See: https://www.virustotal.com/nl/url/b5eff40191519350fa689a13b27d5c7c3f6e485aa544eb17e9c4ececa08ec59c/analysis/1412268536/
https://www.virustotal.com/nl/file/f79251f6929965c44817c52149245d8c6ae8f390a116fa55423745eba7e5eb62/analysis/1412001383/
hosts a threat identified as: CYSC.URL.MALWARE.GEN
Many won’t detect: http://quttera.com/detailed_report/dde.de.storage-files-j.com
Site Potentially Harmful and Blacklisted Site -
http://safeweb.norton.com/report/show?url=dde.de.storage-files-j.com
Naam of threat: Trojan.ADH.SMH Locatie: htxp://dde.de.storage-files-j.com/52/156/ct1561552/d4719583831f4c949a21ad8bd15e6096/Downloads/Prod/SmallStub1.3.9.0.140504.01/14-05-04-18.36.33.059/tb_Hotspot_Shield.exe

Fails and warnings here: https://asafaweb.com/Scan?Url=dde.de.storage-files-j.com

pol

Naam of threat: Trojan.ADH.SMH Locatie: htxp://dde.de.storage-files-j.com/52/156/ct1561552/d4719583831f4c949a21ad8bd15e6096/Downloads/Prod/SmallStub1.3.9.0.140504.01/14-05-04-18.36.33.059/tb_Hotspot_Shield.exe

https://www.virustotal.com/en/file/6c97b4326cc85cd9838d93ecf285916fadeef88319503ff7065cbcf26c6a6b2b/analysis/1412271293/

So this software bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

We have seen here many instances where victims of Conduit adware/browser hijacker needed help to remove this persistent search optimizer from their devices. Some instances of this annoying adware causes that Google Chrome can no longer update and become hard to remove without help of a qualified malware remover.

polonus