What you should know about Yontoo malware & how to remove it

What is Yontoo?

Unlike most viruses around, Yontoo has a website. It is still online, although after the backlash in 2013, the product - if that is what it was - is discontinued. Even when it was discovered, there was no way to download it from the Yontoo website.

According to this website, the group of people behind it, who apparently worked in web startups, started creating Yontoo in 2006. This team had a mission “to enhance, extend, and personalize everyone’s experience across all websites.”

Yontoo has an “ability to horizontally across the internet rather than the typical vertical website archive that you see all over the internet. Yontoo takes a backseat to the web page, still allowing the main site to be the center of attention, as it should always be.”

It sounds almost legitimate. A group of developers experienced what they saw as a problem and attempted to create a solution. However, the problems came when they released it into the wild, either in a genuine attempt to generate growth or as part of a plan to use this as a revenue-generating tool; tricking people into downloading it to serve unsuspecting consumers adverts they don't want while effectively taking control of browsers across the world.

Does Yontoo do anything harmful?

Firstly, even if those behind this didn't intend to cause harm, they certainly got people talking in 2013.

On Mac devices, Yontoo appeared in many formats. As a media player, download manager, and a plugin for enhancing online video content, it would run the program and take control of a browser once someone downloaded the software. At that point, it crossed the line from a startup team doing what they could manage to achieve growth and over into malicious adware territory.

With control of a browser, Yontoo can serve unwanted adverts, generate pop-ups, banners, and track everything from passwords to browser activity. Yontoo was and might still be capable of taking over popular browsers, such as Safari, Firefox, and Chrome.

Although there was a debate at first, it didn't take long before most major antivirus providers labeled it a virus and sought to prevent it from infecting more Mac devices. Apple then took action to block various versions using the XProtect definitions within OS X. It is still uncertain whether a hacker or cyber-criminal hacked Yontoo for a malicious reason or if this was the plan all along. Apart from serving unwanted adverts, adware, and malware, it’s always creating backdoors that can let other viruses cause problems. Removing it is the safest, smartest thing you can do.

Here are a couple of ways you can do this.

How to remove Yontoo?

If you have been infected or were in 2013, there is a good chance that this particular adware virus has already been blocked from operating on your Mac by Apple. Many subsequent OS X and macOS updates should have eliminated this problem. However, if this is still potentially causing problems, there are ways you can remove Yontoo. It can be done manually or with a Mac performance improvement tool, such as CleanMyMac X.

4 steps to remove Yontoo manually

#1: Delete Yantoo from Safari

  1. Go to Safari > Preferences.
  2. Click on Extensions.
  3. Pick the Extension that you don't recognize.
  4. Click Uninstall.
  5. Confirm that you want to Uninstall the extension.

#2: Remove Yontoo from Chrome

  1. Open Chrome.
  2. Go to the Menu in your browser.
  3. Click on More Tools > Extensions.
  4. Pick the Extension that you don't recognize.
  5. Click Remove.
  6. Confirm that you want to remove the extension.

#3: Delete Yontoo from Firefox

  1. Open Firefox.
  2. Go to the Menu in your browser.
  3. Click on the Add-ons Manager tab.
  4. Select the Extension you want to remove.
  5. Click Remove.
  6. Confirm that you want to delete it.

#4: Remove system files

Adware also makes a home in system files. Otherwise, it won’t be much use when attempting to operate within the browser as a plugin. To remove it, you need to check in the following locations:

  • /Library/Application Support/
  • /Library/LaunchAgents/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/PrivilegedHelperTools/
  • /System/Library/Frameworks/

Whenever removing viruses manually is necessary, always take care to avoid putting anything in the trash that you need to run legitimate software programs. Be careful what you delete. It will also help check your DNS settings and make sure your browser isn’t directing web traffic to the wrong source.

Delete Yontoo easily with CleanMyMac X

CleanMyMac X is an invaluable tool for improving the overall performance of your Mac. It can remove gigabytes of junk files, speed up your Mac, and protect it from malware, spyware, worms, and ransomware. To clear Yontoo out of your system, you need to do the following:

  1. Download CleanMyMac X (a free trial version is available).
  2. Launch the app.
  3. Click on Malware Removal.
  4. Click Scan.
  5. Click Remove to neutralize all threats.

After that, your Mac will be operating at peak performance again. Yontoo is an annoyance, but and annoyance can soon cause more serious problems when it comes to malware and adware. It is far better and safer to remove this carefully with something that will get the job done.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.