files\\ICQ\\ICQNet.exe" "Backup NOW! Scheduler"="\"C:\\Program Files\\NewTech Infosystems\\NTI Backup NOW! 3\\Schdlr32.exe\" -s" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "MOD"="C:\\Program Files\\Microangelo\\muamgr.exe" "Detect Kbd Daemon"="SK2000DM.EXE" "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~2\\AdvTools\\ADVCHK.exe" "Anvshell"="anvshell.exe" "LiveNote"="livenote.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "WinFast Schedule"="C:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "Ad-watch"="\"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-watch.exe\"" "hpsysconf1"="C:\\WINDOWS\\System32\\hhudehr.exe" "inetmgr"="C:\\PROGRA~1\\INTERN~2\\inetmgr.exe" "TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe" "AutoLoaderAproposClient"="\"C:\\WINDOWS\\System32\\ai_loader.exe\" /HideUninstall /HideDir /PC=AM.SKHN /ShowLegalNote=nonbranded"