Author Topic: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"  (Read 2268 times)

0 Members and 1 Guest are viewing this topic.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 614
    • View Profile
This morning, when I ran avast's Browser Cleanup utility, it warned me that
"Browser Cleanup has detected one or more toolbar protectors on your system:
 - Yontoo
It is strongly recommended to completely remove them from your system, otherwise Browser Cleanup may not be able to remove the unwanted toolbars.
Do you want to completely remove these protectors
?"

Opening up the Avast-Browser-Cleanup.log , I found the following allegation:
Protector found:     "Yontoo" : [ "c:\\progra~3\\instal~1\\{6a206~1\\setup.exe" ]

Sifting through my directory structure, I was able to reveal the full path/filename as
C:\ProgramData\InstallMate\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}\setup.exe
which is part of the WinPatrol 32.0.2014.5 installer/uninstaller:
Copyright © 2014 Ruiware, LLC

The files in this folder are required for a clean update or removal
of the above product. Please do not delete them.


I have reported this at the avast forum:  https://forum.avast.com/index.php?topic=174069.0

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"
« Reply #1 on: July 24, 2015, 05:16:19 PM »
AdwareCleaner was detecting InstallMate at one time also.

http://www.herdprotect.com/setup.exe-23c184f98f650f6d13acdb7d3576588254466e97.aspx


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Bret Lowry

  • WinPatrol Developer
  • Visiting Experts
  • Sr. Member
  • *****
  • Posts: 320
    • View Profile
Re: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"
« Reply #2 on: July 25, 2015, 02:40:42 AM »
At some point in time, someone used InstallMate to create an installer for some malware.
Ever since then, InstallMate has been suffering from false positive problems because many antimalware companies simply see a trace and label it malware w/o making the full determination if the true malware is installed.

I believe this is also why Symantec has a false positive on the WinPatrol installer every single release.

Thanks,
Bret.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 614
    • View Profile
Re: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"
« Reply #3 on: July 25, 2015, 11:11:03 AM »
Bret,

Thanks for the response.

As noted, I posted this information at the avast forum, so as to alert "the powers that be" --- as well as other avast/WinPatrol users --- of the situation, lest they follow the Browser Cleanup Tool's suggestion to completely remove the alleged "Yontoo", which would then void WinPatrol's uninstaller from future use.

But instead of thanking me, or even acknowledging that I might be correct in my analysis, I was instead met with denial, condescension and sarcasm, such as:

Yontoo is malware and it not part of WinPatrol.  Follow the instructions in "Logs to assist in cleaning malware "

So I have chosen not to say/pursue anything more there.   I posted here so that any others impacted by this issue, who have the foresight to come here, will find a reference..

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 614
    • View Profile
Re: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"
« Reply #4 on: July 27, 2015, 09:13:28 AM »
Well, it looks like someone at avast has finally taken me seriously, and the F/P has been fixed:

https://forum.avast.com/index.php?topic=174075.msg1237175#msg1237175

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: avast's Browser Cleanup saying WinPatrol's setup is "Yontoo"
« Reply #5 on: July 27, 2015, 03:15:28 PM »
They should have listened to you in the first place!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.