Yontoo Layers

By CagedTech in Adware

Translate To:

Threat Scorecard

Ranking:	3,346
Threat Level:	20 % (Normal)
Infected Computers:	127,289

First Seen:	August 17, 2010
Last Seen:	April 16, 2024
OS(es) Affected:	Windows

There have been many reports of computer systems showing constant advertisements due to a Yontoo adware infection. Although these kinds of applications are often installed with the full knowledge that they will display advertisements, ESG security analysts have also received reports of severe virus and Trojan infections contracted from advertisements that Yontoo displays. Basically, the Yontoo application will be installed as part of a requirement for installing an application known as PageRage, designed to overlay designs on top of Facebook's profile pages, in essence allowing computer users to customize and make more attractive their Facebook wall, profile and Timeline.

PageRage's manufacturers claim that Yontoo is a legitimate way of supporting their software, although it is up to computer users to decide whether the advertisements that Yontoo delivers to the computer system are worth being able to tweak the appearance of a Facebook profile. There are several reasons why Yontoo is a form of adware, although this kind of infection may be worth the risk for some computer users. The main issue of installing Yontoo on your computer is the fact that advertisements that Yontoo displays may lead to undesirable sites. Yontoo also has some behaviors that are not compatible with good applications acting in good faith. For example, Yontoo Adware has several tracking and data-recollection components that are embedded and may be difficult to disable, as well as the fact that Yontoo is not entirely honest about what Yontoo does when installed on the computer user's system. While Yontoo Layers is limited to your web browser and can be easily quarantined by most security applications, some of the advertisements that Yontoo displays contain questionable content.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Generic5.FR
Fortinet	Adware/Gaba
Ikarus	AdWare.Win32.Gabpath
GData	Win32:Gabpath-OY
Sophos	Troj/DwnLdr-JYF
McAfee-GW-Edition	Artemis!C03154CDDB74
AntiVir	TR/ATRAPS.Gen2
Kaspersky	not-a-virus:AdWare.Win32.Gaba.njw
Avast	Win32:Gabpath-OY [Adw]
AVG	unknown virus Win32/DH{DwNh}
Fortinet	W32/AutoRun.HLP!worm
Antiy-AVL	Trojan/win32.agent.gen
AntiVir	TR/Rogue.7619581
DrWeb	Win32.HLLW.Autoruner1.17062
McAfee	W32/Autorun.worm.aacz

SpyHunter Detects & Remove Yontoo Layers

File System Details

Yontoo Layers may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	YontooDesktop.exe	2a6c01bac0f8aa9143d61ae1e28e263a	7,140
Name: YontooDesktop.exe MD5: 2a6c01bac0f8aa9143d61ae1e28e263a Size: 42.78 KB (42784 bytes) Detections: 7,140 Type: Executable File Path: E:\Sicherung\ich\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: November 24, 2023
2.	Y2Desktop.Updater.exe	24fb8db6d1d55e2c5d0a53dfe48e6af8	3,684
Name: Y2Desktop.Updater.exe MD5: 24fb8db6d1d55e2c5d0a53dfe48e6af8 Size: 23.55 KB (23552 bytes) Detections: 3,684 Type: Executable File Path: C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe Group: Malware file Last Updated: April 16, 2024
3.	YontooDesktop.exe	1a6615bbc61ddfa4deca9eb7d0497c88	1,267
Name: YontooDesktop.exe MD5: 1a6615bbc61ddfa4deca9eb7d0497c88 Size: 47.39 KB (47392 bytes) Detections: 1,267 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: April 16, 2024
4.	YontooDesktop.exe	6d65b913418c47af130be4b3aacb4a44	725
Name: YontooDesktop.exe MD5: 6d65b913418c47af130be4b3aacb4a44 Size: 42.78 KB (42784 bytes) Detections: 725 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: May 26, 2019
5.	YontooDesktop.exe	d9bc842a3c0cc41bc637c4571375c627	675
Name: YontooDesktop.exe MD5: d9bc842a3c0cc41bc637c4571375c627 Size: 42.78 KB (42784 bytes) Detections: 675 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: November 23, 2022
6.	YontooDesktop.exe	6bc2b7ff6ae90d8fc4d081272d08ed30	673
Name: YontooDesktop.exe MD5: 6bc2b7ff6ae90d8fc4d081272d08ed30 Size: 42.78 KB (42784 bytes) Detections: 673 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: April 21, 2022
7.	YontooDesktop.exe	86009b559125264bc077bde01628c013	637
Name: YontooDesktop.exe MD5: 86009b559125264bc077bde01628c013 Size: 42.78 KB (42784 bytes) Detections: 637 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: June 12, 2023
8.	YontooDesktop.exe	c7796b06057668e1f29f0fdbe1c6d432	635
Name: YontooDesktop.exe MD5: c7796b06057668e1f29f0fdbe1c6d432 Size: 42.78 KB (42784 bytes) Detections: 635 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: October 11, 2020
9.	YontooDesktop.exe	7f48646444c82edfa03ff1215f8b5e52	611
Name: YontooDesktop.exe MD5: 7f48646444c82edfa03ff1215f8b5e52 Size: 42.78 KB (42784 bytes) Detections: 611 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: September 7, 2020
10.	YontooDesktop.exe	43d2a744ee7bc22bfc177ceb6b9a4d95	601
Name: YontooDesktop.exe MD5: 43d2a744ee7bc22bfc177ceb6b9a4d95 Size: 42.78 KB (42784 bytes) Detections: 601 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\YontooDesktop.exe Group: Malware file Last Updated: July 16, 2023
11.	YontooIEClient.dll	d844fbc9f172cd0c1768d186e043aa5c	510
Name: YontooIEClient.dll MD5: d844fbc9f172cd0c1768d186e043aa5c Size: 197.92 KB (197920 bytes) Detections: 510 Type: Dynamic link library Path: E:\Archivos de programa\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: October 1, 2022
12.	YontooDesktop.exe	b67c31c0e28830be1f2e564ef684a138	494
Name: YontooDesktop.exe MD5: b67c31c0e28830be1f2e564ef684a138 Size: 42.78 KB (42784 bytes) Detections: 494 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: April 18, 2013
13.	cst.exe	ab0f942b8a465c2e4399167537bccd7f	313
Name: cst.exe MD5: ab0f942b8a465c2e4399167537bccd7f Size: 13.31 KB (13312 bytes) Detections: 313 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Yontoo\dat\cst.exe Group: Malware file Last Updated: April 13, 2024
14.	YontooIEClient.dll	46508b5d8022ad77aa8e40af953afeac	180
Name: YontooIEClient.dll MD5: 46508b5d8022ad77aa8e40af953afeac Size: 197.92 KB (197920 bytes) Detections: 180 Type: Dynamic link library Path: %PROGRAMFILES%\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: January 17, 2024
15.	YontooIEClient.dll	5677a8d244739d5ad46691c7ace29280	127
Name: YontooIEClient.dll MD5: 5677a8d244739d5ad46691c7ace29280 Size: 197.92 KB (197920 bytes) Detections: 127 Type: Dynamic link library Path: C:\$Recycle.Bin\S-1-5-21-3015829596-1507154211-1980195923-1001\$RJ083FD\YontooIEClient.dll Group: Malware file Last Updated: March 10, 2023
16.	YontooIEClient.dll	2b600176b6eeef08e4b1b3c2b8af2cca	119
Name: YontooIEClient.dll MD5: 2b600176b6eeef08e4b1b3c2b8af2cca Size: 197.92 KB (197920 bytes) Detections: 119 Type: Dynamic link library Path: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: January 12, 2023
17.	YontooIEClient.dll	b62bb92a140919821a9e427b0c93b8fc	87
Name: YontooIEClient.dll MD5: b62bb92a140919821a9e427b0c93b8fc Size: 197.92 KB (197920 bytes) Detections: 87 Type: Dynamic link library Path: C:\Program Files\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: November 24, 2023
18.	YontooIEClient.dll	65ac938ce467044f81fdd500a3e254f0	75
Name: YontooIEClient.dll MD5: 65ac938ce467044f81fdd500a3e254f0 Size: 197.92 KB (197920 bytes) Detections: 75 Type: Dynamic link library Path: D:\Backup 2108 Otavio\Arquivos de programas\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: November 14, 2022
19.	YontooIEClient.dll	9241e20ee71996cafe7dbb529b5179e1	56
Name: YontooIEClient.dll MD5: 9241e20ee71996cafe7dbb529b5179e1 Size: 198.07 KB (198072 bytes) Detections: 56 Type: Dynamic link library Path: C:\Program Files\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: January 18, 2024
20.	A0040407.dll	ad10098a08295681b234432d33c90d64	50
Name: A0040407.dll MD5: ad10098a08295681b234432d33c90d64 Size: 197.92 KB (197920 bytes) Detections: 50 Type: Dynamic link library Path: C:\System Volume Information\_restore{2BA859FF-70DD-40A6-A0A8-E7556ECFC096}\RP534\A0040407.dll Group: Malware file Last Updated: May 30, 2021
21.	YontooIEClient.dll	a73f6438b00f78eb54d41b38634125e1	41
Name: YontooIEClient.dll MD5: a73f6438b00f78eb54d41b38634125e1 Size: 197.92 KB (197920 bytes) Detections: 41 Type: Dynamic link library Path: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: October 2, 2021
22.	YontooIEClient.dll	f523b5f3410bb653c14afbc23b2415f6	38
Name: YontooIEClient.dll MD5: f523b5f3410bb653c14afbc23b2415f6 Size: 197.92 KB (197920 bytes) Detections: 38 Type: Dynamic link library Path: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: November 20, 2021
23.	YontooDesktop.exe	1c8317e85a2dcf1de39a07d95eb20afa	27
Name: YontooDesktop.exe MD5: 1c8317e85a2dcf1de39a07d95eb20afa Size: 42.78 KB (42784 bytes) Detections: 27 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: March 26, 2016
24.	YontooIEClient.dll	e0c4453dd0af16c93c50b203f4af2d5c	25
Name: YontooIEClient.dll MD5: e0c4453dd0af16c93c50b203f4af2d5c Size: 197.92 KB (197920 bytes) Detections: 25 Type: Dynamic link library Path: %PROGRAMFILES%\Yontoo Group: Malware file Last Updated: May 13, 2013
25.	YontooIEClient.dll	708d92e4c52ebcbf55e269babecf17ab	21
Name: YontooIEClient.dll MD5: 708d92e4c52ebcbf55e269babecf17ab Size: 198.07 KB (198072 bytes) Detections: 21 Type: Dynamic link library Path: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Group: Malware file Last Updated: March 27, 2021
26.	YontooUninstaller.exe	f473f6e32b773edee97950d2746fd088	19
Name: YontooUninstaller.exe MD5: f473f6e32b773edee97950d2746fd088 Size: 523.55 KB (523552 bytes) Detections: 19 Type: Executable File Path: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAD8VVY1 Group: Malware file Last Updated: April 1, 2020
27.	YontooIEClient.dll	bdb37117b2ac1ff1040fe1029c4ae186	14
Name: YontooIEClient.dll MD5: bdb37117b2ac1ff1040fe1029c4ae186 Size: 194.92 KB (194928 bytes) Detections: 14 Type: Dynamic link library Path: %PROGRAMFILES%\Yontoo Group: Malware file Last Updated: March 26, 2016
28.	YontooDesktop.exe	c5e6d05907b43cab3d6a7e4a4cf0043a	8
Name: YontooDesktop.exe MD5: c5e6d05907b43cab3d6a7e4a4cf0043a Size: 42.78 KB (42784 bytes) Detections: 8 Type: Executable File Path: %APPDATA%\Yontoo Group: Malware file Last Updated: March 26, 2016
29.	OptChrome.exe
Name: OptChrome.exe Type: Executable File Group: Malware file
30.	%CommonAppData%\Yontoo Layers\YontooIEClient.dll
Name: %CommonAppData%\Yontoo Layers\YontooIEClient.dll Type: Dynamic link library Group: Malware file
31.	%CommonAppData%\Temp\YontooTix2700750.log
Name: %CommonAppData%\Temp\YontooTix2700750.log Group: Malware file
32.	%Temp%\YontooSetup-Silent.exe
Name: %Temp%\YontooSetup-Silent.exe Type: Executable File Group: Malware file
33.	%Temp%\YontooIEClient.dll
Name: %Temp%\YontooIEClient.dll Type: Dynamic link library Group: Malware file
34.	%Temp%\YontooFFClient.xpi
Name: %Temp%\YontooFFClient.xpi Group: Malware file
35.	%Temp%\YontooLayers.crx
Name: %Temp%\YontooLayers.crx Group: Malware file
36.	%Temp%\YontooLayers.pem
Name: %Temp%\YontooLayers.pem Group: Malware file
37.	%ProgramFiles%\Yontoo Layers Runtime\YontooIEClient.dll
Name: %ProgramFiles%\Yontoo Layers Runtime\YontooIEClient.dll Type: Dynamic link library Group: Malware file

More files

Registry Details

Yontoo Layers may create the following registry entry or registry entries:

CLSID

{1AD27395-1659-4DFF-A319-2CFA243861A5}

{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

{99066096-8989-4612-841F-621A01D54AD7}

{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

{D372567D-67C1-4B29-B3F0-159B52B3E967}

{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

{FE9271F2-6EFD-44b0-A826-84C829536E93}

HKEY..\..\{CLSID Path}

{1AD27395-1659-4DFF-A319-2CFA243861A5}

Regexp file mask

%TEMP%\YontooFFClient.xpi

%TEMP%\YontooIEClient.dll

%TEMP%\YontooLayers.crx

%TEMP%\YontooSetup-Silent.exe

HKEY..\..\{Value}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\"Default" = "YontooIEClient"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL\"AppID" = "{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{A8F0AD53-1AEE-447E-89CD-71C325796F84}\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"Default" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"Default" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"Default" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{FC1DD4E4-688F-4E9B-BAE5-BFB6A956AE51}\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}"Default" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"Default" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"Default" = "1"

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\YontooIEClient.DLL

SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL

Software\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

SOFTWARE\Classes\YontooIEClient.Api

SOFTWARE\Classes\YontooIEClient.Api.1

SOFTWARE\Classes\YontooIEClient.Layers

SOFTWARE\Classes\YontooIEClient.Layers.1

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL

SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-0B90_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-0B90_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0CC4_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0CC4_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

SOFTWARE\Wow6432Node\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

SYSTEM\ControlSet001\services\Yontoo Desktop Updater

SYSTEM\ControlSet002\services\Yontoo Desktop Updater

SYSTEM\CurrentControlSet\services\Yontoo Desktop Updater

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Directories

Yontoo Layers may create the following directory or directories:

%ALLUSERSPROFILE%\9466af57-1f38-4973-ab1c-22f7e17e2d6a

%ALLUSERSPROFILE%\Application Data\9466af57-1f38-4973-ab1c-22f7e17e2d6a

%ALLUSERSPROFILE%\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

%ALLUSERSPROFILE%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

%APPDATA%\Yontoo

%PROGRAMFILES(x86)%\Yontoo

%PROGRAMFILES(x86)%\Yontoo Layers Runtime

%ProgramFiles%\Yontoo

%ProgramFiles%\Yontoo Layers Runtime

%ProgramFiles(x86)%\Yontoo Layers

%TEMP%\YontooLayers

URLs

Yontoo Layers may call the following URLs:

yontoo.com

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Yontoo Layers

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Yontoo Layers

File System Details

Registry Details

Directories

URLs

Submit Comment

Trending

Pacmoon Airdrop Scam

Hupdex Crypto Scam

Capcheck.co.in

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?