(The quickest way to register)

Forum

  1. User picture
    • SuperHero58 on Mon 30 Jan 2012
    • 08:38:16 PM UTC

    yontoo !

    From the scan of one of my AV I got this spyware or adware
    I will like to remove it , but I am having a bit of a problem so any help will be appreciated
    But what truly have me curious about this critter , is how did I get to begin with as there was not detection at all from the firewall
    Is possible to get it from a rented movie ?
    Yesterday I rented this movie from one of those redboxes which are located in 24 / 7 places [ this was the first time I used their services ] I could not find the stuff to connect the DVD player , so I played it in my computer , I remember having to listen to quite a lot of adds from Sony about future movies , but outside that , there was not problems
    I saw only half the movie , as I was running out of time and I decided to return it to that box , with the idea of renting it some other day
    Before this I did not have any virus , so I believe that it was the movie or am I am mistaking ?
    Any thoughts about this will be appreciated including how get rid off this virus Thanks you !

Comments:

  2. User picture
    • MysteryFCM on Mon 30 Jan 2012
    • 08:39:45 PM UTC

    RE: yontoo !

    It's likely it was bundled with whatever it was told to play the movie with

    Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net

  3. User picture
    • g7w on Mon 30 Jan 2012
    • 09:07:21 PM UTC

    RE: yontoo !

    http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll.html

    BHO - Browser Helper Object (add-on / extension)
    Installed without user consent, overlays advertisements on web pages.

    VT shows 1/42
    I UL'ed a sample to Avira - they are not aware of this software, hence the reason no results on VT analysis; albeit many AV vendors do not have a sample, people should submit one to their AV for clarification (threat / not a threat)..

    SA approves the downloads available; re: http://wwwsiteadvisor.com/sites/yontoo.com
    hences the McAfee Secure - https    ://www.mcafeesecure.com/RatingVerify?ref=www.yontoo.com

    the privacy policies clearly state:
    1] the applications are adware
    2] the applications are used to track users browsing habits through the use of cookies / pixels (web beacons) / "Adobe Flash technology" aka; LSO's

    apparently to remove via
    XP = control panel - add / remove programs
    Vista / Win 7 - Start button - Control panel - Programs - Programs and features - Uninstall

    *******

    38.96.49.103
    yontoo.com
    184.184.114.34
    download.yontoo.com
    service.yontoo.com
    emal
    MX points to Google
    ex: aspmx.l.google.com

    related:
    pagerage.com

    • http://forums.spybot.info/showthread.php?t=62640

    - VT = 1/42 results; sample UL'ed to Avira

    dropdowndeals.com
    - VT = 2/42; sample UL'ed to Avira

    ------- WOT Services Ltd. - gives us safety through Web of Trust. WOT Community - gives us security through unity. ∞

  4. User picture
    • leofelix on Mon 30 Jan 2012
    • 09:07:34 PM UTC

    RE: yontoo !

    http://www.emsisoft.com/en/malware/?Adware.Win32.Y...

    I agree with MysteryFCM

    go to control panel>add remove programs (or "Program and features" in Vista/7), look for any software (a toolbar probably) with similar name. Then uninstall it.

    I think that MalwareBytes' Antimalware free can easily remove this adware, however you may try to download Emsisoft Emergency Kit ( http://www.emsisoft.com/en/software/eek/ ) which is freeware and stand alone (no installation required, I mean).

    I am sorry, I cannot ask you to post a HiJackThis log for privacy reasons (everything would be easier, though)

    [edit] I didn't see g7w replied at the same time

    festina lente (hurry slowly)

  5. User picture
    • Jazspeak on Mon 30 Jan 2012
    • 09:11:39 PM UTC

    RE: yontoo !

    Originally posted by: g7w
    "remove via
    XP = control panel - add / remove programs
    Vista / Win 7 - Start button - Control panel - Programs - Programs and features - Uninstall    "

    Good to use CCleaner, or other registry editor / cleaner, to remove any associated registry entries after uninstall.

    ~Music is not just for the Masses~

  6. User picture
    • g7w on Mon 30 Jan 2012
    • 10:08:16 PM UTC

    RE: yontoo !

    Originally posted by: Jazspeak
    Good to use CCleaner, or other registry editor / cleaner, to remove any associated registry entries after uninstall.

    true
    or uninstall using Revo Uninstaller - revouninstaller.com

    ------- WOT Services Ltd. - gives us safety through Web of Trust. WOT Community - gives us security through unity. ∞

  7. User picture
    • SuperHero58 on Tue 31 Jan 2012
    • 12:06:47 AM UTC

    RE: yontoo !

    First and most important =
    To everyone who helped me , and all you did
    I want to thank you , the information was great and to the point
    There are two things that concern me , the fact that Lava-soft a AV I was going to remove , was the only one to detect it , not even Avira recognized the intruder , much less ms internal firewall - I am using ms 7 , with all their package , until I get my old XP based computer that blew a fan -
    The other , is that renting a movie can leave a virus in your computer and this is unacceptable
    I paid a fee to rent , who are these people to infect my computer ?
    This is unethical and criminal , something have to give
    I played by the rules and they leave an ad-ware , like crackers robbing my private information , this is not right and something must be done about it , and soon
    I do not see how in the world , these companies can teach morals , when they are doing the same thing that thieves do
    OK , I get off from the soapbox now !

    Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony.

    Morpheus, from The Matrix
  8. User picture
    • g7w on Tue 31 Jan 2012
    • 05:10:55 AM UTC

    RE: yontoo !

    the domains I referenced and their corresponding software are not a virus (threat), though they are adware / spyware which makes them PUPs
    re:McAfee white paper (Oct 2005) PDF (2.3MB) Potentially Unwanted Programs: Spyware and Adware

    I should have viewed the scorecards earlier :)
    previous forum discussion: yontoo.com

    ------- WOT Services Ltd. - gives us safety through Web of Trust. WOT Community - gives us security through unity. ∞

  9. User picture
    • @Anonymouse on Tue 31 Jan 2012
    • 05:11:18 AM UTC

    RE: yontoo !

    Originally posted by: SuperHero58
    Lava-soft

    A pretty useless Av better to have Microsoft security essential than lava-soft Av.
    You can try Eset Smart Security.

    If you believe my ratings are unfair, leave a board message to re review. You must ensure that issues are rectified which are mention in my comment. Otherwise you request would not be entertained. Keep up Good Work :)

  10. User picture
    • SuperHero58 on Tue 31 Jan 2012
    • 10:43:41 AM UTC

    RE: yontoo !

    @Anonymouse =
    Thanks and glad to see you again , my friend
    I agree with you , but it was the only one that detected it
    I will give Eset Smart Security a try
    Best wishes
  11. User picture
    • Jazspeak on Tue 31 Jan 2012
    • 11:17:59 AM UTC

    RE: yontoo !

    Originally posted by: SuperHero58
    "...it was the only one that detected it..."

    Probably because it has particularly aggressive default PUP scan heuristics.

    This sort of AV behaviour re PUP scanning means that it is important for a user to be familiar with the characteristics of any particular AV and adjust the heuristics according to personal tastes. For instance, I regard the conduit toolbars (such as used by ZoneAlarm) to be unwanted but most AVs will not pick up on a conduit toolbar unless the PUP scanner is set to a very high setting, which can then introduce more false-positives for other programs.

    BTW, there was mention of the program being uninstalled trying to access the Internet during removal. This is not necessarily unusual or malicious but is frequently just trying to open a questionnaire for you to let the company know why you want to uninstall the software. There is no obligation to complete such questionnaires.

    ~Music is not just for the Masses~

  12. User picture
    • nickp636 on Tue 31 Jan 2012
    • 06:20:01 PM UTC

    RE: yontoo !

    Originally posted by: SuperHero58
    First and most important =
    To everyone who helped me , and all you did
    I want to thank you , the information was great and to the point
    There are two things that concern me , the fact that Lava-soft a AV I was going to remove , was the only one to detect it , not even Avira recognized the intruder , much less ms internal firewall - I am using ms 7 , with all their package , until I get my old XP based computer that blew a fan -
    The other , is that renting a movie can leave a virus in your computer and this is unacceptable
    I paid a fee to rent , who are these people to infect my computer ?
    This is unethical and criminal , something have to give
    I played by the rules and they leave an ad-ware , like crackers robbing my private information , this is not right and something must be done about it , and soon
    I do not see how in the world , these companies can teach morals , when they are doing the same thing that thieves do
    OK , I get off from the soapbox now !

    Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony.

    Morpheus, from The Matrix

    Hello SuperHero58

    Let me start by saying I apologize for any frustration yontoo might have caused you. This is not our intention.here are instructions on how to uninstall. Go to the Windows Start Menu and then to Control Panel > Add/Remove ("Programs & Features" in Vista/Windows 7) and click "Remove" next to 'Yontoo'. This will delete all traces of Yontoo from your computer. All of this information can be found on http://www.yontoo.com/Support.aspx

    Yontoo was not installed through your redbox movie rental. If Yontoo is installed there is a very clear and easy to read installer that you must agree to and click through. Yontoo is widely used and popular amongst many users. We have a very high standard of compliance we abide by and for us to just show up on your computer is very strange. We care about our users experience and we do investigate matters like this. For any further questions or comments please go to http://www.yontoo.com/Support.aspx and tell us about it.

    By the way 1/42 detection rate on virustotal.com is not by accident we work very hard to keep our program up to par with the standards of all major antivirus companies. Again sorry for any headache this may have brought you SuperHero58 that was never our intentions.

    Best regards,
  13. User picture
    • leofelix on Wed 01 Feb 2012
    • 12:15:05 AM UTC

    RE: yontoo !

    Originally posted by: SuperHero58
    @Anonymouse =
    Thanks and glad to see you again , my friend
    I agree with you , but it was the only one that detected it
    I will give Eset Smart Security a try
    Best wishes

    Instead of replacing my antivirus of choice, I'd pay more attention when installing any program, by reading the EULA, deselecting any third party software during setup (preferably by choosing a custom setup) and I would add something like Winpatrol to prevent my browser to get hijacked and my system modified without my knowledge.

    Winpatrol is freeware for personal usage and it is also available in a Plus edition (Paid and very cheap).
    Winpatrol is a gem of software, in my opinion.

    I'd also upload to virustotal and threatexpert any software before installing it as you can never know.

    Moreover: I would not install Lavasoft Ad-Aware and Avira (or whatever antivirus) at the same time in the same personal computer.
    Lavasoft Ad-aware was once a popular antispyware, from Ad-aware Anniversary Edition on they added an antivirus engine and a basic real time protection even in the 'free' version.
    At the beginning Ad-aware AE included Avira engine, then they replaced it with VIPRE engine.

    Unfortunately ad-aware turned into a bloatware (a buggy memory eater, prone to false positive detections) from v 2007 on and from V 9.6 on they added a "toolbar".
    That's why Softpedia mark Ad-aware Internet Security "free" as "ad-supported"
    http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/Ad-Aware-2007.shtml


    Users are advised to pay attention while installing this ad-suported application:

    · Offers to download or install software or components (Ad-Aware Security Toolbar) that the program does not require to fully function

    On the contrary MalwareBytes' AntiMalware or SuperAntispyware have been designed to work along side the most of AV both in the free or paid editions and they have been never meant to replace a full antivirus

    by the way
    Winpatrol v 24.1.2012.0 has been just released
    WinPatrol alerts you to hijackings, malware attacks and critical changes made to your computer without your permission. As a multipurpose support utility, WinPatrol replaces multiple system utilities with its enhanced functionality. (from filehippo)

    http://www.winpatrol.com/download.html

    festina lente (hurry slowly)

  14. User picture
    • Myxt on Wed 01 Feb 2012
    • 07:43:21 AM UTC

    RE: yontoo !

    @SuperHero58

    It is best to have a suite of defenses such as firewall, antivirus, etc, protecting many attack vectors; but it is also important to use only one of each defense. Two or more AVs, or FWs, etc will interfere with each other and actually compromise security, and may cause system quirks and instability.

    To see what is good, check http://av-comparatives.org/ independent research.
  15. User picture
    • SuperHero58 on Wed 01 Feb 2012
    • 02:59:22 PM UTC

    RE: yontoo !

    @ leofelix =
    " Instead of replacing my antivirus of choice, I'd pay more attention when installing any program, by reading the EULA, deselecting any third party software during setup (preferably by choosing a custom setup) and I would add something like Winpatrol to prevent my browser to get hijacked and my system modified without my knowledge."
    With all due respect , to someone I greatly admire and look up to
    In my word of honor I did not see any EULA or opt in or opt out from a third party or add on , I played a movie in my computer and that was it ; anyone can a mistake of overlooking or not even read the terms , but this was not my case
    I feel victimized for being victimized
    I am grateful for everyone who helped me , but the price was too much
    Had I have a simple doubt of what took place , I would have kept my mouth shut to your good advice , but this is not the case I did what any user [ novice or advanced ] would do and played a rented movie in a legal way as it should be
    @ Myxt = Thank you for your advice and I agree with you totally , even if I learned it the hard way a long time ago
    I do appreciate it

    @ nickp636 = Thank you for your apology , though I do not agree with your statement

    "Yontoo was not installed through your redbox movie rental. If Yontoo is installed there is a very clear and easy to read installer that you must agree to and click through. Yontoo is widely used and popular amongst many users"
    It was installed through the movie I rented at Redbox and I did not see any installer to read and agree with to install in my computer and after looking at some forums , it seems that there are more users who dislike Yontoo than those who like them , you may want to do the research
    Having said this , I consider the whole incident closed
  16. User picture
    • leofelix on Wed 01 Feb 2012
    • 03:27:14 PM UTC

    RE: yontoo !

    @ SuperHero58

    In my word of honor I did not see any EULA

    "errare humanum est" (see : http://en.wikipedia.org/wiki/List_of_Latin_phrases... ) ;)

    It was installed through the movie I rented at Redbox

    Maybe you should disable autorun
    http://support.microsoft.com/kb/967715
    this should prevent software to be installed without user consent (and some malware to spread as a result) from external devices such as CD/DVD units and USB units
    Replacing an antivirus because of a missed detection is futile, in my opinion. Not to count that the more you install (security) software, the more your registry and your system directory will increase.

    I Hope it helps

    festina lente (hurry slowly)

  17. User picture
    • Jazspeak on Wed 01 Feb 2012
    • 04:38:08 PM UTC

    RE: yontoo !

    Originally posted by: leofelix
    "...disable autorun..."

    I would suggest looking at the BitDefender USB Immunizer which can also immunise the system drive. It is worth reading the blurb about autorun infections on that page.

    ~Music is not just for the Masses~

  18. User picture
    • SuperHero58 on Wed 01 Feb 2012
    • 07:44:48 PM UTC

    RE: yontoo !

    Originally posted by: leofelix
    @ SuperHero58

    In my word of honor I did not see any EULA

    "errare humanum est" (see : http://en.wikipedia.org/wiki/List_of_Latin_phrases... ) ;)

    It was installed through the movie I rented at Redbox

    Maybe you should disable autorun
    http://support.microsoft.com/kb/967715
    this should prevent software to be installed without user consent (and some malware to spread as a result) from external devices such as CD/DVD units and USB units
    Replacing an antivirus because of a missed detection is futile, in my opinion. Not to count that the more you install (security) software, the more your registry and your system directory will increase.

    I Hope it helps

    Errar es humano rectificar es de sabios , perdonar es divino !

    Spanish is based in Latin [ Castilian ] and this saying was a favorite of my mother
    But I feel like the condemned that was buried up to his neck , before releasing the lions
    And in desperation bit the testicles of one
    The people in the circus staring to scream and complaint , for it was unfair to the lions
    My point is that , I am grateful to everyone beyond words , but I did not create this problem and I wonder how many people have this ad ware or spyware w/o their knowledge
    Is this ethical ?
    I rather read a good book any time than watch any movie , but I choose to watch this movie in my PC , should not I be alerted to the fact that i may get a cookie or virus that I may not care about ?
    This is big deal and of hypocrisy from the entertainment world , and it had happened not too long ago

    http://en.wikipedia.org/wiki/Sony_BMG_copy_protect...

    I never heard of this add on , before I came to the forum I did not care before or after for it ; I do not use Face Book [ hate it ] but I got it nevertheless as I stated before without my approval and this is not right !

    I thank you for I know that I am talking to a wise man and is my hope that you do understand what I am trying to say

    I will be more observant next time

    Best wishes !

    Edit =

    @ Jazspeak =
    Thank you for bit defender and in particular Ixquick , once you mentioned Duck and is was fine , but this one is better for me
    I still miss Google but I could live without it
    Once more thank you
  19. User picture
    • @Anonymouse on Thu 02 Feb 2012
    • 07:27:44 AM UTC

    RE: yontoo !

    @Leo
    AutoPlay functionality in Windows was disabled by releasing a patch by MS.
    Anyone can download and update this through MS website See http://support.microsoft.com/kb/971029

    @Sh58
    Don't worry.
    As a common man we make several mistakes not a big deal.
    But if we learn from a mistake, we can avoid another same.
    So good to see that you have learnt something !

    Basically IMO having too much security can cause a reason of breach.
    My SS that i use on my personal system.
    Eset Smart Secuity.
    for financial transaction,browser privacy enabled, though no data stored.No add on.
    For general use mozila, chorme with Wot, ghostery, screen grab.

    My whole data pass through my Network proxy server which display real time data,Incoming/Outgoing both directions with a limit of maximum 2 MB outgoing allowed in a minute.

    Along with this setup have a common sense protect me from every problem.
    Always enabled option which displays me system protected files.
    For any new stuff rather than opening directly i use to play with cmd mode.

    @jaz
    After testing around 50+ Av i choose Bitdefender but was unable to hit at a good ratio then i replaced it with Eset.

    If you believe my ratings are unfair, leave a board message to re review. You must ensure that issues are rectified which are mention in my comment. Otherwise you request would not be entertained. Keep up Good Work :)

  20. User picture
    • Jazspeak on Thu 02 Feb 2012
    • 09:17:40 AM UTC

    RE: yontoo !

    Originally posted by: @Anonymouse
    "...i choose Bitdefender but..."

    I wouldn't use BitDefender AV, either. However, the USB Immunizer is not the same as their AV but is a free standalone product that is closer to the Floppy Disk Immunisation feature of the old Thunderbyte AV. The BitDefender USB Immunizer is not needed for post-XP operating systems because both Vista and Windows 7 are already protected against the autorun infections (although they can still pass on such infections via USB stick if the stick is not immunised).

    ~Music is not just for the Masses~