Jump to content


Photo

Anchor Free Hotspot Shield


  • Please log in to reply
11 replies to this topic

#1 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 April 2009 - 06:02 AM

I recently installed Hotspot Shield 1.13 and your program told me it has a trojan that collects passwords. Is this a false positive?
Here is the link to the software http://download.cnet...4-10594721.html

Thank you.

#2 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 08 April 2009 - 08:55 AM

Hi eddron!

I just installed Hotspot and was running a scan with Ad-Aware, def file (0148.0005). It didn't detect anything related to Hotspot. Can you please provide us with the logfile from your scan and the file which is detected. It would be really helpful.


http://www.lavasofts...showtopic=18033

Thanks for your report.

Albin

Lavasoft Malware Labs

#3 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 April 2009 - 03:25 PM

Here is what I have in the log (I couldn't located it on my harddrive):

MSG [3304] 2009/04/07 21:34:19: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [2172] 2009/04/07 21:35:47: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [3644] 2009/04/07 21:36:17: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block
MSG [1432] 2009/04/07 21:37:47: C:\program files\hotspot shield\uninstall.exe (diagnosis: Malware family: Win32.TrojanPWS.IEpass) => Block

However, the first time I scanned it, it had two files that it detected. One was the uninstall and the other I can't remember. However, after I uninstalled it, it only detected one file. What I quarantined the second time around was located in the Document and Settings directory. Unfortunately, Adware cuts off the entire string of where it was located. However, I believe he adware software submitted the log...so you might have that in your records.

Also, did your version of Hotspot upgrade you to 1.13? I believe that's the version that is causing people problems.

Does this help?

Edited by eddron, 08 April 2009 - 03:34 PM.


#4 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 08 April 2009 - 05:18 PM

Thanks for your detailed report. :unsure:

We will investigate this issue further and try to reproduce it.

Cheers

Albin

Lavasoft Malware Labs

#5 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 09 April 2009 - 08:25 AM

Hi again !

I just installed v.1.13. Ad-Aware didn't detect any of the files in that version. Is it possible for you to track down the detected file and post it in this thread ?

Thanks

Albin

#6 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 09 April 2009 - 05:17 PM

I deleted them. Perhaps I'll install it again and rescan my computer.

I wonder if there is a fake version out there. I noticed that there are two "Official" websites for it. And under WhoIs, they are registered to different people...very suspicious.

Here are the two websites:
www.anchorfree.com
www.hotspotshield.com

Which website did you download it from? It might be worth testing both versions.

If you do, please let me know if one of them is a trojan.

Thank you.

Ed

#7 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 10 April 2009 - 03:12 PM

Also, as you can see by the other comments on the CNet page, I'm not the only one with this problem. A lot of people are finding a Trojan with v1.13:
http://download.cnet....html?tag=mncol

#8 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 14 April 2009 - 07:28 AM

Hi!

Which version of the def file do you use ?

Thanks

Albin

#9 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 16 April 2009 - 03:51 PM

What exactly do you mean by def file?
If you mean software version, I'm using the anniversary edition.
And the software database, 0148.0006.

Does this help Albin?

#10 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 17 April 2009 - 02:44 PM

Hi!

This may explain the different results. Can you please try to update to the latest def file (0148.0012).

Thanks B)

Albin

#11 eddron

eddron

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 17 April 2009 - 07:57 PM

Will do. Can you please tell me the source that you used to download the Hotspot software? There are three different places. I want to make sure I download the safe one. :)

Edited by eddron, 17 April 2009 - 07:58 PM.


#12 LS Albin (former Lavasoft employee)

LS Albin (former Lavasoft employee)

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 407 posts

Posted 20 April 2009 - 09:28 AM

Hi!

I downloaded the latest version of Hotspotshield from www.hotspotshield.com.

Filename: HSS-1.14-install-anchorfree-76-conduit.zip MD5 Checksum : fe8acc32ad11ad4222e64e489aa43b48

Cheers

Albin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users