Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
Relationships
Parent processes
Related files
 PE file structure
|
Show functions |
Import table
mscoree.dll
DllMain
YontooDesktop.exe
Yontoo Desktop by Yontoo LLC (Signed)
| Version: | 1.0.4778.22796 |
| MD5: | 2a6c01bac0f8aa9143d61ae1e28e263a |
| SHA1: | 4018a4069773fc6394ec87df693e7a8493df5757 |
| SHA256: | bc76991e06e36f6ec820b14ba40a7ed55a7b7f2519c39c28e1ae164f5b8f9035 |
Warning 8 antivirus scanners has detected malware.
What is YontooDesktop.exe?
Yontoo Runtime for Yontoo is a web browser toolbar and extension. Yontoo collects and stores information about your web browsing habits so they can suggest services or provide advertising. The plugin commonly displays ads and deals from affiliated merchants and clicking on such links some times ends up in installing other unwanted browser add-ons or even malware.
About YontooDesktop.exe (from Yontoo LLC)
“Yontoo is a browser add-on that horizontally crosses the internet rather than the standard vertical website archive. Yontoo LLC was founded by a small group of people that had worked together on previ”
Details
| File name: | yontoodesktop.exe |
| Publisher: | Yontoo LLC |
| Product name: | Yontoo Desktop |
| Typical file path: | C:\users\user\appdata\roaming\yontoo\yontoodesktop.exe |
| File version: | 1.0.4778.22796 |
| Size: | 41.78 KB (42,784 bytes) |
| Certificate |
| Issued to: | Yontoo LLC |
| Authority (CA): | VeriSign |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Behaviors
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Yontoo Desktop' → "C:\users\user\appdata\Roaming\Yontoo\YontooDesktop.exe"
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| F-Prot |
v6.4.7.1.166 |
W32/ApplCtnX.Z |
| K7 AntiVirus |
9.170.8989 |
Unwanted-Program |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Dsearch.f.(kcloud) |
| PC Tools |
9.0.0.2 |
SecurityRisk.Yontoo!rem |
| SUPERAntiSpyware |
5.6.0.1008 |
Trojan.Agent/Gen |
| Symantec |
20131.1.0.101 |
Yontoo |
| VIPRE Antivirus |
19474 |
Yontoo (v) |
| ViRobot |
2011.4.7.4223 |
Adware.Dsearch.42784 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.01664773% | |
| Kernel CPU: | 0.00954954% | |
| User CPU: | 0.00709819% | |
| Kernel CPU time: | 1,692 ms/min | |
| CPU cycles: | 543,272/sec | |
| Context switches: | 5/sec | |
| Memory |
| Private memory: | 34.03 MB | |
| Private (maximum): | 26.8 MB | |
| Private (minimum): | 16.56 MB | |
| Non-paged memory: | 34.03 MB | |
| Virtual memory: | 189.18 MB | |
| Virtual memory (peak): | 199.29 MB | |
| Working set: | 21.87 MB | |
| Working set (peak): | 29.08 MB | |
| Page faults: | 42,563/min | |
| I/O |
| I/O read transfer: | 2.93 KB/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 1.1 KB/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 530 Bytes/sec | |
| I/O other operations: | 36/sec | |
| Resource allocations |
| Threads: | 17 | |
| Handles: | 717 | |
| GUI GDI count: | 4 | |
| GUI GDI peak: | 4 | |
| GUI USER count: | 2 | |
| GUI USER peak: | 2 | |
Process properties
| Integrety level: | Medium |
| Platform: | 32-bit |
| Command lines: |
- "C:\users\user\appdata\roaming\yontoo\yontoodesktop.exe"
- C:\users\user\appdata\roaming\yontoo\yontoodesktop.exe
- "C:\Documents and Settings\user\Application data\yontoo\yontoodesktop.exe"
|
| Owner: | User |
| Parent processes: |
|
Threads
Averages
| mscorwks.dll |
| Total CPU: | 0.06749722% | |
| Kernel CPU: | 0.00578586% | |
| User CPU: | 0.06171136% | |
| CPU cycles: | 971,770/sec | |
| Memory: | 5.57 MB | |
| mscoree.dll (Microsoft .NET Framework by Microsoft) |
| Total CPU: | 0.01165953% | |
| Kernel CPU: | 0.00560554% | |
| User CPU: | 0.00605399% | |
| Memory: | 296 KB | |
| YontooDesktop.exe (main module) |
| Total CPU: | 0.00834242% | |
| Kernel CPU: | 0.00436337% | |
| User CPU: | 0.00397905% | |
| CPU cycles: | 70,836/sec | |
| Memory: | 64 KB | |
| ntdll.dll |
| Total CPU: | 0.00603522% | |
| Kernel CPU: | 0.00046728% | |
| User CPU: | 0.00556794% | |
| CPU cycles: | 29,868/sec | |
| Memory: | 1.23 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
37.50% |
|
| Windows 8 Pro |
20.83% |
|
| Microsoft Windows XP |
16.67% |
|
| Windows 8 |
8.33% |
|
| Windows 7 Home Premium |
8.33% |
|
| Windows 7 Professional |
8.33% |
|
Distribution by country
United Kingdom installs about 16.67% of Yontoo Desktop.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Acer |
26.09% |
|
| Hewlett-Packard |
17.39% |
|
| Dell |
17.39% |
|
| Lenovo |
17.39% |
|
| Samsung |
8.70% |
|
| GIGABYTE |
8.70% |
|
| American Megatrends |
4.35% |
|
