YontooFFClient.xpi – Virus Parite

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

YontooFFClient.xpi – Virus Parite removal

File Virus Alias
YontooFFClient.xpi Virus Parite

Created files:

%Program Files%\Yontoo\YontooIEClient.dll
%WinDir%\TEMP\7za.exe
%WinDir%\TEMP\DFC8C9CC\x64\regsvr32.exe
%WinDir%\TEMP\DFC8C9CC\x86\regsvr32.exe
%WinDir%\TEMP\Malware44-0D7C.exe
%WinDir%\TEMP\OptChrome.exe
%WinDir%\TEMP\sqlite3.exe
%WinDir%\TEMP\YontooFFClient.xpi
%WinDir%\TEMP\YontooIEClient.dll
%WinDir%\TEMP\YontooLayers\manifest.json
%WinDir%\TEMP\YontooLayers.crx
%WinDir%\TEMP\YontooLayers.pem

Autostart registry keys:

HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32 : %Program Files%\Yontoo\YontooIEClient.dll
HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32 : %Program Files%\Yontoo\YontooIEClient.dll
HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32 : %Program Files%\Yontoo\YontooIEClient.dll

Detected by UnHackMe:

YontooFFClient.xpi
Default location: %WinDir%\TEMP\YontooFFClient.xpi

Dropper information:
SHA256: 41b6a1f91a9709d842dcef498d3001b2c8eaabbca2144605907af36e79b3f44e
SHA1: 6e30f5b247319fc32cc05830a1c85b90c1faeaf2
MD5: 0a9026acd3c34f681c766a9110033814
File size: 1226198 bytes

Leave a Reply