Dr. WebCureIt is Not Liking Yontoo

Status
Not open for further replies.
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779


My Dr. Web on-demand scan shows that Dr. Web is not fond of Yontoo.
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
I will have a screenshot shortly. I am running a "full scan". It is not unusual for the full scan to have a few false positives.
 
Aventador

Aventador

New Member
Sep 5, 2012
101
Well do some research. Avast does not like. AVG does not like it. Avast's WebRep rates it red. Why are you running a scan? Afraid your infected?
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
35jxj47.png
 
Dashke

Dashke

Level 1
Feb 3, 2012
271
Most of antiviruses are not fond of Yontoo. :)

https://www.virustotal.com/file/137865505d04187629a37e9c9beee9416e59b26611447be5f8eba5dae9623f1b/analysis/1347259187/
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Symantec: Yontoo is a potentially unwanted application that installs a browser extension to display advertisements which appear to be from Facebook.
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99 (Dashke posted the link already).

http://www.bleepingcomputer.com/forums/topic294912.html
http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll.html

Code: 
hxxp://www.yontoo.com/PrivacyPolicy.aspx

Potential Privacy Risk.



Many do daily scans.

Aventador said:
Why are you running a scan? Afraid your infected?
Click to expand...
 
NSG001

NSG001

Level 16
Verified
Nov 21, 2011
2,192
@ ZOU1
The question is, is this something you actually need to have on your machine ?
If not then delete it, Yontoo is fairly harmless as others have indicated, just adware.
 
Gnosis

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
Why are you running a scan? Afraid your infected?
Click to expand...

Not at all, and even if I thought I was infected, "afraid" is the last thing I am. I run sandboxed and even if I lost my OS it is more than 10 years old with no crucial data on it so.........Besides, I always have access via another computer to download the Dr. Web Live bootable, or KBRD. I simply run Dr. Web CureIt on-demand once every week or two since I have no traditional AV, though I mostly scan with it to sniff out any worms that might be on the network.
I run HitMan Pro too, about every day. For less than a 3 minute wait, you cannot beat it. The first thing I do when I think I am infected is run HitMan and check the view in Process Hacker. That gives me good piece of mind in under three minutes. If I still think I am infected I will use ComboFix or KBRD and scan "users" and "boot sectors". Then I will use Dr. Web CureIt and MBAM to clean up the rest.

It appears that Yontoo is "grayware".
 
Status
Not open for further replies.

Similar threads

vtqhtr413
    • Like
    • +Reputation
    • Thanks
Secure Browser Tech Is Having a Moment
Replies
11
Views
1,334
News Archive
Trident
Trident
oldschool
    • Like
    • Applause
Hot Take How Firefox Loses When it Tries to Copy Chrome
Replies
0
Views
427
Firefox
oldschool
oldschool
silversurfer
    • Like
New Update Gmail app for iOS now gives you an even faster way to unsubscribe emails
Replies
1
Views
309
Office, email and business apps
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top