Dr. WebCureIt is Not Liking Yontoo

Status
Not open for further replies.
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779


My Dr. Web on-demand scan shows that Dr. Web is not fond of Yontoo.
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
I will have a screenshot shortly. I am running a "full scan". It is not unusual for the full scan to have a few false positives.
 
Aventador

Aventador

New Member
Sep 5, 2012
101
Well do some research. Avast does not like. AVG does not like it. Avast's WebRep rates it red. Why are you running a scan? Afraid your infected?
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
35jxj47.png
 
Dashke

Dashke

Level 1
Feb 3, 2012
271
Most of antiviruses are not fond of Yontoo. :)

https://www.virustotal.com/file/137865505d04187629a37e9c9beee9416e59b26611447be5f8eba5dae9623f1b/analysis/1347259187/
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99
 
I

Ink

Administrator
Verified
Jan 8, 2011
22,490
Symantec: Yontoo is a potentially unwanted application that installs a browser extension to display advertisements which appear to be from Facebook.
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99 (Dashke posted the link already).

http://www.bleepingcomputer.com/forums/topic294912.html
http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll.html

Code: 
hxxp://www.yontoo.com/PrivacyPolicy.aspx

Potential Privacy Risk.



Many do daily scans.

Aventador said:
Why are you running a scan? Afraid your infected?
Click to expand...
 
NSG001

NSG001

Level 16
Verified
Nov 21, 2011
2,192
@ ZOU1
The question is, is this something you actually need to have on your machine ?
If not then delete it, Yontoo is fairly harmless as others have indicated, just adware.
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
Why are you running a scan? Afraid your infected?
Click to expand...

Not at all, and even if I thought I was infected, "afraid" is the last thing I am. I run sandboxed and even if I lost my OS it is more than 10 years old with no crucial data on it so.........Besides, I always have access via another computer to download the Dr. Web Live bootable, or KBRD. I simply run Dr. Web CureIt on-demand once every week or two since I have no traditional AV, though I mostly scan with it to sniff out any worms that might be on the network.
I run HitMan Pro too, about every day. For less than a 3 minute wait, you cannot beat it. The first thing I do when I think I am infected is run HitMan and check the view in Process Hacker. That gives me good piece of mind in under three minutes. If I still think I am infected I will use ComboFix or KBRD and scan "users" and "boot sectors". Then I will use Dr. Web CureIt and MBAM to clean up the rest.

It appears that Yontoo is "grayware".
 
Status
Not open for further replies.

Similar threads

xonaxa
Waiting for reply Can someone help me
Replies
2
Views
972
Mobile Malware Removal Help & Support
lokamoka820
lokamoka820
F
    • Like
    • Wow
    • Sad
Security News After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud
Replies
1
Views
1,533
Security News
TairikuOkami
TairikuOkami
vtqhtr413
    • Like
    • +Reputation
    • Thanks
Secure Browser Tech Is Having a Moment
Replies
11
Views
1,700
News Archive
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top