Adware.ShopAtHome

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	6,225
Threat Level:	20 % (Normal)
Infected Computers:	84,149

First Seen:	November 19, 2014
Last Seen:	April 30, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Adware.ShopAtHome

File System Details

Adware.ShopAtHome may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	backup-20150317-083052-732.dll	31a642b729f8145d49d6926273e8b3fe	721
Name: backup-20150317-083052-732.dll MD5: 31a642b729f8145d49d6926273e8b3fe Size: 2.57 MB (2572944 bytes) Detections: 721 Type: Dynamic link library Path: C:\Users\<username>\Desktop\Old PC Files\Desktop\Geek Squad Backup\Users\<username>\Desktop\Logs\backups\backup-20150317-083052-732.dll Group: Malware file Last Updated: January 20, 2023
2.	ShopAtHomeUpdater.exe	b3bf37513e708a69ef3b203091b5ec6f	554
Name: ShopAtHomeUpdater.exe MD5: b3bf37513e708a69ef3b203091b5ec6f Size: 199.86 KB (199864 bytes) Detections: 554 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe Group: Malware file Last Updated: April 16, 2023
3.	ShopAtHomeWatcher.exe	9ede867a50978197825097dec99f41b6	328
Name: ShopAtHomeWatcher.exe MD5: 9ede867a50978197825097dec99f41b6 Size: 130.23 KB (130232 bytes) Detections: 328 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe Group: Malware file Last Updated: October 30, 2022
4.	ShopAtHomeUn.exe	86c3c9fe6c26d880f0320da7c6bd8075	250
Name: ShopAtHomeUn.exe MD5: 86c3c9fe6c26d880f0320da7c6bd8075 Size: 176.99 KB (176996 bytes) Detections: 250 Type: Executable File Path: %APPDATA%\ShopAtHome\ShopAtHomeToolbar Group: Malware file Last Updated: December 13, 2022
5.	ShopAtHomeHelper.exe	188946ce3d4f250259dc132311d08480	250
Name: ShopAtHomeHelper.exe MD5: 188946ce3d4f250259dc132311d08480 Size: 1.04 MB (1041592 bytes) Detections: 250 Type: Executable File Path: %APPDATA%\ShopAtHome\ShopAtHomeHelper Group: Malware file Last Updated: February 28, 2020
6.	tbcore3U.dll	8d8efee906ef9d204bc4216ea834625f	175
Name: tbcore3U.dll MD5: 8d8efee906ef9d204bc4216ea834625f Size: 1.83 MB (1835704 bytes) Detections: 175 Type: Dynamic link library Path: C:\Geek Squad Data Backup\Users\<username>\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll Group: Malware file Last Updated: November 24, 2023
7.	ShopAtHomeUninstall.exe	49e26a32a8d6673069474099b302a847	143
Name: ShopAtHomeUninstall.exe MD5: 49e26a32a8d6673069474099b302a847 Size: 177.17 KB (177170 bytes) Detections: 143 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Application Data\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe Group: Malware file Last Updated: June 29, 2021

More files

Registry Details

Adware.ShopAtHome may create the following registry entry or registry entries:

CLSID

{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}

{08613A51-6E3E-43CC-9ECF-DD58B5837341}

{153EDC41-A2CC-4BEB-9EC8-008242389E50}

{188028B8-D91D-4BE2-BABA-68E32BDE4420}

{28E74F15-18C2-465E-B545-6CC738121C68}

{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}

{31E5D4A0-EB88-496F-86FB-98245CC7E2BF}

{40A222E2-93B1-45F9-9B07-0D1160A31A6C}

{613AF196-98A9-47EA-B023-C482A35809A6}

{6325A84C-E746-4007-A9C5-E4C1A50ED61F}

{8356EB36-940E-4D90-B333-1C4B6CD9D6A5}

{8EBC7B5B-3382-41F2-BE35-8EFCB1391F1A}

{983C8B61-9671-4455-B0CA-1F3EE75A7FD3}

{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}

{A098BA94-2F87-4F4F-9062-185ED50DCDB4}

{A09DA3F5-AD91-4D71-A5B9-C1CD1AFAE277}

{ADEE9C4F-57F7-4B98-8FB6-6998B87E66CF}

{AF7C3D1C-67F5-4CDA-9FD7-B9194FF00067}

{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}

{BB17DE65-B548-48C2-AC73-1FD1996C7261}

{C4FA00B4-4C70-47B4-B81A-D5B7A2119A88}

{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}

{DD0074D1-BA7D-4169-856D-BFBE6C3D6E52}

{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}

{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}

{EE8A03FE-E65F-4EA2-92B4-42FFAE92FEEC}

{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}

{F98AABFC-EC60-465B-BFC2-AE281A1FE08D}

{FA7AD4FE-7792-4906-8FCE-9367D1BF3C30}

File name without path

http_www.shopathome.com_0.localstorage

http_www.shopathome.com_0.localstorage-journal

HKEY..\..\..\..{RegistryKeys}

Software\Classes\AppID\ShopAtHomeHelper.EXE

SOFTWARE\Classes\Toolbar3.ShopAtHome

SOFTWARE\Classes\Toolbar3.ShopAtHome.1

Software\Microsoft\Internet Explorer\DOMStorage\shopathome.com

Software\Microsoft\Internet Explorer\DOMStorage\www.shopathome.com

SOFTWARE\Microsoft\Tracing\ShopAtHome_BAC_Service_RASAPI32

SOFTWARE\Microsoft\Tracing\ShopAtHome_BAC_Service_RASMANCS

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reset ShopAtHome BAC

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShopAtHomeUpdater

Software\Microsoft\Windows\CurrentVersion\Run\ShopAtHomeWatcher

Software\ShopAtHome.com

SOFTWARE\Wow6432Node\Microsoft\Tracing\ShopAtHome_BAC_Service_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\ShopAtHome_BAC_Service_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}

SOFTWARE\Wow6432node\Microsoft\Windows\CurrentVersion\Run\ShopAtHomeUpdater

SOFTWARE\Wow6432node\Microsoft\Windows\CurrentVersion\Run\ShopAtHomeWatcher

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

ShopAtHome.com BrowserAppCore Service Chrome

ShopAtHome.com Helper

ShopAtHome.com Toolbar

Directories

Adware.ShopAtHome may create the following directory or directories:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar

%APPDATA%\ShopAtHome

%APPDATA%\ShopAtHome.com BrowserAppCore Service

%APPDATA%\Windows\Start Menu\Programs\ShopAtHome.com BrowserAppCore Service

%USERPROFILE%\AppData\LocalLow\ShopAtHome

Analysis Report

General information

Family Name:	Adware.ShopAtHome
Signature status:	Self Signed

Known Samples

MD5: 3e45ce04a87ccff5c227eafdd9e11150

SHA1: f72428d479c7935779dda20320b8aa74a66edf42

SHA256: 36A52CE187CDF5206BC479F3DA9DBF74D12C6C26833CA93EE6E66BD06F580864

File Size: 193.50 KB, 193496 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
ShopAtHome.com (Belcaro Group, Inc.)	Symantec Class 3 Extended Validation Code Signing CA	Self Signed

Block Information

Total Blocks:	85
Potentially Malicious Blocks:	10
Whitelisted Blocks:	67
Unknown Blocks:	8

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 ? 0 0 x x 0 ? ? 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x ? 0 x 0 0 0 0 0 0 ? x 0 ? ? 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

AdGazelle.A
Fugrafa.J
Mobogenie
SearchSuite.C

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nsf1097.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsv10a8.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv10a8.tmp\httphelper.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv10a8.tmp\httphelper.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv10a8.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv10a8.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\roaming\shopathome\shopathomeappinstallerf72428d479c7935779dda20320b8aa74a66edf42_0000193496	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\shopathome.com browser app\components::main	1	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75

RegNtPreCreateKey

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Network Winsock	closesocket gethostbyname inet_addr socket
Network Wininet	InternetOpen InternetOpenUrl

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.ShopAtHome

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Adware.ShopAtHome

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Unadsguide.com

PUP.Baidu.A

Mediadaily.ru

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen