Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

2, 91, 0, 0 0.76%
2, 90, 0, 0 2.27%
2, 88, 0, 0 12.88%
2, 87, 0, 0 7.58%
2, 85, 0, 0 0.76%
2, 84, 0, 0 4.55%
2, 83, 0, 0 4.55%
2, 81, 0, 0 0.76%
2, 79, 0, 0 2.27%
2, 78, 0, 0 12.88%
2, 78, 0, 0 2.27%
2, 78, 0, 0 0.76%
2, 76, 0, 0 6.82%
2, 75, 0, 0 0.76%
2, 74, 0, 0 6.82%
2, 72, 0, 0 0.76%
2, 70, 0, 0 2.27%
1, 0, 0, 1 18.18%
1, 0, 0, 1 9.85%
1, 0, 0, 1 2.27%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, ChangeServiceConfig2W, RegisterServiceCtrlHandlerW, DeleteService, ControlService, QueryServiceStatus, StartServiceW, OpenServiceW, RegCreateKeyW, CloseServiceHandle, CreateServiceW, OpenSCManagerW, SetSecurityDescriptorDacl, RegCloseKey, SetServiceStatus, RegSetValueExW, RegCreateKeyExW, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExA, RegEnumKeyExA, StartServiceCtrlDispatcherW, RegOpenKeyExW, RegQueryValueExW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
FindResourceW, FindResourceExW, MultiByteToWideChar, GetModuleFileNameW, lstrlenW, GlobalFree, GlobalAlloc, WideCharToMultiByte, LoadResource, CloseHandle, CreateThread, GetSystemWindowsDirectoryW, GetCurrentDirectoryW, GetLastError, OpenEventW, Sleep, SetConsoleCtrlHandler, GetVersionExW, LockResource, SizeofResource, FindFirstFileW, FindNextFileW, CompareFileTime, FindClose, FileTimeToSystemTime, lstrlenA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetFullPathNameA, GetDriveTypeA, CreateFileA, SetEndOfFile, InterlockedExchange, GetLocaleInfoW, LoadLibraryA, InitializeCriticalSectionAndSpinCount, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, InterlockedDecrement, GetCurrentProcess, LoadLibraryW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, GetCurrentThreadId, CreateEventW, WaitForSingleObject, PostQueuedCompletionStatus, SetEvent, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, ResetEvent, CreateFileW, DeviceIoControl, GetVolumeInformationW, GetTempPathW, SetCurrentDirectoryW, CreateMutexW, ReleaseMutex, OpenMutexW, ReadFile, InterlockedIncrement, GetTempFileNameW, DeleteFileW, RaiseException, HeapDestroy, HeapAlloc, HeapReAlloc, HeapSize, RtlUnwind, GetSystemTimeAsFileTime, TerminateProcess, GetModuleHandleA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitThread, ResumeThread, FileTimeToLocalFileTime, GetDriveTypeW, GetTimeFormatA, GetDateFormatA, CreateDirectoryW, GetTimeZoneInformation, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, WriteFile, GetConsoleCP, GetConsoleMode, HeapCreate, VirtualFree, FatalAppExitA, VirtualAlloc, GetStdHandle, GetModuleFileNameA, LCMapStringA, LCMapStringW, ExitProcess, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetFullPathNameW, GetFileInformationByHandle, PeekNamedPipe, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFilePointer, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStartupInfoW, GetSystemDirectoryW, CreateProcessW, GetFileSize, EncodePointer, DecodePointer, HeapSetInformation, FindFirstFileExW, FindFirstFileExA, IsProcessorFeaturePresent, CreateProcessA, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW
ole32.dll
CoCreateInstance, CoInitialize, OleRun, StringFromGUID2
shell32.dll
SHGetFolderPathW, SHGetFolderPathA
shlwapi.dll
PathFileExistsW, PathAddBackslashW, PathAppendW, PathIsRootW, PathIsDirectoryW
user32.dll
wvsprintfW
wininet.dll
InternetCheckConnectionW, InternetAttemptConnect, InternetOpenUrlW, HttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, HttpSendRequestW, InternetOpenW, InternetCrackUrlW, InternetSetOptionW, InternetConnectW, HttpOpenRequestW, InternetCloseHandle
ws2_32.dll
getaddrinfo, WSACreateEvent, WSAEventSelect, WSAEnumNetworkEvents, freeaddrinfo, WSAIoctl

HssSrv.exe

By AnchorFree Inc (Signed)

Remove HssSrv.exe
Version:   2, 72, 0, 0
MD5:   c7b4e25747a5bd715026b9d769f51c5e
SHA1:   e88aaf431c0fefb2eb0520a4c0298cd9bdd41af0
SHA256:   a62033b4a3fab0c2be0c41f810707e4b942333f639e1c77e0dfa3fcb25b52307
Warning 3 antivirus scanners has detected malware.

What is HssSrv.exe?

Hotspot Shield allows you to create a VPN, or virtual private network, so you can transfer your data securely. When you access the Internet through such connections, you risk having your computer or mobile infected by a virus or even an intruder to enter your system. Moreover, the dangers exist that a malicious person can intercept your information and use it for unfriendly reasons.

About HssSrv.exe (from AnchorFree Inc)

Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP‘s, from viewing your web browsin

DetailsDetails

File name:hsssrv.exe
Publisher:AnchorFree Inc.
Typical file path:C:\Program Files\hotspot shield\hsswpr\hsssrv.exe
File version:2, 72, 0, 0
Size:403.36 KB (413,040 bytes)
Certificate
Issued to:AnchorFree Inc
Authority (CA):VeriSign
Effective date:Sunday, March 27, 2011
Expiration date:Sunday, April 13, 2014
Digital DNA
PE subsystem:Windows Console
Entropy:6.675736
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • ExpatSrv
  • 'ExpatSrv' (Expat Shield Routing Service)
  • 'HssSrv' (Hotspot Shield Routing Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
Emsisoft Anti-Malware 3.0.0.569 Gen:Variant.Graftor.48415 (B)
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1029
VIPRE Antivirus 14200 Trojan.Win32.Generic!BT

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00108515%
0.028634%
Kernel CPU:0.00078625%
0.013761%
User CPU:0.00029890%
0.014873%
Kernel CPU time:655 ms/min
100,923,805ms/min
Memory
Private memory:3.76 MB
21.59 MB
Private (maximum):9.63 MB
Private (minimum):8.48 MB
Non-paged memory:3.76 MB
21.59 MB
Virtual memory:65.36 MB
140.96 MB
Virtual memory (peak):70.2 MB
169.69 MB
Working set:8.48 MB
18.61 MB
Working set (peak):9.79 MB
37.95 MB
Page faults:12,516/min
2,039/min
Resource allocations
Threads:7
12
Handles:227
600

BehaviorsProcess properties

Integrety level:Undefined
Platform:64-bit
Command line:"C:\Program Files\hotspot shield\hsswpr\hsssrv.exe"
Owner:SYSTEM
Windows Service
Service name:ExpatSrv
Display name:ExpatSrv
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 33.33%
Windows 7 Home Premium 23.48%
Microsoft Windows XP 17.42%
Windows 7 Professional 6.82%
Windows Vista Home Premium 5.30%
Windows 8 Pro 4.55%
Windows 8 Enterprise 3.03%
Windows 8 2.27%
Windows 7 Ultimate N 2.27%
Windows XP Professional 0.76%
Windows 7 Home Basic 0.76%

Distribution by countryDistribution by country

United States installs about 22.76% of hsssrv.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Toshiba 31.46%
Dell 13.48%
Hewlett-Packard 12.36%
ASUS 11.24%
Sony 8.99%
Acer 6.74%
MSI 4.49%
Lenovo 4.49%
GIGABYTE 4.49%
Gateway 2.25%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE