Dr. WebCureIt is Not Liking Yontoo

Gnosis · Sep 9, 2012

My Dr. Web on-demand scan shows that Dr. Web is not fond of Yontoo.

Ink · Sep 9, 2012

Post a screenshot?

Gnosis · Sep 9, 2012

I will have a screenshot shortly. I am running a "full scan". It is not unusual for the full scan to have a few false positives.

Aventador · Sep 9, 2012

Well do some research. Avast does not like. AVG does not like it. Avast's WebRep rates it red. Why are you running a scan? Afraid your infected?

Gnosis · Sep 9, 2012

Dashke · Sep 10, 2012

Most of antiviruses are not fond of Yontoo.

https://www.virustotal.com/file/137865505d04187629a37e9c9beee9416e59b26611447be5f8eba5dae9623f1b/analysis/1347259187/
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99

Ink · Sep 10, 2012

Symantec: Yontoo is a potentially unwanted application that installs a browser extension to display advertisements which appear to be from Facebook.
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99 (Dashke posted the link already).

http://www.bleepingcomputer.com/forums/topic294912.html
http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll.html

Code:

hxxp://www.yontoo.com/PrivacyPolicy.aspx

Potential Privacy Risk.

Many do daily scans.

Aventador said:
Why are you running a scan? Afraid your infected?

NSG001 · Sep 10, 2012

@ ZOU1
The question is, is this something you actually need to have on your machine ?
If not then delete it, Yontoo is fairly harmless as others have indicated, just adware.

Gnosis · Sep 10, 2012

Why are you running a scan? Afraid your infected?

Not at all, and even if I thought I was infected, "afraid" is the last thing I am. I run sandboxed and even if I lost my OS it is more than 10 years old with no crucial data on it so.........Besides, I always have access via another computer to download the Dr. Web Live bootable, or KBRD. I simply run Dr. Web CureIt on-demand once every week or two since I have no traditional AV, though I mostly scan with it to sniff out any worms that might be on the network.
I run HitMan Pro too, about every day. For less than a 3 minute wait, you cannot beat it. The first thing I do when I think I am infected is run HitMan and check the view in Process Hacker. That gives me good piece of mind in under three minutes. If I still think I am infected I will use ComboFix or KBRD and scan "users" and "boot sectors". Then I will use Dr. Web CureIt and MBAM to clean up the rest.

It appears that Yontoo is "grayware".

Search

Search

Dr. WebCureIt is Not Liking Yontoo

Gnosis

Level 5

Ink

Administrator

Gnosis

Level 5

Aventador

New Member

Gnosis

Level 5

Dashke

Level 1

Ink

Administrator

NSG001

Level 16

Gnosis

Level 5

You may also like...