Tag Archives: SoftPulse

App secure LLC – 30% Anti-Virus Detection – SoftPulse / Strictor / HfsAdware / DriverUpd

digital signature, , , , ,

Hello! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called App secure LLC.

App secure LLC publisher

Windows will display App secure LLC as the publisher when running the file. Information about a digital signature and the certificate can also be found under the Digital Signature tab. The screenshot below shows the App secure LLC certificate. From the certificate info we can see that App secure LLC appears to be located in Wilmington, Delaware in the US.

App secure LLC certificate

When I uploaded the App secure LLC file to VirusTotal, it came up with a 30% detection rate. The file is detected as Win32:SoftPulse-FZ [PUP] by Avast, W32.HfsAdware.8302 by Bkav, Gen:Variant.Strictor.83505 (B) by Emsisoft, a variant of Win32/SoftPulse.AB potentially unwanted by ESET-NOD32, not-a-virus:Downloader.Win32.DriverUpd.wui by Kaspersky and SoftPulse by Sophos.

App secure LLC virus report

The company web site appears to be APPSECURELLC.COM. Here’s some of the info from the WHOIS database:

Registrant Name: Roberto Blangino 
Registrant Organization: App Software LLC
Registrant Street: 501 Silverside Road, Suite 105 
Registrant City: Wilmington
Registrant State/Province: Delaware
Registrant Postal Code: 19809
Registrant Country: US

I checked some of services that provides domain info based on an IP address, and the following sites appears to be or have been located on the same IP:

  • 123maxmusic.com
  • 88dls.com
  • acpsoftwarellc.com
  • www.magnoplayer.com
  • www.newvideoplayer.com

Did you also find a file that was signed by App secure LLC? What kind of download was it and was it detected by the anti-virus scanners at VirusTotal? Please share in posting comments below.

Thanks for reading.

Volvan Premium SL – 28% Detection Rate

digital signature, ,

Welcome! Was looking for some downloads to play around with and found one, digitally signed by Volvan Premium SL. The file is named google_chrome.exe.

Volvan Premium SL publisher

To view more information about the embedded certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the embedded certificate we can see that Volvan Premium SL is located in Barcelona, Spain and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

Volvan Premium SL certificate

The problem here is that if google_chrome.exe really was a setup file for Google, it would be digitally signed by Google Inc and not by some unknown company. This looks very suspicious.

So, why did I put up this blog post? Well, the thing is that the Volvan Premium SL file is detected by many of the anti-virus scanners, according to VirusTotal. F-Secure classifies google_chrome.exe as Gen:Variant.Application.Bundler, Malwarebytes calls it PUP.Optional.DomaIQ and McAfee calls it SoftPulse.a

Volvan Premium SL virustotal

When I ran the Volvan Premium SL file it offered a bunch of bundled softwares, such as Wajam, HostSecurePlugin, Salus, SpeedChecker and Super Optimizer.

Did you also find a Volvan Premium SL file? Do you remember where you downloaded it?

Thanks for reading.

Remove HostSecure – HostSecurePlugin and HostSecure.exe Uninstall Guide

adware, freefixer,

Hello there and welcome to the FreeFixer blog. I just found another bundled adware called HostSecure or HostSecurePlugin and give you some removal instructions. If HostSecure is installed and running on your system, you will see HostSecure.exe running in the Windows Task Manager and an add-on called HostSecurePlugin added into Mozilla Firefox and Internet Explorer. I’ll show how to remove Host Secure in this blog post with the FreeFixer removal tool.

HostSecure.exe task manager

Here’s how the add-on shows up in Firefox:

HostSecurePlugin firefox 5.31.6

HostSecure is bundled in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

HostSecure installer

Generally, you can avoid bundled software such as HostSecurePlugin by being careful when installing software and declining the bundled offers in the installer.

As always when I stumble upon some new bundled software I uploaded it to VirusTotal to see if the anti-malware software there detect something interesting. 7 of the 54 anti-malware scanners detected the file. The HostSecurePlugin files are detected as Win-PUP/SoftPulse by AhnLab-V3, WS.Reputation.1 by Symantec and DomaIQ (fs) by VIPRE. Here’s the scan result for HostSecure.exe:

HostSecurePlugin virustotal

The file is digitally signed by Plugin Update SL.

Removing HostSecure is pretty straightforward with FreeFixer. Just select the Host Secure Plugin files for removal and then click the Fix button and the problem will be solved.

HostSecurePlugin startup remove HostSecurePlugin firefox remove HostSecure startup remove Host Secure Internet Explorer remove

Hope that helped you with the removal.

Do you also have HostSecure on your computer? Any idea how it was installed? Please share your story the comments below. Thanks a bunch!

Thank you for reading.

Plugin Update SL – Warning! Stay away from this file

adware, digital signature, freefixer, malware, ,

I’m in a hurry here, trying to wrap up the v1.12 release of FreeFixer, but I though I must write a few lines of about a file, digitally signed by Plugin Update SL, that was promoted as a Java update. Here’s how the ad appeared:

plugin update s.l ad - java update

When clicking on the ad, a download for something called Player_Setup.exe appeared. That file, is not a Java Update.

Plugin Update SL Certificate

The file is digitally signed by Plugin Update SL, which is a company that appears to be located on Tenerife, and if you run the file, it will start an installation of something called NewPlayer. During the installation, it offers lots of bundled unwanted software, such as Findopolis, FreeSoftToday, IStartSurf, etc, etc.

The VirusTotal scan also clearly shows why you should stay away from the Plugin Update SL malware file:

Plugin Update SL - Virus Total report

Some of the scanners report it as DomaIQ and SoftPulse.

Did you also find a file signed by Plugin Update SL? Was it also promoted as a Java update?

If you installed any of the bundled software, you can remove those with FreeFixer.

Hope this helped you avoid the Plugin Update SL software. Thanks for reading.

Digital Plugin S.L Publisher – VirusTotal Detections

digital signature, , , , ,

Sorry for not posting anything during the days. I’ve been having a few days off visiting friends and family. Before my time off I found another publisher called DIGITAL PLUGIN S.L that bundles some potentially unwanted programs. The file I found was called Player.exe and I could see DIGITAL PLUGIN S.L appear when double-clicking on the file.

Digital Plugin S.L Publisher

 

Update 2015-06-29: Found another download with the publisher name “Digital Plugin SL“.

Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that DIGITAL PLUGIN S.L is located in Tenerife.

Digital Plugin S.L Certificate

Digital Plugin S.L Tenerife

 

And the certificate was issued by GlobalSign.

The reason for posting about DIGITAL PLUGIN S.L is that the file is detected by many of the anti-virus programs. Currently player.exe is detected by 13 of the 52 anti-virus scanners:

Digital Plugin S.L Virus Total detections

Hope you found this post useful.

Did you also find a download signed by DIGITAL PLUGIN S.L? What kind of download was it?

Update 2015-09-12: Today I noticed another download called google_chrome.exe, signed by Digital Plugin SL.

Digital Plugin SL cert again

 

This is another certificate, issued by VeriSign. VirusTotal reports a 19/57 detection ratio.