Yontoo LLC

Publisher Information

Yontoo LLC is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. Yontoo is a publisher and distributor of adware type applications and a subsidiary of Sambreel LLC run by Arie Trouw. Most software is supported by various types of advertising, including but not limited to search, banner, inline text and transitional ads. In addition, most browser extensions will modify certain browser and search engine settings thta might lower the security of a user's PC. (http://www.yontoo.com/TermsOfService.aspx) Thre are 3 additional code signing certificates issued to this publisher.
Remove Yontoo LLC Malware - Powered by Reason Core Security
Authority:
VeriSign, Inc.

Valid from:
10/24/2012 2:00:00 AM

Valid to:
12/24/2013 12:59:59 AM

Subject:
CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4a49fb7e6b0bcf398a1acf39ea80d982

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo (M)
100.00%

VIPRE Antivirus
Yontoo
96.00%

AVG
Adware AdInject.Yontoo, Win.Threat.Medium
96.00%

McAfee
Artemis!9C43086DB4E9, Artemis!D0BE8D460674, Artemis!9849BF4F530D, Artemis!2237959FA760, Artemis!5CA1D935D6BD, Artemis!3BD56B625D71
94.00%

Trend Micro House Call
TROJ_GEN.F47V0610, TROJ_SPNV.03JC13, TROJ_GEN.F47V0623, TROJ_GEN.R047H05CA15, TROJ_GEN.F47V0419, TROJ_GEN.F47V0608
94.00%

McAfee Web Gateway
Artemis!9C43086DB4E9, Artemis!2237959FA760, Artemis!PUP, Artemis!6850B1199FA3
94.00%

Dr.Web
Adware.Yontoo.78, Adware.Plugin.172
84.00%

Bkav FE
W32.HfsAdware, W32.Clodda0.Trojan
66.00%

Trend Micro
TROJ_SPNV.03JC13, TROJ_SPNV.03J713, TROJ_GEN.R047C0OGN15
58.00%

Microsoft Security Essentials
Adware:MSIL/Yontoo
36.00%

8 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (f20fea23241b95d25ba82a6f986b4e00)

8 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (b67cc446da1a08a5056b50fd9de98b91)

10 / 68    (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (aa50b577f27a4d13add92856fdf69375)

8 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (0a7bff7e9774460763edf5d0ba38d7f0)

6 / 68      (Adware)
phoenix.dat (Y2Desktop.Phoenix by Microsoft)  (05b84461e54d1b4bda10a09e8106a052)

10 / 68    (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (c14e6c708148716d87a3bdb936709464)

8 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (3f07d0d3e2556c9217093fd68e06131f)

8 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (84cd777314ef992179728d20075c3e56)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (c7f336bf9e38a763598b7df3222975a2)

10 / 68    (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (3477293fe8ae5c11b8fc433120b44b57)

8 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (072811feaf788ce5effa3929065dbf11)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (72dde8b30a1d0e7a042977f5933447cc)

1 / 68      (Adware)
dibs.dat (Y2Desktop.DIBS by Microsoft)  (ff659e662740c83fc16ae85fdf3bce1b)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (5bfd3059ccf29ea58ce3151e0d29046e)

6 / 68      (Adware)
phoenix.dat (Y2Desktop.Phoenix by Microsoft)  (d101f4ed15a958317750fc794ad5a43d)

10 / 68    (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (b659dad70e461d76bfd18838ed2996cc)

1 / 68      (Adware)
heartbeat.dat.mal (Y2Desktop.HeartbeatPlugin by Yontoo)  (4b9b0c44be4a2a5fcf56e2ec9a52fc8b)

6 / 68      (Adware)
phoenix.dat (Y2Desktop.Phoenix by Microsoft)  (413cb573445fa9b693652fe9e3e84445)

8 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (10a2f55fb4af3c81887d7faaf5f76729)

8 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (9364b97addcf99085608aee0996c5fc9)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (918e12731c0e244c02e1f17cfd6eba47)

8 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (c51f2ffe066497bc608a561e718d5e7c)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (5c5106dc37b0a8a612676403d228faa5)

10 / 68    (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (e5f8dcf8ba7eef46ba21d22c405edf1f)

3 / 68      (Adware)
Desktop.OS.dll (Yontoo Desktop by Yontoo)  (5b3bcd90a6713306cbe7738f6590065a)

10 / 68    (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (d6979c120dccfcb1e92d6edd23b1e607)

8 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (741674f0a74f0af47cc5eb0d34af839f)

10 / 68    (Adware)
Desktop.OS.dll (Desktop)  (adc34a72d10ed8558653793fb56ad250)

36 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (9b8975135d72771b90ca353c8b4f8554)

10 / 68    (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (b5869bb5132ea88cbbf38524a3d0070b)

 
Latest 30 of 257 files

Top-level domains owned by Yontoo LLC.

30 of 37 domains

The certificates below are also signed by Yontoo LLC.

3AED60574343204F777D640FE767E84C  (Jan 03, 2014 to Feb 02, 2015)

4F8617352536F013088C9B5533AA4440  (Dec 06, 2011 to Dec 06, 2012)

07E1F9EBCCC1AC  (May 09, 2011 to May 09, 2012)

The following publishers (by Authenticode signature organization name) are related.

30 of 63 publishers

Remove Yontoo LLC Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Yontoo LLC by VeriSign, Inc. on October 24, 2012 with the serial number '4a49fb7e6b0bcf398a1acf39ea80d982'.