Home Malware Programs Adware YTDownloader Virus

YTDownloader Virus

Posted: May 29, 2013

Threat Metric

Ranking: 164
Threat Level: 2/10
Infected PCs: 1,173,235
First Seen: May 29, 2013
Last Seen: October 17, 2023
OS(es) Affected: Windows

YTDownloader is a browser add-on that allows you to download YouTube-based movie content, but also makes several negative modifications to your Web browser. Considered a PUP, much like some other software by the same company (such as highly-similar Youtube Accelerator and Shopper-Pro apps), YTDownloader may redirect your browser or load advertisements. When it comes to removing YTDownloader from your browser, malware analysts recommend using anti-adware or general anti-malware tools with dependable histories of wielding PUP-deletion functions to good effect.

Movie Downloads that Come with Something Extra

Previously, malware experts saw YTDownloader in distribution through the Downloadcamp.com website, although YTDownloader also appears to be in distribution through general software-bundling platforms circulating through other sites, such as 5-pn-installer.com and 2-fusioninstall.com. In some cases, these bundles also installed other PUPs along with YTDownloader, although YTDownloader also may be downloaded and installed as an independent product. Although YTDownloader isn't fraudulent software and does provide movie-downloading functions, YTDownloader also includes browser functions that malware experts deem typically undesirable:

  • YTDownloader may hijack your browser, redirecting it to other websites. In most cases, redirects may trigger when you use popular search engines, or your browser tries to load generic error pages (such as those displayed when a site fails to load). Content promoted by YTDownloader's redirects may include alternate search sites or affiliated advertisers.
  • YTDownloader also may load new advertisements directly into unrelated website content, including text links or banners.
  • PC users also have reported miscellaneous performance problems associated with Goobzo LTD-brand software, including YTDownloader. These problems may extend to random crashes or general site-loading slowdowns.

While these traits may not warrant labeling YTDownloader as a threat, they are sufficiently negative that malware experts would recommend finding other means of downloading YouTube content.

Ditching a Downloader without Your Browser's Safety in Mind

As described earlier in this article, YTDownloader may be installed through additional bundle-based platforms that may place YTDownloader on your hard drive when you try to install an unrelated program. While YTDownloader and other Goobzo products are limited to installing themselves on Windows PCs, they also tend to modify more than one Web browser at the same time. Based on current data, malware experts can conclude that most popular Web-browsing products are at risk of being hijacked or subverted to promote YTDownloader advertisements.

Thankfully, security products that include capabilities designed to fight adware or other PUPs should be able to detect both YTDownloader and the bundles that could install YTDownloader. Scanning files before launching them is the most straightforward way to keep YTDownloader off of your browser, but if that fails, removing YTDownloader with a good anti-adware solution always is a commendable decision.

Aliases

MalSign.Skodna.A8D [AVG]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



C:\Users\<username>\AppData\Local\Installer\Installshopperpro_18352\DCytdkietut_tutdk_setup.exe File name: DCytdkietut_tutdk_setup.exe
Size: 1.21 MB (1212904 bytes)
MD5: 0821626f6acf801a8dffb338424b5646
Detection count: 731
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Installshopperpro_18352\DCytdkietut_tutdk_setup.exe
Group: Malware file
Last Updated: January 24, 2022
%LOCALAPPDATA%\Installer\Installgeforce_17746\DCytdkietut_tutdk_setup.exe File name: DCytdkietut_tutdk_setup.exe
Size: 1.21 MB (1212904 bytes)
MD5: 5850a86e39271e055dc3c3c0a26dbffc
Detection count: 372
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_17746
Group: Malware file
Last Updated: July 8, 2016
C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 770.56 KB (770560 bytes)
MD5: cca74db3b0403f0a55e5eff5e7c0b0a9
Detection count: 372
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe
Group: Malware file
Last Updated: June 10, 2022
%LOCALAPPDATA%\Installer\Installgeforce_1317\DCytdkietut_tutdk_setup.exe File name: DCytdkietut_tutdk_setup.exe
Size: 1.21 MB (1212904 bytes)
MD5: a0875cad48dc797886e850151f574263
Detection count: 342
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_1317
Group: Malware file
Last Updated: July 8, 2016
%TEMP%\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: 3a65d3f756590bc32c02ca532487c7ed
Detection count: 136
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 12, 2019
%PROGRAMFILES(x86)%\YouTube-Downloader\G1\youtubeserv.exe File name: youtubeserv.exe
Size: 2.97 MB (2971736 bytes)
MD5: 723d3b4a37fee18b5988335d7b951a4b
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube-Downloader\G1
Group: Malware file
Last Updated: March 23, 2016
%PROGRAMFILES%\YouTube Download Pool\G2\youtubeserv.exe File name: youtubeserv.exe
Size: 2.97 MB (2971736 bytes)
MD5: 431e2085df16d91b2818e96912dfefde
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\YouTube Download Pool\G2
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_30056\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: 13a80ab10e0e6b89e740a52d15e6a17e
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_30056
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_16448\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: 958042c600ad60ed162fb6cc5fedb2da
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_16448
Group: Malware file
Last Updated: July 1, 2020
%LOCALAPPDATA%\Installer\Install_75\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: 64293ee3ce165e938ff5e32f2af5e93a
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_75
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_19678\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: 044db0c69b9c12a530627fddd66a0d93
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_19678
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe File name: smp2.exe
Size: 271.87 KB (271872 bytes)
MD5: 98beda4ae701cf346217d77b9ed40013
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%PROGRAMFILES(x86)%\YouTube Downloader Services\v7\youtubeserv.exe File name: youtubeserv.exe
Size: 2.96 MB (2965600 bytes)
MD5: feec38efa24da4bb1b2efecec42601ff
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Downloader Services\v7
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_8700\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 769.02 KB (769024 bytes)
MD5: d44e38cf1fb7b104cebb014a741af224
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_8700
Group: Malware file
Last Updated: November 22, 2019
%ALLUSERSPROFILE%\smp2.exe File name: smp2.exe
Size: 195.92 KB (195927 bytes)
MD5: 8816db538e39654186218acddae2c34c
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%LOCALAPPDATA%\Installer\Install_22794\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 885.76 KB (885760 bytes)
MD5: a45e242cb8de67a567641de7711fdc90
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_22794
Group: Malware file
Last Updated: January 5, 2020
%LOCALAPPDATA%\Installer\Install_94\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 1.16 MB (1168896 bytes)
MD5: 13f3a6fd8fd644974456a58ea7a097ad
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_94
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_29485\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 772.6 KB (772608 bytes)
MD5: e4dc74f92211c0d5224a73f687d01491
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_29485
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe File name: smp2.exe
Size: 81.06 KB (81069 bytes)
MD5: 75280e3fb509029fd0c4bea95eb2a626
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%PROGRAMFILES(x86)%\YouTube Download Pool\G4\youtubeserv.exe File name: youtubeserv.exe
Size: 2.97 MB (2973272 bytes)
MD5: 9961eb3b2c0dc27abb53686c35873a63
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Download Pool\G4
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe File name: smp2.exe
Size: 409.5 KB (409508 bytes)
MD5: adb6277f8c3ce88b5faae7c48c32d572
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{020B1D4B-5738-4C77-9E19-4F173DD9B486}{1F79EB77-955D-47F5-9B73-A9CF4571C819}{22222222-2222-2222-2222-220322282250}{44444444-4444-4444-4444-440344284450}{4573D215-5247-44F1-8AD5-14DA283D3B41}{5252AC41-94BB-11D1-B2E7-444553540000}{55555555-5555-5555-5555-550355285550}{66666666-6666-6666-6666-660366286650}{6DC82D15-92F2-11D1-A255-00A0C932C7DF}{82351433-9094-11D1-A24B-00A0C932C7DF}{82351440-9094-11D1-A24B-00A0C932C7DF}File name without pathAbout YouTube Accelerator.urlhttp_download.ytddownloader.com_0.localstoragehttp_download.ytddownloader.com_0.localstorage-journalhttp_www.ytddownloader.com_0.localstoragehttp_www.ytddownloader.com_0.localstorage-journalwww.ytddownloader[1].xmlYouTube Downloader.exe.lnkYT-Conv.lnkytaiesmt_smtyc_setup.exeYTD Video Downloader.lnkytdieamodc_amodc_inst.exeytdiegut_gutdc_inst.exeytdkiemon_amodk_setup.exeYTDownloader.lnkRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\Installer_ytd%WINDIR%\System32\Tasks\SMWPUpd%WINDIR%\System32\Tasks\YTDownloader%WINDIR%\System32\Tasks\YTDownloaderUpd%WINDIR%\Tasks\YTDownloader.job%WINDIR%\Tasks\YTDownloaderUpd.jobHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\CrossriderApp0032850.BHOSOFTWARE\Classes\CrossriderApp0032850.BHO.1SOFTWARE\Classes\CrossriderApp0032850.SandboxSOFTWARE\Classes\CrossriderApp0032850.Sandbox.1SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.comSoftware\GreenTree Applications\YTDSoftware\InstallPath\Status\YTDownloaderSOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpdSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSoftware\pardeep_youtube_downloaderSOFTWARE\SearchModulePlusSOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSOFTWARE\Wow6432Node\SearchModulePlusSOFTWARE\Wow6432Node\YTDownloaderSOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}Software\YTDownloaderSoftware\{DAF8B7E5-449D-4180-8281-10E536E597F2}SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet001\services\BrsHelperSYSTEM\ControlSet001\Services\sbmntrSYSTEM\ControlSet001\services\SMUpdSYSTEM\ControlSet001\services\SMUpddSYSTEM\ControlSet001\services\SMUpdPlusSYSTEM\ControlSet001\services\YTDUpdtSYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet002\services\BrsHelperSYSTEM\ControlSet002\Services\sbmntrSYSTEM\ControlSet002\services\SMUpdSYSTEM\ControlSet002\services\SMUpddSYSTEM\ControlSet002\services\SMUpdPlusSYSTEM\ControlSet002\services\YTDUpdtSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTRSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDDSYSTEM\CurrentControlSet\services\BrsHelperSYSTEM\CurrentControlSet\Services\sbmntrSYSTEM\CurrentControlSet\services\SMUpdSYSTEM\CurrentControlSet\services\SMUpddSYSTEM\CurrentControlSet\services\SMUpdPlusSYSTEM\CurrentControlSet\services\YTDUpdtYTLoaderHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}YoY 1.00YT-ConvYTConvYTDownloader{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1

Additional Information

The following directories were created:
%ALLUSERSPROFILE%\Application Data\YTD Video Downloader%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%ALLUSERSPROFILE%\SearchModulePlus%ALLUSERSPROFILE%\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTDownloader%COMMONPROGRAMFILES%\GBUpdatePlus%COMMONPROGRAMFILES%\Goobzo\GBUpdatePlus%LOCALAPPDATA%\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%PROGRAMFILES%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES%\Uploads Only for Youtube%PROGRAMFILES%\YT-Conv%PROGRAMFILES%\YTDownloader%PROGRAMFILES%\YoY%PROGRAMFILES%\YouTube Download Pool%PROGRAMFILES%\YouTube Downloader Services%PROGRAMFILES(x86)%\Uploads Only for Youtube%PROGRAMFILES(x86)%\YT-Conv%PROGRAMFILES(x86)%\YTDownloader%PROGRAMFILES(x86)%\YoY%PROGRAMFILES(x86)%\YouTube Download Pool%PROGRAMFILES(x86)%\YouTube Downloader Services%Temp%\YTDownloader%USERPROFILE%\Local Settings\Application Data\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%USERPROFILE%\Start Menu\Programs\YTDownloader

One Comment

Loading...