Solved

Is Yontoo Good or Bad?

  • 10 September 2012
  • 27 replies
  • 309182 views

Somehow an add-on on my IE started showing up, it is called yontoo. I am not sure if it is bad or innocuous? I suspect it installed from some other program I installed in the last month. I did find it in the control panel and I did un-install it. I went to yontoo.com and it looked legit, but I am not sure.
 
Has anyone heard of it?
 
Thanks, Dan
icon

Best answer by RetiredTripleHelix 14 May 2013, 00:42

@ wrote:
All direct & indirect connections to Yontoo have been obliterated; risk of reinfection now zero. 
 
Thanks for the advice.  I regard it very seriously & am keeping it right on my desk in case for whatever reason it will come in handy, as has all of your help today has been!
 
R.. 
You're very welcome! ;)
 
Cheers,
 
TH
View original

27 replies

Userlevel 7
Badge +55
@ wrote:
Somehow an add-on on my IE started showing up, it is called yontoo. I am not sure if it is bad or innocuous? I suspect it installed from some other program I installed in the last month. I did find it in the control panel and I did un-install it. I went to yontoo.com and it looked legit, but I am not sure.
 
Has anyone heard of it?
 
Thanks, Dan
It's just a (PUP) Possibly Unwanted Program but you uninstalled which is good thing as I hate PUP's = Crapware IMO! These days most programs have PUP's added into the installers to make a few bucks on each install so users have to watch what they install and watch during the install as most times you can uncheck Unwanted add-ons! Here is a small lists of programs that include Unwanted add-ons http://www.calendarofupdates.com/updates/index.php?showtopic=16109
 
TH
 
Userlevel 7
Badge +55
I downloaded the file and scanned with WSA and it came back as Bad! So it was good that you uninstalled it! ;)
 
TH
 

Thanks for checking that out for me. I hope it didn't do anything bad.
 
Dan
Userlevel 7
Badge +55
No problem as I didn't execute the file but at least we found out it's Bad!
 
TH
Userlevel 7
This topic is pretty old, but since it comes up in search results towards the top of the list, I'd like to make sure it's still as useful as it can be to anyone who stumbles across it.
 
There is more recent information on Yontoo here.
Userlevel 2
Yeah as others have stated, this program is not directly malicious, however it could track you, and use information to send you target ads or other nasties in the future.
Userlevel 7
Badge +55
Thanks for the update Jim I forgot about this thread when Yegor posted the new threat to Mac's.
 
Daniel
Userlevel 7
Badge +32
One of the best ways to avoid these browser plugins, toolbars and other PUAs is to download software directly from the company website whenever possible. The "download managers" from third-party download sites often contained bundled software.
 
-Dan
Userlevel 7
@ wrote:
One of the best ways to avoid these browser plugins, toolbars and other PUAs is to download software directly from the company website whenever possible. The "download managers" from third-party download sites often contained bundled software.
 
-Dan
I agree.
Yontoo is a virus waiting to happen. I cannot even delete it from my control panel. What is up with that? Any help would be appreciated. I have had to rid my computer of viruses numerous times from yontoo.
Userlevel 7
Badge +55
Hello pupinvestigator13 and Welcome to the Webroot Community Forums.
 
You could have a new variant so can you Please Submit a Support Ticket so they can gather some logs and they will make sure you're clean of Malware. You can even see here as Mac's are getting infected with Yontoo: http://community.webroot.com/t5/Security-Industry-News/New-Mac-Trojan-injects-ads-into-Chrome-FF-and-Safari-pages/td-p/31368#.UYXZN8r2k9Z
 
HTH,
 
TH
Thanks for posting all this information.  Somehow, this **bleep** ass program installed itself and it was blowing up my screen with  "burnt-red-orange" words being highlighted, etc.
 
Fortunately, after you gave us the directions, my computer tech guy was able to easily uninstall this crap (went to the Control Panel, then "Programs & Features"  Bingo - there it was, last entry.  It tried to deek him, but when he closed the page out and then reopened it and disinstalled it a second time, that one "took" and it was gone).
 
Again, thank you!  I'll keep Webroot in mind in the future.
P.S. We also found other unwanted "things" on the Programs and Features list, including something from the New York Times, which for us is analogous to Lillian Hellman in 1972 walking into her home and finding an uninvited Richard Nixon sitting in her living room. 
 
So thank, in addition, for the heads-up.
Userlevel 7
Badge +55
Great to hear and yes there is so many programs that add unwanted programs so you got to watch during install and uncheck anything that you don't want.
 
Cheers,
 
TH
Yontoo has appeared on my computer. I tried to uninstall it through control panel/add remove programmes, but get message "Set up initialization error" . It won't uninstall. how can I get rid of it? And why did Kaspersky not catch it before it installed?
 
Userlevel 7
Badge +55
Hello Janef and Welcome to the Webroot Community Forums.
 
Since you can't uninstall via Add/Remove please Submit a Support Ticket so they look at your scan logs and they will be happy to help you remove it. I don't know why Kaspersky didn't detect it as it could be a new variant? There seems to be a problem at this time with my Support links if it doesn't work try this one. https://detail.webrootanywhere.com/servicetalk.asp?
 
Thanks,
 
TH
Hi!  I too use Karpetsky and it failed to stop the surreptitious installation of the malware Yontoo (spellings here are getting iffy).  However, my tech guy didn't have the error message you received. 
 
What infuriates me is that when you activate these arrested, molested words and phrases, Yonton comes on as if they were a requested service that you agreed to have installed!!!
 
Good luck with the disinstillation.
Hi, me again.  This was my next email message.  Note that they're (Yontoo) acting as if was all a minor misunderstanding regarding between a customer (me) who had initially ASKED that their service be installed, instead of the sneaks installing it without permission.  I'm passing this along to you; it may be useful information. Thanks again for your guidance. Riposte
 
(Note that their HTML was killed off by Webroot's editing function.  If you need it, reply and I'll figure out some way of sending it.  Riposte)
 
*****
 
Re: Incoming Feedback?
Customer Support (customersupport@yontoo.com)
 
From:
Customer Support (customersupport@yontoo.com)

Sent:
Mon 5/13/13 12:42 PM

To:
 

 
 

   
 
Hello and thank you for contacting us regarding this matter. We sympathize with the inconvenience and will be happy to help you uninstall Yontoo. Below we have listed steps for both PC and Mac.

Uninstalling Yontoo troubleshooting tips on PC:
  • Begin by trying Add/Remove programs within your systems control panel and uninstall Yontoo
  • If that didn’t work for you, Run this uninstaller tool file: (link to malicious .exe removed by moderator) --- (Sometimes other programs may alter or even remove necessary files that Yontoo needs to uninstall properly - this link will help)
  • Please remember to clear your cache of temporary internet files and cookies. (Ctrl+Shift+Delete in most browsers) 
  • Please close and re-open your browser and that concludes our uninstalling tips
Uninstalling Yontoo troubleshooting tips on Mac:
  • Please understand that you will need to repeat these steps per each browser currently on your system. (Safari, Firefox, Chrome etc..)
  • For Safari, from the Safari drop down menu select "Preferences", then select the "Extensions" tab, then "Uninstall" Yontoo
  • For Chrome, From the drop down menu, select "Preferences," then select "Extensions" (in the upper left corner), then trash can next to Yontoo to uninstall.
  • For Firefox, press Cmd+Shift+A, which takes you to "Add-on's" then Remove Yontoo
  • Please remember to clear your cache of temporary internet files and cookies in each browser (Cmd+Shift+Delete in most browsers)
 
  • Please close and re-open your browsers one by one and that concludes our uninstalling tips.
We again sympathize with the inconvenience and hope this information is helpful. Please do not hesitate to contact us again if you need anything else.
Have a great day.
 
[End message from Yontoo to Riposte]
 
 
Userlevel 7
Badge +55
Please remove you're link as the Uninstaller is some sort of malware. And most of the AV's don't detect it
 https://www.virustotal.com/en/file/c5f3e266e4451cf800d440b862632260555716a7a577e6d5fb67202383aeed70/analysis/1368481231/
 
TH

 


Sorry, I don't understand your point.
 
I did try to delete the highlighted http by highlighting it and then deleteing it.  This did nothing.
 
If you want to, kill off the entire message!
 
Let me know how this works out or if I can do anything else to help.
 
Riposte
Userlevel 7
Badge +55
It's OK as MikeR removed your download link.
 
TH
Excellent!  May I ask one question?  If I myself had clicked that "unload" (disinstall) http when it was in my email inbox ---  would it had, instead, by design, RE-installed Yontoo on my system?
 
I'm not a natural computer guy; please allow for the neophyte phrasing, which, I'm sure, provides much innocent merriment in your environment..
 
Thanks again.  You've taken a lot of time with this; it is appreciated.
 
Riposte
Userlevel 7
Badge +55
Are you using Webroot SecureAnywhere? And if you are what version:  http://www.webroot.com/En_US/consumer-compare.html
 
Thanks,
 
TH
No, I am not currently a Webroot user.  I came here via Google search to find out who the heck Yontoo is and to ask for suggestions for disintallation, which were obtained today.  Then my computer technician came by & successfully disinstalled Yontoo.
 
Riposte
Userlevel 7
Badge +55
OK if you downloaded the uninstaller and ran it you could be infected again see here: https://www.virustotal.com/en/file/c5f3e266e4451cf800d440b862632260555716a7a577e6d5fb67202383aeed70/analysis/1368481231/ You should give WSA Trial a run as you will like it very much and possibly buy it and it's the only thing I use: http://www.webroot.com/En_US/consumer-trials.html Also there is a great sale on right now! http://www.webroot.com/En_US/sites/promo2.html
 
HTH,
 
TH

Reply