Yontoo virus is a very nasty browser hijack malware which gets installed
on a computer as a browser toolbar/extension. Yontoo Layers client
toolbar modifies default settings of Firefox, Chrome and Internet
explorer and then uses them for malicious activities. This application
can be downloaded from its official website, but it may even get into
your computer if you did not download it. Because it comes bundled with
freeware softwares from third-parties. Anyhow, once Yontoo Layers client
has been installed, you will face several annoying activities such as
Google search results redirecting to unwanted websites, pop-up
advertisements appearing on your screen or Yontoo ads inside all the web
pages you visit. Yontoo layers client virus extremely slows down the
infected PC. It consumes a lot of system recourses and collects personal
information about the user on infected PC. It steals your financial
details and passes them to hackers. You are advised to uninstall Yontoo
layers client virus extension before it fulfills its criminal tasks.
Disadvantages and risks of having Yontoo layers client:
To manually remove Yontoo layers client, follow the instructions.
First of all, Uninstall the program. (Skip to the next step if the application is not listed in Control Panel).
“Start > Settings > Control Panel. Now Locate and open “Add or Remove Programs” or “PROGRAMS AND FEATURES”. Find “Yontoo layers client”. Now click Uninstall/Remove.
Now remove the program from Browser.
Internet Explorer users:
Click “Tools” (if on Internet Explorer 9, click gear icon), Then “Manage Add-ons”. Look for Yontoo layers client. Disable if found any.
Block pop-ups of Yontoo layers client
To stop pop-ups from malware,
Click on TOOLS > POP-UP BLOCKER, then click TURN ON POP-UP BLOCKER. and then go to POP-UP BLOCKER SETTINGS. (Type any website you wish to block popups from
Firefox users:
Go to “Tools” (at the top), > “Add-ons” > “Extensions” and disable “Yontoo layers client”
Chrome Users:
Click “Tools/Settings” (Wrench incon), > “Add-ons” > “Extensions” and disable any file associate with malware
Still Spyware Yontoo layers client lurking in the system? Remove manually
Stop processes of this malware:
Open Task Manager to stop processes.
Remove associated registry settings:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\software\classes\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions,
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0
Delete Yontoo layers client infected files:
%Profile%\Local Settings\Temp\
%ProgramFiles%\
%UserProfile%\
Disadvantages and risks of having Yontoo layers client:
- It may change & corrupt default settings of browsers like Firefox, Chrome or Internet explorer
- Changes home page and displays unwanted pop-ups advertisements
- Causes frequent web redirects to wrong websites, hijacks search engine settings and leads to unexpected webpages
- Keeps record of browsing activities and interests
- Collects Personal user information which may include sensitive financial data such as logins, usernames, accounts
- It may bring further infections are direct the user to infectious sites
- Makes the browser run slow, uses a big part of system resources
To manually remove Yontoo layers client, follow the instructions.
First of all, Uninstall the program. (Skip to the next step if the application is not listed in Control Panel).
“Start > Settings > Control Panel. Now Locate and open “Add or Remove Programs” or “PROGRAMS AND FEATURES”. Find “Yontoo layers client”. Now click Uninstall/Remove.
Now remove the program from Browser.
Internet Explorer users:
Click “Tools” (if on Internet Explorer 9, click gear icon), Then “Manage Add-ons”. Look for Yontoo layers client. Disable if found any.
Block pop-ups of Yontoo layers client
To stop pop-ups from malware,
Click on TOOLS > POP-UP BLOCKER, then click TURN ON POP-UP BLOCKER. and then go to POP-UP BLOCKER SETTINGS. (Type any website you wish to block popups from
Go to “Tools” (at the top), > “Add-ons” > “Extensions” and disable “Yontoo layers client”
Click “Tools/Settings” (Wrench incon), > “Add-ons” > “Extensions” and disable any file associate with malware
Still Spyware Yontoo layers client lurking in the system? Remove manually
Stop processes of this malware:
Open Task Manager to stop processes.
Remove associated registry settings:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\software\classes\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions,
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0
Delete Yontoo layers client infected files:
%Profile%\Local Settings\Temp\
%ProgramFiles%\
%UserProfile%\
No comments:
Post a Comment