NOD32 flagging Hotspotshield software as a threat

Discussion in 'ESET NOD32 Antivirus' started by psychopomp1, Feb 25, 2010.

Thread Status:
Not open for further replies.
  1. psychopomp1

    psychopomp1 Registered Member

    Joined:
    Aug 26, 2007
    Posts:
    34
    Location:
    Kent, UK
    Hi

    I've tried to download hotspotshield (which provides you with a spoof IP address so you can surf anonymously) but NOD32 flags this as a threat. I have already submitted this .exe file to ESET for analysis but still no action is taken. Hotspotshield's website clearly states "NO ADWARE/SPYWARE" so i suspect this is a false positive, just like Ultrasurf software used to be but ESET doesn't flag this anymore. Would appreciate if ESET staff could look into this.

    Cheers :)

    http://img442.imageshack.us/img442/237/capturesvw.jpg
     
  2. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    i have download "HSS-1.37-install-anchorfree-76-conduit.exe"
    i haven't alert with version 4895...


    heu after scan :

    C:\Users\Inster\Desktop\HSS-1.37-install-anchorfree-76-conduit.exe » NSIS » openvpnas.exe - Win32/Adware.AnchorFree application
     
  3. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Well everybody can add a 'adware free' picture on their site so that doesn't tell you much, the site/products seems legit tho.

    The file openvpnas.exe is dectected within the installer as 'Win32/Adware.AnchorFree application' which is the author of Hotspot shield. Detection of this threat seems to be added not so long ago.
    If its a real threat or not I cant say but ESET makes it seem to me that they added this detection for a reason. Should await a mod which can probably tell you more as why this product is being flagged.
     
  4. JesusV

    JesusV Former ESET Support Rep

    Joined:
    Jan 21, 2010
    Posts:
    93
  5. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    "9.1 Advertisements. AnchorFree may deliver third-party advertisements (“Advertisements”) within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted directly into the page content, or even displayed to overlay the page. You hereby acknowledge and consent that AnchorFree may alter the content of any web page accessed for the purpose of displaying Advertisements. Additionally from time to time, AnchorFree may prevent any user’s access to the product or continued use thereof until such user has successfully participated in applicable advertising programs, surveys, or other activities that collect and monetize users’ personal information. AnchorFree does not endorse any information, materials, products, or services contained in or accessible through Advertisements. Accordingly, your correspondence or business dealings with, or participation in promotions of, advertisers found on or through the Service are solely between You and such advertiser. Access and use of ADVERTISEMENTS, including the information, materials, products, and services on or available through ADVERTISEMENTS Sites is solely at your own risk." fragment from EULA
     
  6. ziphnor

    ziphnor Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    14
    Im having the same problem and its pretty annoying.

    Is there anyway to tell NOD to ignore it?

    Thats no explanation for blocking it. It just means that they will display ads when you use the VPN connection, how else are they supposed to pay for the traffic?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Detection of potentially unwanted, unsafe applications as well as adware is optional. These applications are not flagged as threats whatsoever. It's up to the user whether he/she wants to have them detected or not.
     
  8. ziphnor

    ziphnor Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    14
    Yes, but i just want to tell nod to ignore this particular program, not ignore all adware (disabling "potentially" unwanted applications does not help).

    UPDATE: Disabling ThreatSense "Adware/Spyware/Riskware" also doesnt help. Is it some other setting i should be changing?
     
  9. PRUHDG

    PRUHDG Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    77
    In advance setup, under exclusions you can simple add that file so that nod32 does not flag it.
     
  10. WascawwyWabbit

    WascawwyWabbit Registered Member

    Joined:
    Mar 3, 2010
    Posts:
    5
    How come Hotspot Sheild 1.37 is detected as adware but not 1.34? It detects Win32/Adware.AnchorFree in 1.37. After all, it is an ad-supported freeware. I use adblock plus and no script and there is no problem. Just a blank box at the top. Better to use 1.34?! o_O

    And is hotspot shield safe to use?! Thank you!

    UPDATE: You can download from here: PC World: http://www.pcworld.com/downloads/file/fid,71209-page,1/description.html

    And do reply. IS HOTSPOT SHIELD SAFE TO USE?! Thank you! :)
     
    Last edited: Mar 5, 2010
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If the older version is not detected, please refer to this KB article and submit it to ESET for perusal. Unfortunately, I was unable to find a download link to the older version, just to the current one that is detected.
     
  12. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Well, there are several applications that I'm always unable to download on the machines that run ESET NOD32 v.4 at home. Among those that the connection is severed when the download process finished are: Mozilla Firefox, Mozilla Thunderbird, Nero Burning Rom, Comodo Internet Security, Open Office, etc. to mention a few.

    Everytime I need to download a new version of the aforementioned applications I have to do it on a PC not running NOD32. I know some of those applications now include toolbars during the install process but I believe it's up to the user to decide if he/she wants the toolbar installed along with the application he/she wants to install.

    That's one of the things I would like to see addressed in a next version of NOD32.

    Regards,

    Carlos
     
  13. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    I also have the latest Hotspot shield flags by ESS :mad:

    I hope Eset will resolve this issue quickly :thumbd:

    Thanks,
    Atomas31
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Everything has been said and explanation provided. You have 2 options:
    1, disable detection of adware
    2, exclude the file from scanning
     
  15. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec

    I hope you are kidding :mad:

    On virus total, ONLY NOD32 found something wrong ( Win32/Adware.AnchorFree), no anti-spyware (Malwarebytes, superantispyware, etc) wich I use detect anything wrong with this installation file...

    It is clearly a False positive from ESS that should be rectifie ASAP!!!


    Thanks,
    Atomas31
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The fact that a file is detected by > 40 security applications doesn't make it malicious. Likewise, a file that is not detected by any security application is not necessarily clean.

    It's clearly stated in the application's EULA what the adware does. Since it's actually not a false positive, we'll end discussion on this topic and draw this thread to a close.
     
Thread Status:
Not open for further replies.