Yontoo LLC

Publisher Information

Yontoo LLC is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. Yontoo is a publisher and distributor of adware type applications and a subsidiary of Sambreel LLC run by Arie Trouw. Most software is supported by various types of advertising, including but not limited to search, banner, inline text and transitional ads. In addition, most browser extensions will modify certain browser and search engine settings thta might lower the security of a user's PC. (http://www.yontoo.com/TermsOfService.aspx) Thre are 3 additional code signing certificates issued to this publisher.
Remove Yontoo LLC Malware - Powered by Reason Core Security
Authority:
VeriSign, Inc.

Valid from:
12/6/2011 7:00:00 PM

Valid to:
12/6/2012 6:59:59 PM

Subject:
CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4f8617352536f013088c9b5533aa4440

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Comodo Security
UnclassifiedMalware, Application.Win32.Yontoo.a, Heur.Suspicious
100.00%

Dr.Web
Adware.Siggen.24249, Adware.Plugin.11
100.00%

VIPRE Antivirus
Yontoo
100.00%

Reason Heuristics
PUP.Installer.Yontoo.N, PUP.BHO.Yontoo.O, PUP.Yontoo.O, PUP.Installer.Yontoo.S, PUP.Installer.Yontoo.K, Threat.Yontoo.Installer, PUP.Yontoo (M), PUP.Yontoo.Installer (M)
100.00%

NANO AntiVirus
Trojan.Win32.Siggen.bkcmvz, Trojan.Win32.Siggen.cocwct, Trojan.Html.Plugin.bopldg, Trojan.Win32.Siggen.bjpwsz
96.15%

IKARUS anti.virus
AdWare.Yontoo, not-a-virus:AdWare.Win32.WebCake, AdWare.WebCake, Win32.SuspectCrc
92.31%

Agnitum Outpost
Adware.Yontoo, Adware.WebCake
88.46%

Baidu Antivirus
AdWare.Win32.Yontoo, Adware.Win32.WebCake, Adware.Win32.Yontoo, Trojan.Win32.Adware
88.46%

Rising Antivirus
Trojan.InstallRex!562A, Trojan.Win32.Generic.137177DE, PE:Trojan.Win32.Generic.13C7F85B!331872347
84.62%

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud), Win32.Troj.WebCake.a.(kcloud), Win32.Troj.Generic.a.(kcloud)
84.62%

1 / 68      (Adware)
yontoosetup-s.exe  (5bcf641f2f60b247a049ad99ebd0e25b)

33 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (bdb37117b2ac1ff1040fe1029c4ae186)

34 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (446ac8eccbafb6bc3f7aae1177e2eee7)

14 / 68    (Adware)
7935b88.tmp (Yontoo by Yontoo)  (1f2fefa587dd459de6ffed59312695e7)

32 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (cae7f79dfab8d6c510211ed6b61336cb)

7 / 68      (Adware)
793a8c8.tmp (Yontoo by Yontoo)  (f101713f5c2604b99d2b244c50a54ed5)

11 / 68    (Adware)
793485a.tmp (Yontoo by Yontoo)  (3a410888de3f72d7d5be4ff073df6c94)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (a0fdbcb6fd84031ea08991e001a76e31)

15 / 68    (Adware)
793f35a.tmp (Yontoo by Yontoo)  (5d4ea25746448a8f75b57816569b24e7)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (c98b53550f2e0d737261cf4411587bab)

13 / 68    (Adware)
yontoosetup-silent.exe (Yontoo by Yontoo)  (8398a8fdf7d0018b714f164642984026)

48 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (9a4e4b0cabf9ee31ad0654c9320b0e13)

32 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (1e61f76d5e3e8ca05693d4c2934f155f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (d1f09d40e5d1f24e4ccc54c9a606c2dc)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (48b5ffcf041969b12ec69795dfbdb547)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (30aca17fa9dc787d6430e1146bacee2a)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (c747d87c488d577a38bf65d89d6268e2)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (c747d87c488d577a38bf65d89d6268e2)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (e8f0c3af81a302e9e1580f851ad84c5f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (e17c7784609cffe44e95cd97058de707)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (4bf437cddf8c692738cfa413231c9b3c)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (cb52d0e329365b103f0b7c3b75cfa3af)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (abd9b86eada05955cd1a82ae70de4fd4)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (ae7e0c99c5bc7d28325c0cd7885c851f)

31 / 68    (Adware)
YontooIEClient.dll (Yontoo Runtime by Yontoo)  (05586f1f292d99de1f5f2861c1ec16fa)

18 / 68    (Adware)
yontoosetup-s.exe (Yontoo by Yontoo)  (81f9b006ebbc98b1eb1506aa69e896c4)

Downloads URLs for files signed by Yontoo LLC.

15 / 68    (Adware)
http://dl.kbm2.com/download/.../20120816.exe  (5d4ea25746448a8f75b57816569b24e7)

Top-level domains owned by Yontoo LLC.

30 of 37 domains

The following websites host and distribute files published by Yontoo LLC.

The certificates below are also signed by Yontoo LLC.

3AED60574343204F777D640FE767E84C  (Jan 03, 2014 to Feb 02, 2015)

4A49FB7E6B0BCF398A1ACF39EA80D982  (Oct 23, 2012 to Dec 23, 2013)

07E1F9EBCCC1AC  (May 09, 2011 to May 09, 2012)

The following publishers (by Authenticode signature organization name) are related.

30 of 65 publishers

Remove Yontoo LLC Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Yontoo LLC by VeriSign, Inc. on December 06, 2011 with the serial number '4f8617352536f013088c9b5533aa4440'.