YunPanSer
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 1 |
| First Seen: | July 31, 2017 |
| Last Seen: | August 8, 2019 |
| OS(es) Affected: | Windows |
The YunPanSer software is a product aimed at Chinese-speaking users that like to use Hao123.com as their homepage. The Hao123.com is owned and managed by Baidu, Inc., which is the Chinese alternative to Google, Bing and Yandex. The YunPanSer software is not published by a trusted software publisher. There is no data on who wrote the program. YunPanSer is a desktop app that may alter the user's shortcuts for Mozilla Firefox, Google Chrome and Internet Explorer. The YunPanSer program performs the following alterations:
- The shortcut command for Chrome:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
is modified - So that it looks like this:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://hao549.com/?r=y&m8
Your links for Firefox and IE may be modified in a similar fashion, which enables YunPanSer to reroute users via hxxp://hao549.com/?r=y&m8 to Hao123.com. The redirect may not take more than a second, but that is all the time needed for the owner of Hao549.com to claim ad revenue from Hao123.com. The Hao123.com portal is similar to the Microsoft's Msn.com and Russia's Mail.ru regarding features and integrated third parties. Hao123.com is a legitimate site, which is developed by Baidu that look to solidify their dominance in China and may use a partner network to remain competitive in the search business. Software developers that seek to take advantage of the partner program by Baidu and make a profit might use a browser hijacker like YunPanSer to automate browser redirects to Hao123.com. The YunPanSer browser hijacker may travel under the name 'ZhongZiSer2' as well and run as 'YunPanSer.exe' on compromised devices. The files related to YunPanSer lack a valid digital signature and might be found in 'C:\Program Files (x86)\YunPanSer.' Computer security researchers advise against attempts to remove the YunPanSer browser hijacker manually. The app may re-install itself on the next system reboot, and it is better to handle the removal process with a trusted anti-malware instrument. AV scanners might flag the objects associated with YunPanSer and Hao549.com as:
- Adware.Generic.1701101
- GrayWare[AdWare:not-a-virus]/Win32.Agent
- Malware.Undefined!8.C
- Riskware ( 0040eff71 )
- TROJ_GE.54CC52B5
- Trojan.Win32.HomeGuard.eqkojq
- Win32.Application.Agent.AS3QCL
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.