Need to fix your PC?
Hire an Expert
Virus:Adware/Yontoo.E.1
Date discovered:19/07/2012
Type:Adware/Spyware
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
File size:814224 Bytes
MD5 checksum:f478d6ce6bfe173158217a59a5588f79
VDF version:7.11.36.228 - Thursday, July 19, 2012
IVDF version:7.11.36.228 - Thursday, July 19, 2012

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification

 Files  It creates the following directory:
   • %HOME%\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com



The following files are created:

– %temp%\YontooSetup-Silent.exe Furthermore it gets executed after it was fully created.
– %temp%\YontooSetup-Silent-0744.exe Furthermore it gets executed after it was fully created.
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\build.sh
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\chrome.manifest
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\config_build.sh
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\about.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\firefoxOverlay.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\options.xul
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\overlay.js
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\content\y2layers.jpg
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\install.rdf
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\locale\en-US\about.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\8msjo1o7.default\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\readme.txt
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\skin\overlay.css
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\extensions\plugin@yontoo.com\plugin@yontoo.com\skin\toolbar-button.png
– %HOME%\User\Anwendungsdaten\Mozilla\Firefox\Profiles\default\user.js

 Registry It registers a browser helper object (BHO) by adding the following keys:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • (Default)="Yontoo Layers"

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • NoExplorer=1

– HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\
   • (Default)="YontooIEClient"

– HKCR\AppID\YontooIEClient.DLL\
   • AppID="{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"

– HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\(Default)
   • YontooIEClient

– HKCR\YontooIEClient.Api.1\
   • (Default)="Yontoo API"

– HKCR\YontooIEClient.Api.1\CLSID\
   • (Default)="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

– HKCR\YontooIEClient.Api\CLSID\
   • (Default)="Yontoo API"

– HKCR\YontooIEClient.Api\CurVer\
   • (Default)="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\
   • (Default)="Yontoo API"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID\
   • (Default)="YontooIEClient.Api.1"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\
   VersionIndependentProgID\
   • (Default)="YontooIEClient.Api"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\
   • Default="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\
   • ThreadingModel="Apartment"

– HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\YontooIEClient.Layers.1\
   • (Default)="Yontoo"

– HKCR\YontooIEClient.Layers.1\CLSID\
   • (Default)="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

– HKCR\YontooIEClient.Layers\
   • (Default)="Yontoo"

– HKCR\YontooIEClient.Layers\CLSID\
   • (Default)="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

– HKCR\YontooIEClient.Layers\CurVer\
   • (Default)="YontooIEClient.Layers.1"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   • (Default)="Yontoo"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID\
   • (Default)="YontooIEClient.Layers.1"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   VersionIndependentProgID\
   • (Default)="YontooIEClient.Layers"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\
   • ThreadingModel="Apartment"

– HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\
   • (Default)="YontooIEClient 1.0 Type Library"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS\
   • (Default)=0

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR\
   • (Default)="%PROGRAM FILES%
   • \Yontoo"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   • (Default)="ILayers"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid32\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib\
   • Version="1.0"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   • (Default)="IApi"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid\
   • (Default)="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid32\
   • (Default)="{00020424-0000-0000-C000-000000000046}"
   •

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib\
   • (Default)="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

– HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib\
   • Version=1.0

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\
   • (Default)="%PROGRAM FILES%
   • \Yontoo\YontooIEClient.dll"

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\
   • ThreadingModel="Both"

– HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   • (Default)="PSFactoryBuffer"

– HKCR\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\
   • (Default)="d6aee4df-aa53-4647-8da3-9b385ee18e3d"

– HKCR\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\
   defaultEnableAppsList\
   • (Default)=""

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://**********.yontoo.com/InstallHandler.aspx?alpha=Jw0NaW96RxRaKEgGCkctaHhUZnduV052MBQhXH5+SF5MHHwBCHkSUyZIFWg2LxgVOBImLn5vfjsMQT0oK1FsbxhNC0knPXNWGTprTXkuURIlVQZGTU8eO0AzLiNLJg1fIkcGHwU0VEsMcUlAOmt/T14hQnZ+YHYpPQ9bKHF2CXJ0E

Description inserted by Jan-Eric Herting on Saturday, July 21, 2012
Description updated by Carlos Valero Llabata on Saturday, July 21, 2012

Back . . . .
 
 
 
 

© 2013 Avira Operations GmbH & Co. KG. All rights reserved.

My Account

https:// This window is encrypted for your security.