Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

2, 91, 0, 0 0.76%
2, 90, 0, 0 2.27%
2, 88, 0, 0 12.88%
2, 87, 0, 0 7.58%
2, 85, 0, 0 0.76%
2, 84, 0, 0 4.55%
2, 83, 0, 0 4.55%
2, 81, 0, 0 0.76%
2, 79, 0, 0 2.27%
2, 78, 0, 0 12.88%
2, 78, 0, 0 2.27%
2, 78, 0, 0 0.76%
2, 76, 0, 0 6.82%
2, 75, 0, 0 0.76%
2, 74, 0, 0 6.82%
2, 72, 0, 0 0.76%
2, 70, 0, 0 2.27%
1, 0, 0, 1 18.18%
1, 0, 0, 1 9.85%
1, 0, 0, 1 2.27%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
InitializeSecurityDescriptor, ChangeServiceConfig2W, RegisterServiceCtrlHandlerW, DeleteService, ControlService, QueryServiceStatus, StartServiceW, OpenServiceW, RegCreateKeyW, CloseServiceHandle, CreateServiceW, OpenSCManagerW, SetSecurityDescriptorDacl, RegCloseKey, SetServiceStatus, RegSetValueExW, RegCreateKeyExW, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExA, RegEnumKeyExA, StartServiceCtrlDispatcherW, RegOpenKeyExW, RegQueryValueExW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
FindResourceW, FindResourceExW, MultiByteToWideChar, GetModuleFileNameW, lstrlenW, GlobalFree, GlobalAlloc, WideCharToMultiByte, LoadResource, CloseHandle, CreateThread, GetSystemWindowsDirectoryW, GetCurrentDirectoryW, GetLastError, OpenEventW, Sleep, SetConsoleCtrlHandler, GetVersionExW, LockResource, SizeofResource, FindFirstFileW, FindNextFileW, CompareFileTime, FindClose, FileTimeToSystemTime, lstrlenA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetFullPathNameA, GetDriveTypeA, CreateFileA, SetEndOfFile, InterlockedExchange, GetLocaleInfoW, LoadLibraryA, InitializeCriticalSectionAndSpinCount, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, InterlockedDecrement, GetCurrentProcess, LoadLibraryW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, GetCurrentThreadId, CreateEventW, WaitForSingleObject, PostQueuedCompletionStatus, SetEvent, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, ResetEvent, CreateFileW, DeviceIoControl, GetVolumeInformationW, GetTempPathW, SetCurrentDirectoryW, CreateMutexW, ReleaseMutex, OpenMutexW, ReadFile, InterlockedIncrement, GetTempFileNameW, DeleteFileW, RaiseException, HeapDestroy, HeapAlloc, HeapReAlloc, HeapSize, RtlUnwind, GetSystemTimeAsFileTime, TerminateProcess, GetModuleHandleA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitThread, ResumeThread, FileTimeToLocalFileTime, GetDriveTypeW, GetTimeFormatA, GetDateFormatA, CreateDirectoryW, GetTimeZoneInformation, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, WriteFile, GetConsoleCP, GetConsoleMode, HeapCreate, VirtualFree, FatalAppExitA, VirtualAlloc, GetStdHandle, GetModuleFileNameA, LCMapStringA, LCMapStringW, ExitProcess, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetFullPathNameW, GetFileInformationByHandle, PeekNamedPipe, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFilePointer, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStartupInfoW, GetSystemDirectoryW, CreateProcessW, GetFileSize, EncodePointer, DecodePointer, HeapSetInformation, FindFirstFileExW, FindFirstFileExA, IsProcessorFeaturePresent, CreateProcessA, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW
ole32.dll
CoCreateInstance, CoInitialize, OleRun, StringFromGUID2
shell32.dll
SHGetFolderPathW, SHGetFolderPathA
shlwapi.dll
PathFileExistsW, PathAddBackslashW, PathAppendW, PathIsRootW, PathIsDirectoryW
user32.dll
wvsprintfW
wininet.dll
InternetCheckConnectionW, InternetAttemptConnect, InternetOpenUrlW, HttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, HttpSendRequestW, InternetOpenW, InternetCrackUrlW, InternetSetOptionW, InternetConnectW, HttpOpenRequestW, InternetCloseHandle
ws2_32.dll
getaddrinfo, WSACreateEvent, WSAEventSelect, WSAEnumNetworkEvents, freeaddrinfo, WSAIoctl

HssSrv.exe

By AnchorFree Inc (Signed)

Remove HssSrv.exe
Version:   2, 74, 0, 0
MD5:   e521d91d1a3ddeb2867aa091a8a9d156
SHA1:   871e6804b43f703246736bb93038a666c87763bc
SHA256:   9a8dd709097c23284f7eb8603080495ba3a6794fa9098ac2b2598870a99f0090
Warning 6 antivirus scanners has detected malware.

What is HssSrv.exe?

Hotspot Shield allows you to create a VPN, or virtual private network, so you can transfer your data securely. When you access the Internet through such connections, you risk having your computer or mobile infected by a virus or even an intruder to enter your system. Moreover, the dangers exist that a malicious person can intercept your information and use it for unfriendly reasons.

About HssSrv.exe (from AnchorFree Inc)

Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP‘s, from viewing your web browsin

DetailsDetails

File name:hsssrv.exe
Publisher:AnchorFree Inc.
Typical file path:C:\Program Files\hotspot shield\hsswpr\hsssrv.exe
File version:2, 74, 0, 0
Size:403.36 KB (413,040 bytes)
Certificate
Issued to:AnchorFree Inc
Authority (CA):VeriSign
Effective date:Sunday, March 27, 2011
Expiration date:Sunday, April 13, 2014
Digital DNA
PE subsystem:Windows Console
Entropy:6.675736
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Hotspot Shield
 AnchorFree Inc
  58% remove
If you are using the free Service, AnchorFree may deliver third-party Advertisements within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted directly into the page content, or even displayed to overlay the page. A “hotspot” is a Wi-Fi connection access point. Usually this type of connection is public; therefore, it is completely insecure. Hotspot Shield allows you to create a VPN, ...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • ExpatSrv
  • 'ExpatSrv' (Expat Shield Routing Service)
  • 'HssSrv' (Hotspot Shield Routing Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
Antivirus engineEngine versionDetection
Emsisoft Anti-Malware 3.0.0.569 Gen:Variant.Graftor.48415 (B)
NANO AntiVirus 0.22.8.50837 Trojan.Win32.Siggen.bbwhyo
nProtect 2013-03-11.01 Trojan/W32.Agent.413040.B
The Hacker None Trojan/Agent.btae
Trend Micro 9.740.0.1012 HT_AGENT_BK084128.TOMC
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1018

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00271507%
0.028634%
Kernel CPU:0.00207177%
0.013761%
User CPU:0.00064329%
0.014873%
Kernel CPU time:11,160 ms/min
100,923,805ms/min
CPU cycles:102,908/sec
17,470,203/sec
Context switches:18/sec
284/sec
Memory
Private memory:2.27 MB
21.59 MB
Private (maximum):5.38 MB
Private (minimum):3 MB
Non-paged memory:2.27 MB
21.59 MB
Virtual memory:56.37 MB
140.96 MB
Virtual memory (peak):60.61 MB
169.69 MB
Working set:3.92 MB
18.61 MB
Working set (peak):6.61 MB
37.95 MB
Page faults:11,104/min
2,039/min
I/O
I/O read transfer:20 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:64 Bytes/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:8
12
Handles:189
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\hotspot shield\hsswpr\hsssrv.exe"
Owner:SYSTEM
Windows Service
Service name:ExpatSrv
Display name:ExpatSrv
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.01791593%
0.272967%
Kernel CPU:0.00000000%
0.107585%
User CPU:0.01791593%
0.165382%
CPU cycles:58,772/sec
5,741,424/sec
Memory:1.23 MB
1.16 MB
hsssrv.exe (main module)
Total CPU:0.00150299%
Kernel CPU:0.00122807%
User CPU:0.00027492%
CPU cycles:130,630/sec
Context switches:2/sec
Memory:436 KB
rasman.dll
Total CPU:0.00040143%
Kernel CPU:0.00040143%
User CPU:0.00000000%
CPU cycles:1,155/sec
Memory:84 KB
ADVAPI32.dll
Total CPU:0.00029124%
Kernel CPU:0.00025888%
User CPU:0.00003236%
CPU cycles:4,660/sec
Memory:792 KB
RPCRT4.dll
Total CPU:0.00006477%
Kernel CPU:0.00003239%
User CPU:0.00003239%
CPU cycles:980/sec
Memory:780 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 33.33%
Windows 7 Home Premium 23.48%
Microsoft Windows XP 17.42%
Windows 7 Professional 6.82%
Windows Vista Home Premium 5.30%
Windows 8 Pro 4.55%
Windows 8 Enterprise 3.03%
Windows 8 2.27%
Windows 7 Ultimate N 2.27%
Windows XP Professional 0.76%
Windows 7 Home Basic 0.76%

Distribution by countryDistribution by country

United States installs about 22.76% of hsssrv.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Toshiba 31.46%
Dell 13.48%
Hewlett-Packard 12.36%
ASUS 11.24%
Sony 8.99%
Acer 6.74%
MSI 4.49%
Lenovo 4.49%
GIGABYTE 4.49%
Gateway 2.25%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE