This article is aimed at removing the PUP Optional Yontoo “Virus” and to provide an answer to the question “What is Yontoo?” The latest version of Yontoo Layers is 1.10.02.
What is Yontoo Layers? Is Yontoo a virus and should you remove it from your PC?
Many consider the Yontoo “virus” to be an undesirable program and advertise for its removal, but there are no indications that it behaves like a computer virus. Most of the problems attributed to this program are actually caused by other applications installed alongside in from software bundles. Many users undeniably refer to it as a Yontoo “Virus”, but they are wrong in the sense that nothing Yontoo does is actually on the wrong side of the law. And viruses always are.
Yontoo Layers is a controversial Windows program that can create virtual layers over various websites. It was popular with Facebook and Myspace and some people claim that the Yontoo “virus” is able to improve their experience with these websites. Yontoo 1.10.02 allows you to hide portions of the website and layer over things you’d rather want to see in place of the content hidden underneath.
Unfortunately, Yontoo 1.10.02 remains a controversial program and many security applications consider it a PUP (Potentially Wanted Program). How so? We’ll try to answer that below.
Yontoo 1.10.02 is often linked to dangerous programs
Note that this may not be entirely due to the fault of Yontoo itself, but rather may be the cause of poor marketing and advertisement strategy. The thing is that it is often bundled in the installers of other programs. Any person who tries to install one of those program bundles will find himself in possession of Yontoo and possibly other software, which can be dangerous and/or malicious. Software bundling remains a controversial method to advertise – it definitely helps to make the program reach as many people as possible, but sometimes this program will also be uninstalled without the knowledge or explicit permission of the user.
- Want to avoid having random programs installed on your computer without your knowledge? Well – there is one very simply rule to uphold. Always select the advanced installation for any executable you start on your computer. Even software bundles have the option to forbid the installation for any additional programs added to the bundle and advanced installation will allow you to do just that. The quick/default installation in comparison is set to install anything and you certainly don’t want that.
Another negative feature of PUP Optional Yontoo is the fact that it uses Ads to sustain itself. This, in by itself, is a normal policy for free software. The issue comes from the fact that Yontoo does not have an interface of its own, but it meddles with your internet browser. People that have this program installed on their machine (even if they didn’t want it or are unaware they have it) will experience Ads from Yontoo overlaying the usual Ads for different websites they visit. Most online Ads are sponsored by Google or their partners and are safe to click on, Ads sponsored by Yontoo have no such protection.
There is also some heavy speculation that this program actively records data of your online history and webpage visits and it sells that data to 3rd party partners. Recording your online activity is actually fairly common for programs that display Ads (because they will try to optimize the Ads to your persona in order to make it more likely for you to click on them). However, while selling this information is not allowed it there is a huge amount of buyers and sellers.
Another very good reason to remove PUP Optional Yontoo from your machine is because this program has been discontinued by its developers. This means that any potential security problems will not be patched and everyone who finds a weakness in the code of the program can hack into your PC. The official site of Yontoo notifies that development is discontinued and it offers to help you with uninstalling it. Whether you want to trust the creators by downloading yet another executable to remove PUP Optional Yontoo is up to you, but we recommend against it.
|Type||Potentially Unwanted Program|
|Danger Level||Medium (While we have no reports indicating direct danger to your PC, there is always the possibility that your online activities are recorded and the data resold)|
|Symptoms||This program will layer in Ads over webpages you open in your browser.|
|Distribution Method||Can be downloaded directly, but most commonly unknowingly installed as part of a software bundle. |
|Detection Tool||Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored|
Readers are interested in:
Reboot in Safe Mode (use this guide if you don’t know how to do it).
This is the first preparation.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
The first thing you absolutely must do is Reveal All Hidden Files and Folders.
- Do not skip this. Yontoo may have hidden some of its files and you need to see them.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If these things fail to help you find Yontoo you need to resort to a professional scanner – obviously this is a malware that was created to steal your credentials and credit cards – meaning the people who created it spent a lot of resources to make it as dangerous as possible.
Remember to leave us a comment if you run into any trouble!