YTDownloader Virus
Posted: May 29, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 164 |
---|---|
Threat Level: | 2/10 |
Infected PCs: | 1,173,235 |
First Seen: | May 29, 2013 |
---|---|
Last Seen: | October 17, 2023 |
OS(es) Affected: | Windows |
YTDownloader is a browser add-on that allows you to download YouTube-based movie content, but also makes several negative modifications to your Web browser. Considered a PUP, much like some other software by the same company (such as highly-similar Youtube Accelerator and Shopper-Pro apps), YTDownloader may redirect your browser or load advertisements. When it comes to removing YTDownloader from your browser, malware analysts recommend using anti-adware or general anti-malware tools with dependable histories of wielding PUP-deletion functions to good effect.
Movie Downloads that Come with Something Extra
Previously, malware experts saw YTDownloader in distribution through the Downloadcamp.com website, although YTDownloader also appears to be in distribution through general software-bundling platforms circulating through other sites, such as 5-pn-installer.com and 2-fusioninstall.com. In some cases, these bundles also installed other PUPs along with YTDownloader, although YTDownloader also may be downloaded and installed as an independent product. Although YTDownloader isn't fraudulent software and does provide movie-downloading functions, YTDownloader also includes browser functions that malware experts deem typically undesirable:
- YTDownloader may hijack your browser, redirecting it to other websites. In most cases, redirects may trigger when you use popular search engines, or your browser tries to load generic error pages (such as those displayed when a site fails to load). Content promoted by YTDownloader's redirects may include alternate search sites or affiliated advertisers.
- YTDownloader also may load new advertisements directly into unrelated website content, including text links or banners.
- PC users also have reported miscellaneous performance problems associated with Goobzo LTD-brand software, including YTDownloader. These problems may extend to random crashes or general site-loading slowdowns.
While these traits may not warrant labeling YTDownloader as a threat, they are sufficiently negative that malware experts would recommend finding other means of downloading YouTube content.
Ditching a Downloader without Your Browser's Safety in Mind
As described earlier in this article, YTDownloader may be installed through additional bundle-based platforms that may place YTDownloader on your hard drive when you try to install an unrelated program. While YTDownloader and other Goobzo products are limited to installing themselves on Windows PCs, they also tend to modify more than one Web browser at the same time. Based on current data, malware experts can conclude that most popular Web-browsing products are at risk of being hijacked or subverted to promote YTDownloader advertisements.
Thankfully, security products that include capabilities designed to fight adware or other PUPs should be able to detect both YTDownloader and the bundles that could install YTDownloader. Scanning files before launching them is the most straightforward way to keep YTDownloader off of your browser, but if that fails, removing YTDownloader with a good anti-adware solution always is a commendable decision.
Aliases
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Users\<username>\AppData\Local\Installer\Installshopperpro_18352\DCytdkietut_tutdk_setup.exe
File name: DCytdkietut_tutdk_setup.exeSize: 1.21 MB (1212904 bytes)
MD5: 0821626f6acf801a8dffb338424b5646
Detection count: 731
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Installshopperpro_18352\DCytdkietut_tutdk_setup.exe
Group: Malware file
Last Updated: January 24, 2022
%LOCALAPPDATA%\Installer\Installgeforce_17746\DCytdkietut_tutdk_setup.exe
File name: DCytdkietut_tutdk_setup.exeSize: 1.21 MB (1212904 bytes)
MD5: 5850a86e39271e055dc3c3c0a26dbffc
Detection count: 372
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_17746
Group: Malware file
Last Updated: July 8, 2016
C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 770.56 KB (770560 bytes)
MD5: cca74db3b0403f0a55e5eff5e7c0b0a9
Detection count: 372
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe
Group: Malware file
Last Updated: June 10, 2022
%LOCALAPPDATA%\Installer\Installgeforce_1317\DCytdkietut_tutdk_setup.exe
File name: DCytdkietut_tutdk_setup.exeSize: 1.21 MB (1212904 bytes)
MD5: a0875cad48dc797886e850151f574263
Detection count: 342
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_1317
Group: Malware file
Last Updated: July 8, 2016
%TEMP%\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: 3a65d3f756590bc32c02ca532487c7ed
Detection count: 136
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 12, 2019
%PROGRAMFILES(x86)%\YouTube-Downloader\G1\youtubeserv.exe
File name: youtubeserv.exeSize: 2.97 MB (2971736 bytes)
MD5: 723d3b4a37fee18b5988335d7b951a4b
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube-Downloader\G1
Group: Malware file
Last Updated: March 23, 2016
%PROGRAMFILES%\YouTube Download Pool\G2\youtubeserv.exe
File name: youtubeserv.exeSize: 2.97 MB (2971736 bytes)
MD5: 431e2085df16d91b2818e96912dfefde
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\YouTube Download Pool\G2
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_30056\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: 13a80ab10e0e6b89e740a52d15e6a17e
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_30056
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_16448\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: 958042c600ad60ed162fb6cc5fedb2da
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_16448
Group: Malware file
Last Updated: July 1, 2020
%LOCALAPPDATA%\Installer\Install_75\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: 64293ee3ce165e938ff5e32f2af5e93a
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_75
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_19678\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: 044db0c69b9c12a530627fddd66a0d93
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_19678
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe
File name: smp2.exeSize: 271.87 KB (271872 bytes)
MD5: 98beda4ae701cf346217d77b9ed40013
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%PROGRAMFILES(x86)%\YouTube Downloader Services\v7\youtubeserv.exe
File name: youtubeserv.exeSize: 2.96 MB (2965600 bytes)
MD5: feec38efa24da4bb1b2efecec42601ff
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Downloader Services\v7
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_8700\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 769.02 KB (769024 bytes)
MD5: d44e38cf1fb7b104cebb014a741af224
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_8700
Group: Malware file
Last Updated: November 22, 2019
%ALLUSERSPROFILE%\smp2.exe
File name: smp2.exeSize: 195.92 KB (195927 bytes)
MD5: 8816db538e39654186218acddae2c34c
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%LOCALAPPDATA%\Installer\Install_22794\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 885.76 KB (885760 bytes)
MD5: a45e242cb8de67a567641de7711fdc90
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_22794
Group: Malware file
Last Updated: January 5, 2020
%LOCALAPPDATA%\Installer\Install_94\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 1.16 MB (1168896 bytes)
MD5: 13f3a6fd8fd644974456a58ea7a097ad
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_94
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\Installer\Install_29485\ytdieamodc_amodc_inst.exe
File name: ytdieamodc_amodc_inst.exeSize: 772.6 KB (772608 bytes)
MD5: e4dc74f92211c0d5224a73f687d01491
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_29485
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe
File name: smp2.exeSize: 81.06 KB (81069 bytes)
MD5: 75280e3fb509029fd0c4bea95eb2a626
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
%PROGRAMFILES(x86)%\YouTube Download Pool\G4\youtubeserv.exe
File name: youtubeserv.exeSize: 2.97 MB (2973272 bytes)
MD5: 9961eb3b2c0dc27abb53686c35873a63
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Download Pool\G4
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe
File name: smp2.exeSize: 409.5 KB (409508 bytes)
MD5: adb6277f8c3ce88b5faae7c48c32d572
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016
More files
Registry Modifications
CLSID{020B1D4B-5738-4C77-9E19-4F173DD9B486}{1F79EB77-955D-47F5-9B73-A9CF4571C819}{22222222-2222-2222-2222-220322282250}{44444444-4444-4444-4444-440344284450}{4573D215-5247-44F1-8AD5-14DA283D3B41}{5252AC41-94BB-11D1-B2E7-444553540000}{55555555-5555-5555-5555-550355285550}{66666666-6666-6666-6666-660366286650}{6DC82D15-92F2-11D1-A255-00A0C932C7DF}{82351433-9094-11D1-A24B-00A0C932C7DF}{82351440-9094-11D1-A24B-00A0C932C7DF}File name without pathAbout YouTube Accelerator.urlhttp_download.ytddownloader.com_0.localstoragehttp_download.ytddownloader.com_0.localstorage-journalhttp_www.ytddownloader.com_0.localstoragehttp_www.ytddownloader.com_0.localstorage-journalwww.ytddownloader[1].xmlYouTube Downloader.exe.lnkYT-Conv.lnkytaiesmt_smtyc_setup.exeYTD Video Downloader.lnkytdieamodc_amodc_inst.exeytdiegut_gutdc_inst.exeytdkiemon_amodk_setup.exeYTDownloader.lnkRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\Installer_ytd%WINDIR%\System32\Tasks\SMWPUpd%WINDIR%\System32\Tasks\YTDownloader%WINDIR%\System32\Tasks\YTDownloaderUpd%WINDIR%\Tasks\YTDownloader.job%WINDIR%\Tasks\YTDownloaderUpd.jobHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\CrossriderApp0032850.BHOSOFTWARE\Classes\CrossriderApp0032850.BHO.1SOFTWARE\Classes\CrossriderApp0032850.SandboxSOFTWARE\Classes\CrossriderApp0032850.Sandbox.1SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.comSoftware\GreenTree Applications\YTDSoftware\InstallPath\Status\YTDownloaderSOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpdSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSoftware\pardeep_youtube_downloaderSOFTWARE\SearchModulePlusSOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSOFTWARE\Wow6432Node\SearchModulePlusSOFTWARE\Wow6432Node\YTDownloaderSOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}Software\YTDownloaderSoftware\{DAF8B7E5-449D-4180-8281-10E536E597F2}SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet001\services\BrsHelperSYSTEM\ControlSet001\Services\sbmntrSYSTEM\ControlSet001\services\SMUpdSYSTEM\ControlSet001\services\SMUpddSYSTEM\ControlSet001\services\SMUpdPlusSYSTEM\ControlSet001\services\YTDUpdtSYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet002\services\BrsHelperSYSTEM\ControlSet002\Services\sbmntrSYSTEM\ControlSet002\services\SMUpdSYSTEM\ControlSet002\services\SMUpddSYSTEM\ControlSet002\services\SMUpdPlusSYSTEM\ControlSet002\services\YTDUpdtSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTRSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDDSYSTEM\CurrentControlSet\services\BrsHelperSYSTEM\CurrentControlSet\Services\sbmntrSYSTEM\CurrentControlSet\services\SMUpdSYSTEM\CurrentControlSet\services\SMUpddSYSTEM\CurrentControlSet\services\SMUpdPlusSYSTEM\CurrentControlSet\services\YTDUpdtYTLoaderHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}YoY 1.00YT-ConvYTConvYTDownloader{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1
Just reset your computer to update date set before the program was installed