YontooIEClient.dll

Yontoo Runtime

Yontoo LLC

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module YontooIEClient.dll by Yontoo has been detected as adware by 27 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Yontoo Layers’. This file is typically installed with the program Yontoo 1.10.03 by Yontoo Technology, Inc. which is a potentially unwanted software program. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs.
Publisher:
Yontoo LLC  (signed and verified)

Product:
Yontoo Runtime

Version:
1.10.01

MD5:
cae7f79dfab8d6c510211ed6b61336cb

SHA-1:
15cbc917cfb03093a0ebf9cf069c2ca7821a5c22

SHA-256:
fb4ae2af639914806e37706db02b1bfab7a3d8cbf445d029f6b7bf84a8fb7156

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/23/2024 11:59:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.558412
664

Agnitum Outpost
Adware.WebCake
7.1.1

Avira AntiVirus
SPR/Tool.194928.2
7.11.153.220

Baidu Antivirus
Adware.Win32.WebCake
4.0.3.15411

Bitdefender
Application.Generic.558412
1.0.20.505

Bkav FE
W32.Clod973.Trojan
1.3.0.4613

Clam AntiVirus
Win.Adware.Yontoo-4
0.98/21155

Comodo Security
Application.Win32.Yontoo.a
18468

Dr.Web
Adware.Plugin.11
9.0.1.0101

ESET NOD32
Win32/Adware.Yontoo (variant)
9.9910

Fortinet FortiGate
Adware/WebCake
4/11/2015

F-Prot
W32/Adware.AKRZ
v6.4.7.1.166

G Data
Application.Generic.558412
15.4.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.1712333

Kaspersky
not-a-virus:AdWare.Win32.WebCake
14.0.0.2207

McAfee
Artemis!CAE7F79DFAB8
5600.6798

MicroWorld eScan
Application.Generic.558412
16.0.0.303

NANO AntiVirus
Trojan.Win32.Siggen.cocwct
0.28.0.57630

Quick Heal
AdWare.WebCake.r6 (Not a Virus)
4.15.14.00

Reason Heuristics
PUP.BHO.Yontoo
15.4.11.11

Rising Antivirus
Trojan.Win32.Generic.137177DE
23.00.65.15409

SUPERAntiSpyware
Adware.Yontoo
9942

Trend Micro House Call
TROJ_GEN.RC1H1DM
7.2.101

Trend Micro
TROJ_GEN.R0CBC0OAK14
10.465.11

Vba32 AntiVirus
AdWare.WebCake
3.12.26.0

VIPRE Antivirus
Yontoo
30056

File size:
190.4 KB (194,928 bytes)

Product version:
1.10.01

Copyright:
Copyright (c) 2011 Yontoo LLC. All rights reserved.

Original file name:
YontooIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\yontoo\yontooieclient.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/6/2011 7:00:00 PM

Valid to:
12/6/2012 6:59:59 PM

Subject:
CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4F8617352536F013088C9B5533AA4440

File PE Metadata
Compilation timestamp:
10/23/2012 8:34:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:TvWMjk7cpgC5sMGweABHpBWeJn+oST8M3kKU7tVlQFfmufJ1:TTS2/5r7BdJn+fXkK+o

Entry address:
0x12587

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B5, 65, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, D0, 8D, 02, 10, 5D, C3, 8B, FF, 55, 8B, EC, FF, 35, D0, 8D, 02, 10, FF, 15, 58, 01, 02, 10, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 6A, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 15, 50, 01, 02, 10, 33, C9, 85, C0, 0F, 95, C1, A3, D8, 8D, 02, 10, 8B, C1, C3, FF, 35, D8, 8D, 02, 10, FF, 15...
 
[+]

Entropy:
6.3442

Code size:
119.5 KB (122,368 bytes)

Internet Explorer BHO
Display name:
Yontoo Layers

CLSID:
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

CLSID name:
Yontoo


The file YontooIEClient.dll has been discovered within the following program.

Yontoo 1.10.03  by Yontoo Technology, Inc.
Yontoo is a web browser toolbar and extension (BHO in Internet Explorer). It collects and stores information about your web browsing habits so they can suggest services or provide advertising.
www.yontoo.com
88% remove it
 
Powered by Should I Remove It?

Remove YontooIEClient.dll - Powered by Reason Core Security