What is HOtpriv.A???

Discussion in 'NOD32 version 2 Forum' started by DougRees, Nov 12, 2003.

Thread Status:
Not open for further replies.
  1. DougRees

    DougRees Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    41
    Recently I installed a program called "Hotmail Popper", which was recommended by Mozilla and allows me to read my hotmail email in Eudora. Everything seemed to work without a hitch.

    I have AVG installed on my system as a second, on-demand scanner, and it reported a trojan called "HOtpriv.A" immediately afterwards, so I assume it had something to do with the program.

    I ran both NOD32 (my primary AV) and TDS-3, and neither picked up anything. Is this a real trojan or a false alarmo_O
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi DougRees, and welcome to Wilders :)

    i just did a search at the AVG Anti-Virus site using their Virus Encyclopaedia, for HOtpriv.A, (also using the alias search) and the results returned was "No virus starting with 'HOtpriv.A' found."

    Then did a search at Trend Micro and found this:

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ADW_HOTPRIV.A

    It is described as adware.

    Do you have Spybot Search & Destroy or Ad-Aware installed that you could scan with?

    snap

    Added URL tags
     
  3. DougRees

    DougRees Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    41
    I have both Adaware and Spybot installed on my system. I ran a check with both programs and failed to find anything.

    P.S. I am a great fan of NOD32, and always run it in the "advanced heuristic" mode. I earn my living with my computer, which explains why I am a bit of a fanatic about security.
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    humm...if you have ran both SpybotS&D and Ad-Aware, also NOD32, and TDS, and nothing was found, then i am wondering if this is actually a false/positive by AVG, given the fact i did not even find the HOtpriv.A in their database.

    i am guessing you also have the lastest version of HijackThis (version 1.97.0.5). If you like, you can do a scan with that also and post it here for the experts to look it over just in case there is something else there that shouldn't be.
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Doug, i did check NOD's site but could not find any listing under that name. Maybe because it is fairly new adware? But just to be sure, i would suggest you send a sample to ESET. You can zip up a copy of the file being identified as HOtpriv.A and send it to samples@nod32.com. Make sure you enter in the Subject Line, the name of the virus that the file is being said to be infected with, and a short description of what program the file is associated with, etc.

    Always better to be safe than sorry. :)

    regards,

    snap
     
  6. DougRees

    DougRees Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    41
    Thanks. I did find the file & sent it as you suggested. It was in a zipped attachment to an email. I never open an attachment unless I know in advance that it's going to be sent by someone I trust, so this one was never opened.

    I want to thank you very much for your prompt assistance.
     
  7. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Wise move, Doug ;) i wish more were as security conscious as you are.

    You are very welcome. Let us know how it turns out.

    best regards,

    snap
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    unrelated posts splitted and mover here - paul
     
  9. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    I found out that Spysweeper by Webroots works better than AdAware 6 or Spybot on some occasions.
    Spysweeper found few references of adware on my system that AdAware6 and Spybot just ignored.
    You can try it for free here.
    http://www.webroot.com/php/tryme.php?bjpc=64000&vcode=DT02

    I am not too sure if it allows you to downlaod the latest definitions though.
     
  10. DougRees

    DougRees Registered Member

    Joined:
    Jun 2, 2003
    Posts:
    41
    Thank you very much. I did as you suggested. Spysweeper did allow me to download the latest definitions, and picked up several spyware programs that both Adaware and Spybot missed. It's amazing how much of this crap sneaks into my system.

    I recently installed an HP computer for a friend. When I ran Adaware, I was amazed at all the spyware that HP puts on their computers. The system itself seemed like a pretty good deal, but I don't know why HP feels impelled to inflict this stuff on their customers.
     
  11. Mary Wolfe

    Mary Wolfe Guest

    I have just found this HOtpriv.A on my computer. It
    showed up with AVG.......do you know how to get
    rid of it?
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Mary Wolfe,

    Could you please follow the instructions in this post: http://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.