home

Yontoo LLC

Publisher Information

Yontoo LLC is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. Yontoo is a publisher and distributor of adware type applications and a subsidiary of Sambreel LLC run by Arie Trouw. Most software is supported by various types of advertising, including but not limited to search, banner, inline text and transitional ads. In addition, most browser extensions will modify certain browser and search engine settings thta might lower the security of a user's PC. (http://www.yontoo.com/TermsOfService.aspx) Thre are 3 additional code signing certificates issued to this publisher.
Authority:
GoDaddy.com, Inc.

Valid from:
5/9/2011 3:10:37 PM

Valid to:
5/9/2012 3:10:37 PM

Subject:
CN=Yontoo LLC, O=Yontoo LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07e1f9ebccc1ac

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.BHO.Yontoo.O, PUP.Installer.Yontoo.S, PUP.BHO.Yontoo.Q, PUP.Yontoo.O, PUP.Installer.Yontoo.L, PUP.Installer.Yontoo.d, PUP.Yontoo (M), PUP.Yontoo.Installer (M)
100.00%

VIPRE Antivirus
Yontoo
80.00%

Comodo Security
Application.Win32.Yontoo.a, ApplicUnwnt.Win32.AdWare.Yontoo.~, UnclassifiedMalware, Heur.Suspicious
78.00%

Dr.Web
Adware.Siggen.24249, Adware.Plugin.11, Adware.Plugin.8
78.00%

ESET NOD32
Win32/Adware.Yontoo (variant)
74.00%

Baidu Antivirus
AdWare.Win32.Yontoo, Adware.Win32.Yontoo, Trojan.Adware.Win32.Yontoo
64.00%

Avira AntiVirus
SPR/Tool.196384, ADWARE/Yontoo.Gen, Adware/BHO.K.1, SPR/Tool.195872, Adware/Yontoo.E.1, Adware/Yontoo.A.9, Adware/Yontoo.A.14
60.00%

Trend Micro House Call
TROJ_GEN.RC1H1KN, ADW_YONTOO, TROJ_GEN.R0CBH05BB14, TROJ_GEN.R3OH1DR, TROJ_GEN.RC1H1BQ, TROJ_GEN.R0C1C0OGC13, TROJ_GEN.R0C1H05AO15
60.00%

IKARUS anti.virus
AdWare.Yontoo, not-a-virus:AdWare.Win32.WebCake, Win32.SuspectCrc
52.00%

Boost by Reason
Optional.BHO.Yontoo.O, Optional.Yontoo.S, Optional.BHO.Yontoo.Q, Optional.Yontoo.O, Optional.Yontoo.L
44.00%

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (261e793224dfa7fe6b2ac9ffebc83050)

1 / 68      (Adware)
yontoosetup.exe (Yontoo Layers Runtime by Yontoo)  (f41e8f64271ba5cefbdaf2db4a532305)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (49ede4fcf6541f83c5f753d1bf30c982)

1 / 68      (Adware)
yontoosetup.exe (Yontoo by Yontoo)  (5daadd9b3115e17afca632e699c5a085)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (d2fa9d53021005e79d759e6d98e9107c)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (4b5f37729873eb2cf51f88d1cb412759)

1 / 68      (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (25cc5a62033c821cf21a92ff91f97ffd)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (412623e6cb4e5a9c1e441839b2166963)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (33b11839c9d971ec28763c94a11dcb0d)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (e805f2114c1b17706d31d975e23cb769)

1 / 68      (Adware)
yontoosetup.exe (Yontoo Layers Runtime by Yontoo)  (f0da173e0226c61d128b51cb8a6e6f0b)

1 / 68      (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (84d8a268c7916229d66e2e7ebdc188ff)

1 / 68      (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (d53ba69317cd6e14880b8371d50d15c3)

28 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (30d984c267c7ce0b8aa584891212034f)

16 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (933472e11ff53823c9d09767d139aefa)

21 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (20494f0692e46461414c5bf83f549816)

28 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (17b19acf362fc69a8a7d136afd11f827)

27 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (25e14da0ce3be8746b60d2c95f0b08e5)

16 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (6e864757e2b45d0401156d6ca048ad84)

21 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (a160c20755f5c0d64e336c0b202bc3f9)

15 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (d853c5d25c93b0de9f975734f8a9ca4e)

25 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (7502705b21df8ac9ec045790f9ffba3c)

22 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (4ef28b83561ad042b7e8a7b5d0f07a50)

25 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (6ad87a73e087d0c10de77f4e80b337bf)

8 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime (Drop Down Deals) by Yontoo)  (d7130d8ee3c6f004a62fbca00f15deca)

24 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (9419b23cda42a530266eddd118743296)

6 / 68      (Adware)
YontooIEClient.dll (Yontoo Layers Runtime (Drop Down Deals) by Yontoo)  (a089271e23086b675bc19a96f40b9b12)

19 / 68    (Adware)
YontooIEClient.dll (Yontoo Layers Runtime by Yontoo)  (fd05b3fcabf42ca72f7f166a6e0c62c7)

10 / 68    (Adware)
yontoosetup-silent-pagerage_branded.exe (Yontoo Layers Runtime (PageRage) by Yontoo)  (d2c2141a6029b167cedcc9d7bb930a82)

15 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (2ed047ddb898ac3113f5c9d825a1de5c)

 
Latest 30 of 57 files

Top-level domains owned by Yontoo LLC.

yontoo.com

luckyleap.net

amasvc.com

dropdowndeals.com

jeetyetmedia.com

jumpflip.net

webconnect.co

outobox.net

browsefox.com

whilokii.net

browsesmart.net

lemurleap.info

divapton.biz

secretsauce.biz

betterbrowse.net

greygray.biz

diamondata.net

glindorus.net

websparkle.biz

kozaka.net

clingclang.biz

serialtrunc.com

batbrowse.com

pagerage.com

facebooklayouts.com

buzzdock.com

surftastic.net

myfindright.com

lookinglink.info

viewplay.net

30 of 37 domains

The certificates below are also signed by Yontoo LLC.

3AED60574343204F777D640FE767E84C  (Jan 03, 2014 to Feb 02, 2015)

4A49FB7E6B0BCF398A1ACF39EA80D982  (Oct 23, 2012 to Dec 23, 2013)

4F8617352536F013088C9B5533AA4440  (Dec 06, 2011 to Dec 06, 2012)

The following publishers (by Authenticode signature organization name) are related.

sterkly LLC

Web Cake

lucky leap

SaltarSmart

secretsauce

GreyGray

diamondata

LemurLeap

BatBrowse

Browse Fox

glindorus

Browsebeyond

outobox

Whilokii

Spring Smart

Cling Clang

kasimos

Storimbo

LinkiDoo

linkswift

DiVapton

Webfuii

WebSparkle

Kozaka

SquirrelWeb

RightSurf

SerialTrunc

EnhanceTronic

lookinglink

AdvanceMark

30 of 63 publishers

* Note, the details and description above are based on the code signing digital signature issued to Yontoo LLC by GoDaddy.com, Inc. on May 09, 2011 with the serial number '07e1f9ebccc1ac'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.