Yontoo LLC

Publisher Information

Yontoo LLC is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. Yontoo is a publisher and distributor of adware type applications and a subsidiary of Sambreel LLC run by Arie Trouw. Most software is supported by various types of advertising, including but not limited to search, banner, inline text and transitional ads. In addition, most browser extensions will modify certain browser and search engine settings thta might lower the security of a user's PC. (http://www.yontoo.com/TermsOfService.aspx) Thre are 3 additional code signing certificates issued to this publisher.
Remove Yontoo LLC Malware - Powered by Reason Core Security
VeriSign, Inc.

Valid from:
12/6/2011 7:00:00 PM

Valid to:
12/6/2012 6:59:59 PM

CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

Scanner detections:
Detections  (100% detected)

Scan engine

Comodo Security
UnclassifiedMalware, Application.Win32.Yontoo.a, Heur.Suspicious

Adware.Siggen.24249, Adware.Plugin.11

VIPRE Antivirus

Reason Heuristics
PUP.Installer.Yontoo.N, PUP.BHO.Yontoo.O, PUP.Yontoo.O, PUP.Installer.Yontoo.S, PUP.Installer.Yontoo.K, Threat.Yontoo.Installer, PUP.Yontoo (M), PUP.Yontoo.Installer (M)

NANO AntiVirus
Trojan.Win32.Siggen.bkcmvz, Trojan.Win32.Siggen.cocwct, Trojan.Html.Plugin.bopldg, Trojan.Win32.Siggen.bjpwsz

IKARUS anti.virus
AdWare.Yontoo, not-a-virus:AdWare.Win32.WebCake, AdWare.WebCake, Win32.SuspectCrc

Agnitum Outpost
Adware.Yontoo, Adware.WebCake

Baidu Antivirus
AdWare.Win32.Yontoo, Adware.Win32.WebCake, Adware.Win32.Yontoo, Trojan.Win32.Adware

Rising Antivirus
Trojan.InstallRex!562A, Trojan.Win32.Generic.137177DE, PE:Trojan.Win32.Generic.13C7F85B!331872347

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud), Win32.Troj.WebCake.a.(kcloud), Win32.Troj.Generic.a.(kcloud)

1 / 68      (Adware)
yontoosetup-s.exe  (5bcf641f2f60b247a049ad99ebd0e25b)

33 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (bdb37117b2ac1ff1040fe1029c4ae186)

34 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (446ac8eccbafb6bc3f7aae1177e2eee7)

14 / 68    (Adware)
7935b88.tmp (Yontoo by Yontoo)  (1f2fefa587dd459de6ffed59312695e7)

32 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (cae7f79dfab8d6c510211ed6b61336cb)

7 / 68      (Adware)
793a8c8.tmp (Yontoo by Yontoo)  (f101713f5c2604b99d2b244c50a54ed5)

11 / 68    (Adware)
793485a.tmp (Yontoo by Yontoo)  (3a410888de3f72d7d5be4ff073df6c94)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (a0fdbcb6fd84031ea08991e001a76e31)

15 / 68    (Adware)
793f35a.tmp (Yontoo by Yontoo)  (5d4ea25746448a8f75b57816569b24e7)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (c98b53550f2e0d737261cf4411587bab)

13 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (8398a8fdf7d0018b714f164642984026)

48 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (9a4e4b0cabf9ee31ad0654c9320b0e13)

32 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (1e61f76d5e3e8ca05693d4c2934f155f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (d1f09d40e5d1f24e4ccc54c9a606c2dc)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (48b5ffcf041969b12ec69795dfbdb547)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (30aca17fa9dc787d6430e1146bacee2a)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (c747d87c488d577a38bf65d89d6268e2)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (c747d87c488d577a38bf65d89d6268e2)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (e8f0c3af81a302e9e1580f851ad84c5f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (e17c7784609cffe44e95cd97058de707)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (4bf437cddf8c692738cfa413231c9b3c)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (cb52d0e329365b103f0b7c3b75cfa3af)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (abd9b86eada05955cd1a82ae70de4fd4)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (ae7e0c99c5bc7d28325c0cd7885c851f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (05586f1f292d99de1f5f2861c1ec16fa)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (81f9b006ebbc98b1eb1506aa69e896c4)

Downloads URLs for files signed by Yontoo LLC.

15 / 68    (Adware)
http://dl.kbm2.com/download/.../20120816.exe  (5d4ea25746448a8f75b57816569b24e7)

Top-level domains owned by Yontoo LLC.

30 of 37 domains

The following websites host and distribute files published by Yontoo LLC.

The certificates below are also signed by Yontoo LLC.

3AED60574343204F777D640FE767E84C  (Jan 03, 2014 to Feb 02, 2015)

4A49FB7E6B0BCF398A1ACF39EA80D982  (Oct 23, 2012 to Dec 23, 2013)

07E1F9EBCCC1AC  (May 09, 2011 to May 09, 2012)

The following publishers (by Authenticode signature organization name) are related.

30 of 65 publishers

Remove Yontoo LLC Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Yontoo LLC by VeriSign, Inc. on December 06, 2011 with the serial number '4f8617352536f013088c9b5533aa4440'.