Yontoo LLC

Publisher Information

Yontoo LLC is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. Yontoo is a publisher and distributor of adware type applications and a subsidiary of Sambreel LLC run by Arie Trouw. Most software is supported by various types of advertising, including but not limited to search, banner, inline text and transitional ads. In addition, most browser extensions will modify certain browser and search engine settings thta might lower the security of a user's PC. (http://www.yontoo.com/TermsOfService.aspx) Thre are 3 additional code signing certificates issued to this publisher.
Authority:
VeriSign, Inc.

Valid from:
1/2/2014 7:00:00 PM

Valid to:
2/2/2015 6:59:59 PM

Subject:
CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3aed60574343204f777d640fe767e84c

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo.P, PUP.Yontoo.J, PUP.Installer.Yontoo.L, PUP.Yontoo.H, PUP.Yontoo.Q, PUP.Yontoo.M, PUP.Yontoo.R, PUP.Yontoo.K, PUP.Yontoo (M)
100.00%

VIPRE Antivirus
Yontoo, Threat.4734922
76.74%

Dr.Web
Adware.Plugin.172, Adware.Yontoo.78, Adware.Yontoo.78, Adware.Plugin.172
46.51%

McAfee
Artemis!9C43086DB4E9, Artemis!6E594BB9F15A, Artemis!5FD6D3CE5F1A, Artemis!5CA1D935D6BD
37.21%

Trend Micro House Call
TROJ_GEN.F47V0610, TROJ_GEN.F47V0609, TROJ_GEN.F47V0522, TROJ_GEN.R047H05CA15
37.21%

AVG
AdInject.Yontoo, Adware AdInject.Yontoo
32.56%

Bkav FE
W32.HfsAdware
13.95%

Trend Micro
TROJ_SPNV.03J713
9.30%

IKARUS anti.virus
PUA.Yontoo
4.65%

Kaspersky
not-a-virus:RiskTool.MSIL.Agent
2.33%

1 / 68      (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (9f85efe4589055370bc7062b743e73c6)

1 / 68      (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (d7fb8c47ab31fbd6bacb4ee971a47629)

1 / 68      (Adware)
dibs.dat (Y2Desktop.DIBS by Microsoft)  (8e11c7c2f7bc351a74325645ce9401fc)

1 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (a8d36ee0e9e740d8694645d2eb5fa2eb)

1 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (953482fc34e29284469ffcb7d103c28a)

1 / 68      (Adware)
dibs.dat (Y2Desktop.DIBS by Microsoft)  (6ed4c459482c65a4e0efb5d2a6a40099)

3 / 68      (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (844a86cedb45b6e20b3010093a0268f6)

2 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (35490d1c3483330895643a7fdbf14e48)

3 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (d62cda73e782be73909b1ce5d6c8bbdf)

8 / 68      (Adware)
Desktop.OS.dll (Desktop)  (7983aba173641b7a6338b2421d4814fe)

7 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (a8589b1bfdce15ffc0c845319873560c)

2 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (b346e986a011e8515785213cc2f5a115)

5 / 68      (Adware)
dibs.dat (Y2Desktop.DIBS by Microsoft)  (5681d0fea41f7f81d08a39b152bf617f)

1 / 68      (Adware)
dibs.dat (Y2Desktop.DIBS by Microsoft)  (c089c1cc633a7074ab79f804a3dae9d2)

3 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (4187692702bc2715652feefc56bfc47f)

7 / 68      (Adware)
Desktop.OS.Plugin.dll (Desktop.OS.Plugin)  (0c1d2ebe167567c0d10a630a7b0c9175)

8 / 68      (Adware)
Desktop.OS.dll (Desktop)  (57a83a189896ae2ca6ff9d1b959302f2)

1 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (0ed43f25b9595de101c5dd9771817760)

1 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (35ec7b273c4e869eb8178da26de6ab8c)

8 / 68      (Adware)
Desktop.OS.dll (Desktop)  (c337e1f93890a4155c1294adf87ea6a7)

8 / 68      (Adware)
Desktop.OS.dll (Desktop)  (5f88d34a491a640e5b201646ad9c69d3)

2 / 68      (Adware)
programmonitor.dat (Y2Desktop.ProgramMonitor)  (612a0a546c2273fc22fb7da9ff408d6f)

2 / 68      (Adware)
programmonitor.dat (Y2Desktop.ProgramMonitor)  (7970b479dac1b1fab6ba71a05a284269)

2 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (367bf722c7a9bd5e5a9a1ec83d38c503)

3 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (8c81ce590be3f261adb84f149e5d875d)

2 / 68      (Adware)
paladin.dat (Y2Desktop.Paladin by Microsoft)  (e6cac39eec8d56d46d84a7b133760661)

2 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (3f0d7aa45a9ccf759c8b9506157982cb)

3 / 68      (Adware)
healthmonitor.dat (Y2Desktop.HealthMonitor by Yontoo)  (3627bd0ba5d8eff8c2105677682eceed)

3 / 68      (Adware)
programmonitor.dat (Y2Desktop.ProgramMonitor)  (a628aed3387caafbe311168e980e2cfd)

2 / 68      (Adware)
heartbeat.dat (Y2Desktop.HeartbeatPlugin by Yontoo)  (9ed52d1d83a00db6c3c89c19a03dc42b)

 
Latest 30 of 43 files

Top-level domains owned by Yontoo LLC.

30 of 37 domains

The certificates below are also signed by Yontoo LLC.

4A49FB7E6B0BCF398A1ACF39EA80D982  (Oct 23, 2012 to Dec 23, 2013)

4F8617352536F013088C9B5533AA4440  (Dec 06, 2011 to Dec 06, 2012)

07E1F9EBCCC1AC  (May 09, 2011 to May 09, 2012)

The following publishers (by Authenticode signature organization name) are related.

30 of 63 publishers

* Note, the details and description above are based on the code signing digital signature issued to Yontoo LLC by VeriSign, Inc. on January 02, 2014 with the serial number '3aed60574343204f777d640fe767e84c'.