Is Yet another cleaner(YAC) malware?
- Thread starter xtremehosting
- Start date
- Status
- Feb 23, 2014
- 3,317
I do not think a malware
The software digitally signed with "Elex do Brasil Participações Ltda", this signature is into COMODO TVL (Trusted Vendor List)
CIS has very hard rules for adding them into TVL.
The software digitally signed with "Elex do Brasil Participações Ltda", this signature is into COMODO TVL (Trusted Vendor List)
CIS has very hard rules for adding them into TVL.
- Jan 16, 2013
- 188
I have scanned this file with VirusTotal.
In website 1/52, file 2/52.
Website -> https://www.virustotal.com/url/1afcdfa348a033a8ea862478ae3dbb2fac653016c1ec4cbfe5d65a9bbc04609c/analysis/1402744907/
File -> https://www.virustotal.comfile/1adf...02b1a91034106317e53ef772/analysis/1402735139/
That's strange. Both Eset and Baidu detects as adware only, so it could be probably safe, installing only adware.
In website 1/52, file 2/52.
Website -> https://www.virustotal.com/url/1afcdfa348a033a8ea862478ae3dbb2fac653016c1ec4cbfe5d65a9bbc04609c/analysis/1402744907/
File -> https://www.virustotal.comfile/1adf...02b1a91034106317e53ef772/analysis/1402735139/
That's strange. Both Eset and Baidu detects as adware only, so it could be probably safe, installing only adware.
ESET detects it always and eset says adware. Baidu as always copies the detection. So we have 2 detection.
It is OK to use for me but if you have suspicions, do not use it
the best way
- Jan 24, 2011
- 9,378
From what I have seen on same clients PC's... This program is automatically pushed on users computers via pop-up ads (usually appearing because the machine is infected with adware), you don't even need to click on the ad to start the download.... I don't think it's malicious, however I would put it in the grey area as a potentially unwanted program, because a legit program will never resort to this type of tactics.
Also the users review from WOT aren't exactly good: https://www.mywot.com/en/scorecard/yac.mx?utm_source=addon&utm_content=rw-viewsc
Last edited:
- Jun 16, 2014
- 781
Have only done a quick analysis but found nothing particularly suspicious about the program myself (but again, only a very quick, coffee-break type analysis). One thing I noticed is it embeds itself in the browser, changing the home page and the search page as well (not sure if it prevents them being changed, or resets them yet)
It has an anti-debug routine, so anybody analysing watch out for that.
Will take a proper look later but from what I can gather at the moment it's not particularly 'malicious', but from what I can gather, as Jack has pointed out, they seem to be pushing the software on people very aggressively. Not sure why considering it's supposed to be free?
Just my opinion based off a 'glance' will have a proper look before I set my tent up in the love or hate camp
It has an anti-debug routine, so anybody analysing watch out for that.
Will take a proper look later but from what I can gather at the moment it's not particularly 'malicious', but from what I can gather, as Jack has pointed out, they seem to be pushing the software on people very aggressively. Not sure why considering it's supposed to be free?
Just my opinion based off a 'glance' will have a proper look before I set my tent up in the love or hate camp
- Jun 16, 2014
- 781
Here's an interesting little analysis of the Web of Trust page as well, and apologies for the double post, out of all the positive ratings for yac.mx only 1 appears to be from a genuine user. I'll explain why bellow, here are the people who voted trustworthy, we can find what other sites they voted for with a google query such as the following: site:mywot.com intext:<username>
For sake of privacy I'll censor the usernames here but you can easily find them on the main WOT entry, also note I'm excluding the positive rating from one of the program's developers, which is obviously going to be positive
a******7 - Trustworthy [Has voted for two additional sites, both appear unrelated to yac.mx, neither advertised yac.mx. Type of sites he rated did not look suspicious]*1
b***********y - Not Trustworthy [Has only rated yac.mx and grammar appears similar to g****h and has an 'advertisement tone' eg: "Now my floor can sparkle and shine! Thanks wonder mop!"]
a*********n - Unreliable [Has only rated yac.mx]*2
g******h - Not Trustworthy [Has only rated yac.mx also same as b*******y above]
j***n b****e - Unknown [Comment was in French and I couldn't dig up any info on this user]
A****y - Potentially Not Trustworthy [Has only rated one site (negative rating) in addition to yac.mx and on that site his comment was along the lines of "yac.mx can remove the virus from this site", though we can't rule out whether he was just a genuinely happy user]
*1 Having said the above is 'trustworthy' I should point out that his comment is simply a copy and paste from the description of the program on their website. That in itself discounts it for me, but I couldn't very well make this post all negative, have to try to hang on to my credibility don't I
*2 This comment read more like a genuine user who was simply relying on his antivirus program to tell him if yac was any good, but he also says 'I could be wrong', so we can discount that as he obviously has no real knowledge of the program. Additionally as I said above he has only rated yac.mx and no other sites.
So the long and the short of it is in my opinion, fake reviews 'may' have been posted but we can't be sure without having access to the logs, I just hope this has been at least a mildly interesting read
For sake of privacy I'll censor the usernames here but you can easily find them on the main WOT entry, also note I'm excluding the positive rating from one of the program's developers, which is obviously going to be positive
a******7 - Trustworthy [Has voted for two additional sites, both appear unrelated to yac.mx, neither advertised yac.mx. Type of sites he rated did not look suspicious]*1
b***********y - Not Trustworthy [Has only rated yac.mx and grammar appears similar to g****h and has an 'advertisement tone' eg: "Now my floor can sparkle and shine! Thanks wonder mop!"]
a*********n - Unreliable [Has only rated yac.mx]*2
g******h - Not Trustworthy [Has only rated yac.mx also same as b*******y above]
j***n b****e - Unknown [Comment was in French and I couldn't dig up any info on this user]
A****y - Potentially Not Trustworthy [Has only rated one site (negative rating) in addition to yac.mx and on that site his comment was along the lines of "yac.mx can remove the virus from this site", though we can't rule out whether he was just a genuinely happy user]
*1 Having said the above is 'trustworthy' I should point out that his comment is simply a copy and paste from the description of the program on their website. That in itself discounts it for me, but I couldn't very well make this post all negative, have to try to hang on to my credibility don't I
*2 This comment read more like a genuine user who was simply relying on his antivirus program to tell him if yac was any good, but he also says 'I could be wrong', so we can discount that as he obviously has no real knowledge of the program. Additionally as I said above he has only rated yac.mx and no other sites.
So the long and the short of it is in my opinion, fake reviews 'may' have been posted but we can't be sure without having access to the logs, I just hope this has been at least a mildly interesting read
Last edited:
- Jan 8, 2011
- 22,361
Good thing I found this thread, I was redirected to the page below (see screenshot) from a Fake Java download site.
Why do you trust this software, even if when deploy tactics to scare users into believing their PCs are out-dated or infected? You can check the referral in the downloaded application, for example, yet_another_cleaner_ava.exe is <800KB from the fake java site. But from their main website, it's yet_another_cleaner_sk.exe at 11.7MB.
Why do you trust this software, even if when deploy tactics to scare users into believing their PCs are out-dated or infected? You can check the referral in the downloaded application, for example, yet_another_cleaner_ava.exe is <800KB from the fake java site. But from their main website, it's yet_another_cleaner_sk.exe at 11.7MB.
- Jan 22, 2014
- 1,804
- May 11, 2013
- 1,687
Actually Comodo TVL is a joke their certificates are directly linked to scam, spam and other internet crap.
Sure that's not due to their doing, but their rules are just nice in theory.
There are other certificate vendors who provide 100 times better certificates.
Now granted i am not a Comodo fan, but their cert is a joke.
- Jan 9, 2013
- 1,457
I have heard from one acquaintance that he is using YAC and trust it the way I trust Avast. But haven't used it or tested it yet to be able to give a sound comment,
I am an old user, and not a fan also
Comodo has to do something on their jobs.I agree to you. I just said these cert selected with TVL rules.
- Jun 16, 2014
- 781
Completely agree. The evidence can be found in a couple of investigations into malware sites I've posted up here. Phishing sites, drive by downloads, all signed with Comodo. I doubt they have any credibility left to be honest.
- Jan 8, 2011
- 22,361
OT:
Probably scanned the site with Comodo AV and if no detections, they can have their certificate. LOL
Probably scanned the site with Comodo AV and if no detections, they can have their certificate. LOL
- Jun 16, 2014
- 781
And by scanned the site you mean looked through the HTML of the home page
From the Comodo Virus Lab:
Technician: "Boss, we found a suspicious iframe '/jxploit.php', what should I do?"
Boss: "Look through the source-code idiot"
Technician: "But I don't know any PHP! I think it echos another an applet tag into the source-code"
Boss: "echo? That's Batch isn't it?"
Technician: "Errrr...."
Boss: "Just issue the damn certificate and let's never speak of this again . . ."
it's fake it finds thing cleans them then if u scan again it finds the same things it says ti's just cleand
- Status
Similar threads
