Yontoo virus
Yontoo is the title of a potentially unwanted program (PUP) and publisher that promotes standalone objects including Yontoo web apps, Yontoo Layers Client, PageRage, My Super Cheap, DropDownDeals and others. The programs published by Yontoo are known to cause many issues for computer and internet users. Most security analysts and reputable Antivirus vendors have included Yontoo in the adware category because it is known to infiltrate a computer system without user knowledge, bundle with other unwanted programs, access user browsing data, and generate cross-browser pop-up ads.
The Yontoo extension and browser attachments that it may bundle with have ‘permissions’ set allowing them to perform tasks users may find undesirable. These permissions are listed below.
[list style=”check” color=”green”]
- Read and change all your data on the websites you visit.
- Read and change your browsing history.
- Manage your apps, extensions, and themes.
- Manage your downloads.
[/list]
Yontoo adware is usually contracted without user knowledge alongside free downloadable content from a variety of locations on the web. Free downloadable content includes freeware, shareware, torrents, email attachments, and more.
Users who wish to install freeware may be given a “custom installation” option to accept or decline an offer to install Yontoo adware and similar products during the installation; However, the user request to decline the adware from installing can be ignored by the program or presented in a confusing manner.
In some cases, Yontoo and other unwanted programs are deceptively promoted through questionable advertisements. These advertisements may be dishonest, misleading, and cause the program to automatically download and install once clicked on.
How to remove Yontoo (Removal Guide)
[list style=”pointer” color=”red”]
- Step 1: Remove Yontoo add-ons and extensions
- Step 2: Uninstall Yontoo
- Step 3: Remove Yontoo malware with Malwarebytes Anti-Malware
- Step 4: Cleanup and repair settings with CCleaner by Piriform
- For Tech Support Call: 1-888-879-0084
[/list]
Step 1: Remove Yontoo add-ons and extensions
Google Chrome
1. Click the Customize and control Google Chrome icon on the top menu and navigate to More tools > Extensions.
2. Search for Yontoo and other suspicious extensions in the list. Remove unwanted browser extensions individually by clicking the trashcan icon next to each one.
Mozilla Firefox
1. Type Ctrl+Shift+A.
2. Search for Yontoo and other suspicious add-ons on the Extensions and Plugin tab. Highlight each one individually and click remove.
Step 2: Uninstall Yontoo
1. Open Windows Start Menu and go to the Control Panel.
2. On Windows Control Panel, click Uninstall a program or Add and remove a program in the Programs section.
3. Search for Yontoo and other unwanted programs in the list of installed programs. Once an unwanted program is located, double click the item or select it with your mouse and click the Uninstall button.
4. If “Important! Yontoo is a shared web app component. If you remove it, Yontoo Web Apps will no longer work. In order to completely remove Yontoo, uninstall must close your web browsers. Click Tes to close your browsers and remove Yontoo. Click No to remove Yontoo without closing your browsers (files in use may be left behind). Click Cancel to abort uninstall and leave Yontoo on your computer.” appears click Yes.
5. If a window appears asking to disable Yontoo Apps, select them all and click next.
Step 3: Remove Yontoo malware with Malwarebytes
1. Download and install the free or full version of Malwarebytes Anti-Malware. The full version enables real-time protection to block malware and unwanted programs from infecting your computer, while the free version is just a free scan and removal tool.
[button link=”https://store.malwarebytes.org/342/cookie?affiliate=23046&redirectto=http%3a%2f%2fdownloads.malwarebytes.org%2ffile%2fmbam%2f&redirecthash=79CD12ECAB939D32967B5D05C6C86E32″ align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Download Malwarebytes Free[/button][button link=”https://store.malwarebytes.org/342/?affiliate=23046&scope=checkout&cart=139724″ align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Buy Premium Now[/button]
2. Open the Malwarebytes Anti-Malware program.
3. Click the large Scan Now button or visit the “Scan” tab to manually run a scan.
4. Once the malware scan is complete, click the Remove Selected button and reboot your computer.
Step 4: Cleanup and repair settings with CCleaner
1. Download and install the free or full version of CCleaner by Piriform.
[button link=”https://secure.piriform.com/502/cookie?affiliate=23046&redirectto=https%3a%2f%2fwww.piriform.com%2fccleaner%2fdownload%2fstandard” align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Download CCleaner Free[/button]
[button link=”https://secure.piriform.com/502/cookie?affiliate=23046&redirectto=https%3a%2f%2fwww.piriform.com%2fccleaner%2fdownload%2fprofessional” align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Buy Professional Now[/button]
2. Once installed, open the program and navigate to Cleaner > Windows/Applications and click the Analyze button. Afterwards, click the Run Cleaner button on the bottom right of the program interface.
3. Next, navigate to Tools > Startup and search through each tab starting from windows, internet explorer, etc., all the way to Content Menu, for additional suspicious entries and click Disable and Delete once anything is found.
Yontoo Files
YontooIEClient.dll YontooIEClient_2.dll
Yontoo Folder Locations
%ProgramFiles%\Yontoo Layers Client for Internet Explorer %ProgramFiles%\Yontoo Layers Runtime %ProgramFiles%\Drop Down Deals %ProgramFiles% (x86)\Yontoo
Yontoo Registy Entires, Keys, & Values
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595d
[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon
Thank you for your help
thanks for the help i noticed it was on by accident and was trying to get it off for a while but as soon as i found your helpful tips i got it done right away good job and great walkthrough thx
Thank you for this very important info. Everyone should be made aware of this bad maliscious virus. I appreciate people like you. Thank you!!!
In attempting to remove Yontoo [from Control Panel – Uninstall] I get this message from TARMA UNINSTALLER: Error 2 While loading archive the system cannot find the file specified [ie, \setup.dat]
What next?
i am getting this same message, did you manage to get past this?
Thanks for the information Sean. Much appreciated.
– I have Yontoo installed on my computer. I am about to do the the things that you said to get it and other applications off. I don’t know how they got on. I guess because my wife lets our son use the computer too often and he sometimes downloads games or utilities.