Hello there and welcome to the FreeFixer blog. I just found another bundled adware called HostSecure or HostSecurePlugin and give you some removal instructions. If HostSecure is installed and running on your system, you will see HostSecure.exe running in the Windows Task Manager and an add-on called HostSecurePlugin added into Mozilla Firefox and Internet Explorer. I’ll show how to remove Host Secure in this blog post with the FreeFixer removal tool.
Here’s how the add-on shows up in Firefox:
HostSecure is bundled in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.
Generally, you can avoid bundled software such as HostSecurePlugin by being careful when installing software and declining the bundled offers in the installer.
As always when I stumble upon some new bundled software I uploaded it to VirusTotal to see if the anti-malware software there detect something interesting. 7 of the 54 anti-malware scanners detected the file. The HostSecurePlugin files are detected as Win-PUP/SoftPulse by AhnLab-V3, WS.Reputation.1 by Symantec and DomaIQ (fs) by VIPRE. Here’s the scan result for HostSecure.exe:
The file is digitally signed by Plugin Update SL.
Removing HostSecure is pretty straightforward with FreeFixer. Just select the Host Secure Plugin files for removal and then click the Fix button and the problem will be solved.
Hope that helped you with the removal.
Do you also have HostSecure on your computer? Any idea how it was installed? Please share your story the comments below. Thanks a bunch!
Thank you for reading.
I’m in a hurry here, trying to wrap up the v1.12 release of FreeFixer, but I though I must write a few lines of about a file, digitally signed by Plugin Update SL, that was promoted as a Java update. Here’s how the ad appeared:
When clicking on the ad, a download for something called Player_Setup.exe appeared. That file, is not a Java Update.
The file is digitally signed by Plugin Update SL, which is a company that appears to be located on Tenerife, and if you run the file, it will start an installation of something called NewPlayer. During the installation, it offers lots of bundled unwanted software, such as Findopolis, FreeSoftToday, IStartSurf, etc, etc.
The VirusTotal scan also clearly shows why you should stay away from the Plugin Update SL malware file:
Some of the scanners report it as DomaIQ and SoftPulse.
Did you also find a file signed by Plugin Update SL? Was it also promoted as a Java update?
If you installed any of the bundled software, you can remove those with FreeFixer.
Hope this helped you avoid the Plugin Update SL software. Thanks for reading.
Sorry for not posting anything during the days. I’ve been having a few days off visiting friends and family. Before my time off I found another publisher called DIGITAL PLUGIN S.L that bundles some potentially unwanted programs. The file I found was called Player.exe and I could see DIGITAL PLUGIN S.L appear when double-clicking on the file.
Update 2015-06-29: Found another download with the publisher name “Digital Plugin SL“.
Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that DIGITAL PLUGIN S.L is located in Tenerife.
And the certificate was issued by GlobalSign.
The reason for posting about DIGITAL PLUGIN S.L is that the file is detected by many of the anti-virus programs. Currently player.exe is detected by 13 of the 52 anti-virus scanners:
Hope you found this post useful.
Did you also find a download signed by DIGITAL PLUGIN S.L? What kind of download was it?
Update 2015-09-12: Today I noticed another download called google_chrome.exe, signed by Digital Plugin SL.
This is another certificate, issued by VeriSign. VirusTotal reports a 19/57 detection ratio.
Just got home after having an espresso with my friend Jon Kågström and started to check out a bunch of suspicious downloads. One of the downloads was signed by the Clovermedia SL publisher. If you came here wondering if the file is safe or not, I think you should avoid running the Clovermedia file.
You can also check who signed a file by looking under the file’s properties. The following screenshots shows how the Clovermedia SL certificate appears under the Digital Signature tab.
There is also additional info available, such as that Clovermedia SL is located on Tenerife.
Anyway, the problem with the Clovermedia file is that it bundles lots of potentially unwanted programs, such as MediaPlayer Plus, Freeven, etc. Many of the anti-virus programs are well aware of this, and flags the Clovermedia file with names such as DomaIQ.
Hope this helped you avoid some adware.
Did you also find a Clovermedia file. Where did you download it?