Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
mscoree.dll
DllMain

Y2Desktop.Updater.exe

Y2Desktop.Updater by Microsoft

Remove Y2Desktop.Updater.exe
Version:   1.0.0.0
MD5:   24fb8db6d1d55e2c5d0a53dfe48e6af8
SHA1:   0144dad6530edbf83280ff7b7ace933567c6af13
SHA256:   967b7fa83171485da1eef51db2a21fd17dfb4846e1f700c83e516bd40a542dca
Warning 5 antivirus scanners has detected malware.

Overview

y2desktop.updater.exe is malware that runs as a service under the name Yontoo Desktop Updater with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Yontoo 1.12.02 published by Yontoo Technology, Inc., Yontoo 2.051 from Yontoo Technology, Inc. and Yontoo 2.051 by Yontoo Technology, Inc.. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC).

DetailsDetails

File name:y2desktop.updater.exe
Publisher:Microsoft
Product name:Y2Desktop.Updater
Typical file path:C:\Program Files\yontoo\y2desktop.updater.exe
File version:1.0.0.0
Size:23 KB (23,552 bytes)
Digital DNA
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

ResourcesPrograms

The following programs will install this file
Yontoo
 Yontoo Technology, Inc.
  83% remove
Yontoo is a web browser toolbar and extension. Yontoo collects and stores information about your web browsing habits so they can suggest services or provide advertising. Yontoo is a potentially unwanted application that installs a browser extension to display advertisements that appear to be from Facebook. The program will then install PageRage, a browser extension that modifies the skin layout of Facebook but also displays advertisemen...

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Yontoo Desktop Updater'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
F-Prot v6.4.7.1.166 W32/ApplCtnX.Y
K7 AntiVirus 9.170.8983 Unwanted-Program
PC Tools 9.0.0.2 SecurityRisk.Yontoo!rem
Symantec 20131.1.0.101 Yontoo
VIPRE Antivirus 19452 Yontoo (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00422511%
0.028634%
Kernel CPU:0.00247864%
0.013761%
User CPU:0.00174647%
0.014873%
Kernel CPU time:417,704 ms/min
100,923,805ms/min
CPU cycles:57,926/sec
17,470,203/sec
Context switches:2/sec
284/sec
Memory
Private memory:14.26 MB
21.59 MB
Private (maximum):12.19 MB
Private (minimum):8.04 MB
Non-paged memory:14.26 MB
21.59 MB
Virtual memory:114.58 MB
140.96 MB
Virtual memory (peak):119.09 MB
169.69 MB
Working set:9.54 MB
18.61 MB
Working set (peak):12.56 MB
37.95 MB
Page faults:6,982/min
2,039/min
I/O
I/O read transfer:897 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:686 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:57 Bytes/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:10
12
Handles:309
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\users\user\appdata\roaming\yontoo\yontoodesktop.exe"
  • "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\Documents and Settings\user\Application data\yontoo\yontoodesktop.exe"
  • "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\documents and settings\aa\datos de programa\yontoo\yontoodesktop.exe"
Owner:SYSTEM
Windows Service
Service name:Yontoo Desktop Updater
Description:“Provides limited updating assistance for Yontoo Desktop”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
mscorwks.dll
Total CPU:0.01284511%
0.272967%
Kernel CPU:0.00937559%
0.107585%
User CPU:0.00346952%
0.165382%
CPU cycles:138,816/sec
5,741,424/sec
Memory:5.57 MB
1.16 MB
Y2Desktop.Updater.exe (main module)
Total CPU:0.00050815%
Kernel CPU:0.00036071%
User CPU:0.00014744%
CPU cycles:24,641/sec
Memory:48 KB
mscoree.dll (Microsoft .NET Framework by Microsoft)
Total CPU:0.00021837%
Kernel CPU:0.00005459%
User CPU:0.00016378%
Memory:296 KB
ntdll.dll
Total CPU:0.00000133%
Kernel CPU:0.00000133%
User CPU:0.00000000%
CPU cycles:38/sec
Memory:1.66 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 34.38%
Microsoft Windows XP 21.88%
Windows 8 Pro 15.63%
Windows 7 Professional 9.38%
Windows 7 Home Premium 6.25%
Windows 7 Home Basic 6.25%
Windows 8 6.25%

Distribution by countryDistribution by country

United Kingdom installs about 12.50% of Y2Desktop.Updater.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Acer 32.35%
Dell 11.76%
American Megatrends 11.76%
ASUS 11.76%
Lenovo 11.76%
Hewlett-Packard 8.82%
Samsung 5.88%
GIGABYTE 5.88%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE