11 replies to this topic

[eddron]

I recently installed Hotspot Shield 1.13 and your program told me it has a trojan that collects passwords. Is this a false positive?
Here is the link to the software http://download.cnet...4-10594721.html

Thank you.

[LS Albin (former Lavasoft employee)]

Hi eddron!

I just installed Hotspot and was running a scan with Ad-Aware, def file (0148.0005). It didn't detect anything related to Hotspot. Can you please provide us with the logfile from your scan and the file which is detected. It would be really helpful.


http://www.lavasofts...showtopic=18033

Thanks for your report.

Albin

Lavasoft Malware Labs

[eddron]

Here is what I have in the log (I couldn't located it on my harddrive):

MSG [3304] 2009/04/07 21:34:19: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [2172] 2009/04/07 21:35:47: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [3644] 2009/04/07 21:36:17: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [1432] 2009/04/07 21:37:47: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block

However, the first time I scanned it, it had two files that it detected. One was the uninstall and the other I can't remember. However, after I uninstalled it, it only detected one file. What I quarantined the second time around was located in the Document and Settings directory. Unfortunately, Adware cuts off the entire string of where it was located. However, I believe he adware software submitted the log...so you might have that in your records.

Also, did your version of Hotspot upgrade you to 1.13? I believe that's the version that is causing people problems.

Does this help?

Edited by eddron, 08 April 2009 - 03:34 PM.

[LS Albin (former Lavasoft employee)]

Thanks for your detailed report.

We will investigate this issue further and try to reproduce it.

Cheers

Albin

Lavasoft Malware Labs

[LS Albin (former Lavasoft employee)]

Hi again !

I just installed v.1.13. Ad-Aware didn't detect any of the files in that version. Is it possible for you to track down the detected file and post it in this thread ?

Thanks

Albin

[eddron]

I deleted them. Perhaps I'll install it again and rescan my computer.

I wonder if there is a fake version out there. I noticed that there are two "Official" websites for it. And under WhoIs, they are registered to different people...very suspicious.

Here are the two websites:
www.anchorfree.com
www.hotspotshield.com

Which website did you download it from? It might be worth testing both versions.

If you do, please let me know if one of them is a trojan.

Thank you.

Ed

[eddron]

Also, as you can see by the other comments on the CNet page, I'm not the only one with this problem. A lot of people are finding a Trojan with v1.13:
http://download.cnet....html?tag=mncol

[LS Albin (former Lavasoft employee)]

Hi!

Which version of the def file do you use ?

Thanks

Albin

[eddron]

What exactly do you mean by def file?
If you mean software version, I'm using the anniversary edition.
And the software database, 0148.0006.

Does this help Albin?

[LS Albin (former Lavasoft employee)]

Hi!

This may explain the different results. Can you please try to update to the latest def file (0148.0012).

Thanks

Albin

[eddron]

Will do. Can you please tell me the source that you used to download the Hotspot software? There are three different places. I want to make sure I download the safe one.

Edited by eddron, 17 April 2009 - 07:58 PM.

[LS Albin (former Lavasoft employee)]

Hi!

I downloaded the latest version of Hotspotshield from www.hotspotshield.com.

Filename: HSS-1.14-install-anchorfree-76-conduit.zip MD5 Checksum : fe8acc32ad11ad4222e64e489aa43b48

Cheers

Albin