Y2Desktop.Updater.exe
Y2Desktop.Updater by Microsoft
Version: | 1.0.0.0 |
MD5: | 24fb8db6d1d55e2c5d0a53dfe48e6af8 |
SHA1: | 0144dad6530edbf83280ff7b7ace933567c6af13 |
SHA256: | 967b7fa83171485da1eef51db2a21fd17dfb4846e1f700c83e516bd40a542dca |
Warning 5 antivirus scanners has detected malware.
Overview
y2desktop.updater.exe is malware that runs as a service under the name Yontoo Desktop Updater with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Yontoo 1.12.02 published by Yontoo Technology, Inc., Yontoo 2.051 from Yontoo Technology, Inc. and Yontoo 2.051 by Yontoo Technology, Inc.. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC).
Details
File name: | y2desktop.updater.exe |
Publisher: | Microsoft |
Product name: | Y2Desktop.Updater |
Typical file path: | C:\Program Files\yontoo\y2desktop.updater.exe |
File version: | 1.0.0.0 |
Size: | 23 KB (23,552 bytes) |
Digital DNA |
File packed: | No |
Code language: | Microsoft Visual C# / Basic .NET |
.NET CLR: | Yes |
.NET NGENed: | No |
More details
Programs
The following programs will install this file
Yontoo is a web browser toolbar and extension. Yontoo collects and stores information about your web browsing habits so they can suggest services or provide advertising. Yontoo is a potentially unwanted application that installs a browser extension to display advertisements that appear to be from Facebook. The program will then install PageRage, a browser extension that modifies the skin layout of Facebook but also displays advertisemen...
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engine | Engine version | Detection |
F-Prot |
v6.4.7.1.166 |
W32/ApplCtnX.Y |
K7 AntiVirus |
9.170.8983 |
Unwanted-Program |
PC Tools |
9.0.0.2 |
SecurityRisk.Yontoo!rem |
Symantec |
20131.1.0.101 |
Yontoo |
VIPRE Antivirus |
19452 |
Yontoo (fs) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00422511% | |
Kernel CPU: | 0.00247864% | |
User CPU: | 0.00174647% | |
Kernel CPU time: | 417,704 ms/min | |
CPU cycles: | 57,926/sec | |
Context switches: | 2/sec | |
Memory |
Private memory: | 14.26 MB | |
Private (maximum): | 12.19 MB | |
Private (minimum): | 8.04 MB | |
Non-paged memory: | 14.26 MB | |
Virtual memory: | 114.58 MB | |
Virtual memory (peak): | 119.09 MB | |
Working set: | 9.54 MB | |
Working set (peak): | 12.56 MB | |
Page faults: | 6,982/min | |
I/O |
I/O read transfer: | 897 Bytes/sec | |
I/O read operations: | 1/sec | |
I/O write transfer: | 686 Bytes/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 57 Bytes/sec | |
I/O other operations: | 5/sec | |
Resource allocations |
Threads: | 10 | |
Handles: | 309 | |
GUI GDI count: | 4 | |
GUI USER count: | 2 | |
Process properties
Integrety level: | System |
Platform: | 32-bit |
Command lines: |
- "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\users\user\appdata\roaming\yontoo\yontoodesktop.exe"
- "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\Documents and Settings\user\Application data\yontoo\yontoodesktop.exe"
- "C:\Program Files\yontoo\y2desktop.updater.exe" "C:\documents and settings\aa\datos de programa\yontoo\yontoodesktop.exe"
|
Owner: | SYSTEM |
Windows Service |
Service name: | Yontoo Desktop Updater |
Description: | “Provides limited updating assistance for Yontoo Desktop” |
Type: | Win32OwnProcess |
Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
mscorwks.dll |
Total CPU: | 0.01284511% | |
Kernel CPU: | 0.00937559% | |
User CPU: | 0.00346952% | |
CPU cycles: | 138,816/sec | |
Memory: | 5.57 MB | |
Y2Desktop.Updater.exe (main module) |
Total CPU: | 0.00050815% | |
Kernel CPU: | 0.00036071% | |
User CPU: | 0.00014744% | |
CPU cycles: | 24,641/sec | |
Memory: | 48 KB | |
mscoree.dll (Microsoft .NET Framework by Microsoft) |
Total CPU: | 0.00021837% | |
Kernel CPU: | 0.00005459% | |
User CPU: | 0.00016378% | |
Memory: | 296 KB | |
ntdll.dll |
Total CPU: | 0.00000133% | |
Kernel CPU: | 0.00000133% | |
User CPU: | 0.00000000% | |
CPU cycles: | 38/sec | |
Memory: | 1.66 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Ultimate |
34.38% |
|
Microsoft Windows XP |
21.88% |
|
Windows 8 Pro |
15.63% |
|
Windows 7 Professional |
9.38% |
|
Windows 7 Home Premium |
6.25% |
|
Windows 7 Home Basic |
6.25% |
|
Windows 8 |
6.25% |
|
Distribution by country
United Kingdom installs about 12.50% of Y2Desktop.Updater.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Acer |
32.35% |
|
Dell |
11.76% |
|
American Megatrends |
11.76% |
|
ASUS |
11.76% |
|
Lenovo |
11.76% |
|
Hewlett-Packard |
8.82% |
|
Samsung |
5.88% |
|
GIGABYTE |
5.88% |
|