YTDownloader Virus

YTDownloader Virus Description

YTDownloader is a browser add-on that allows you to download YouTube-based movie content, but also makes several negative modifications to your Web browser. Considered a PUP, much like some other software by the same company (such as highly-similar Youtube Accelerator and Shopper-Pro apps), YTDownloader may redirect your browser or load advertisements. When it comes to removing YTDownloader from your browser, malware analysts recommend using anti-adware or general anti-malware tools with dependable histories of wielding PUP-deletion functions to good effect.

Movie Downloads that Come with Something Extra

Previously, malware experts saw YTDownloader in distribution through the Downloadcamp.com website, although YTDownloader also appears to be in distribution through general software-bundling platforms circulating through other sites, such as 5-pn-installer.com and 2-fusioninstall.com. In some cases, these bundles also installed other PUPs along with YTDownloader, although YTDownloader also may be downloaded and installed as an independent product. Although YTDownloader isn't fraudulent software and does provide movie-downloading functions, YTDownloader also includes browser functions that malware experts deem typically undesirable:

  • YTDownloader may hijack your browser, redirecting it to other websites. In most cases, redirects may trigger when you use popular search engines, or your browser tries to load generic error pages (such as those displayed when a site fails to load). Content promoted by YTDownloader's redirects may include alternate search sites or affiliated advertisers.
  • YTDownloader also may load new advertisements directly into unrelated website content, including text links or banners.
  • PC users also have reported miscellaneous performance problems associated with Goobzo LTD-brand software, including YTDownloader. These problems may extend to random crashes or general site-loading slowdowns.

While these traits may not warrant labeling YTDownloader as a threat, they are sufficiently negative that malware experts would recommend finding other means of downloading YouTube content.

Ditching a Downloader without Your Browser's Safety in Mind

As described earlier in this article, YTDownloader may be installed through additional bundle-based platforms that may place YTDownloader on your hard drive when you try to install an unrelated program. While YTDownloader and other Goobzo products are limited to installing themselves on Windows PCs, they also tend to modify more than one Web browser at the same time. Based on current data, malware experts can conclude that most popular Web-browsing products are at risk of being hijacked or subverted to promote YTDownloader advertisements.

Thankfully, security products that include capabilities designed to fight adware or other PUPs should be able to detect both YTDownloader and the bundles that could install YTDownloader. Scanning files before launching them is the most straightforward way to keep YTDownloader off of your browser, but if that fails, removing YTDownloader with a good anti-adware solution always is a commendable decision.

Aliases


MalSign.Skodna.A8D [AVG]a variant of MSIL/SBWatchman.AGoobzo (fs)TROJ_GEN.F47V1230

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to YTDownloader Virus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%PROGRAMFILES(x86)%\YouTube Downloader Services\P4\youtubeserv.exe File name: youtubeserv.exe
Size: 2.96 MB (2968696 bytes)
MD5: 7c55cde7da398f9c1225da66c64a7caf
Detection count: 7,558
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Downloader Services\P4\
Group: Malware file
Last Updated: January 15, 2015
%LOCALAPPDATA%\Installer\Installytd_13329\DCytdownloader_09082014.exe File name: DCytdownloader_09082014.exe
Size: 1.1 MB (1109888 bytes)
MD5: 453d0a754715bfe3d711b2ff0a8e7ee2
Detection count: 3,265
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installytd_13329\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Install_20168\DCytaiesmt_smtyc_setup.exe File name: DCytaiesmt_smtyc_setup.exe
Size: 1.22 MB (1223568 bytes)
MD5: beeb949c0a43b21d25e6c24b234c7df4
Detection count: 3,241
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_20168\
Group: Malware file
Last Updated: March 22, 2016
%USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Installer\InstallDummy_15070\ins_test2.exe File name: ins_test2.exe
Size: 2.43 MB (2435584 bytes)
MD5: b1ba95767114d426e96d2bda1f27d9fb
Detection count: 2,246
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Installer\InstallDummy_15070\
Group: Malware file
Last Updated: January 27, 2020
%LOCALAPPDATA%\Installer\Install_669\DCytdieamo_amodc_setup.exe File name: DCytdieamo_amodc_setup.exe
Size: 1.42 MB (1423232 bytes)
MD5: eeb0ac815cb02355d7c4598bba33c68e
Detection count: 2,094
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_669\
Group: Malware file
Last Updated: February 23, 2015
%LOCALAPPDATA%\Installer\Installcr_41\DCytdietut_tutdr_setup.exe File name: DCytdietut_tutdr_setup.exe
Size: 1.12 MB (1129856 bytes)
MD5: cd7fc1ad9139e038bd5decdc090da218
Detection count: 1,258
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installcr_41\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Installcr_8249\DCytdiegut_gutdu_setup.exe File name: DCytdiegut_gutdu_setup.exe
Size: 1.1 MB (1109888 bytes)
MD5: c350e84f00ea29e1ffe4e9ac81555ad7
Detection count: 1,077
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installcr_8249\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Installytd_24995\ytd_sysmenu_setup.exe File name: ytd_sysmenu_setup.exe
Size: 1.12 MB (1129856 bytes)
MD5: 7b86de75ccd9c87eba364c3d3cd99acc
Detection count: 1,002
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installytd_24995\
Group: Malware file
Last Updated: August 8, 2018
%LOCALAPPDATA%\Installer\Installiwebar_32274\DCytdie_gutdu_setup.exe File name: DCytdie_gutdu_setup.exe
Size: 1.11 MB (1113984 bytes)
MD5: b44fc05138f521554464b5cf33550673
Detection count: 925
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installiwebar_32274\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Installytd_24353\ytdkiemon_amodk_setup.exe File name: ytdkiemon_amodk_setup.exe
Size: 1.2 MB (1201024 bytes)
MD5: 80c563e5d0b267f4d9106fc7918ad9e5
Detection count: 817
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installytd_24353\
Group: Malware file
Last Updated: March 30, 2016
%LOCALAPPDATA%\Installer\Install_22227\DCytdieamodc_amodc_setup.exe File name: DCytdieamodc_amodc_setup.exe
Size: 1.42 MB (1428992 bytes)
MD5: 4fc779e29a50a3da16dd3f68ff2d757a
Detection count: 728
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_22227\
Group: Malware file
Last Updated: March 30, 2016
%LOCALAPPDATA%\Installer\Installcr_13777\ytdi_tugdu_setup.exe File name: ytdi_tugdu_setup.exe
Size: 1.11 MB (1113472 bytes)
MD5: 2e4752ea966a33f94e898be6f5b9d997
Detection count: 689
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installcr_13777\
Group: Malware file
Last Updated: March 30, 2016
%LOCALAPPDATA%\Installer\Installgeforce_14776\DC1_Offer_6.exe File name: DC1_Offer_6.exe
Size: 1.12 MB (1124736 bytes)
MD5: 3e4e3d09aee0e048463b603bb20bf6ef
Detection count: 660
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_14776\
Group: Malware file
Last Updated: July 8, 2016
%LOCALAPPDATA%\Installer\Installgeforce_405\DC1_Offer_3.exe File name: DC1_Offer_3.exe
Size: 1.12 MB (1124736 bytes)
MD5: e43e11b40e7a96179025e664a4d3abe2
Detection count: 604
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_405\
Group: Malware file
Last Updated: March 30, 2016
%LOCALAPPDATA%\Installer\Installytd_28408\DCytdieair_airdc_setup.exe File name: DCytdieair_airdc_setup.exe
Size: 1.18 MB (1185664 bytes)
MD5: 5aea6b72683817a269e80ae586f4c457
Detection count: 485
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installytd_28408\
Group: Malware file
Last Updated: July 8, 2016
%LOCALAPPDATA%\Installer\Installshopperpro_30532\DC1_Offer_4.exe File name: DC1_Offer_4.exe
Size: 1.12 MB (1124736 bytes)
MD5: bd767089726878c2ea3e8582686a655f
Detection count: 342
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installshopperpro_30532\
Group: Malware file
Last Updated: July 8, 2016
%LOCALAPPDATA%\Installer\Installgeforce_6610\DC1AB14RN1.exe File name: DC1AB14RN1.exe
Size: 1.42 MB (1427328 bytes)
MD5: d2a7b8671c3e3247e0d9d3811370590e
Detection count: 319
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Installgeforce_6610\
Group: Malware file
Last Updated: July 8, 2016
%TEMP%\Install_25135\ytd.exe File name: ytd.exe
Size: 6.87 MB (6873072 bytes)
MD5: ae8756a8ca44cf937b238ec0dabf51c6
Detection count: 126
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Install_25135\
Group: Malware file
Last Updated: January 11, 2020
%LOCALAPPDATA%\Installer\Install_94\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 1.16 MB (1168896 bytes)
MD5: 13f3a6fd8fd644974456a58ea7a097ad
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_94\
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%smp2.exe File name: smp2.exe
Size: 81.06 KB (81069 bytes)
MD5: 75280e3fb509029fd0c4bea95eb2a626
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016

More files

Registry Modifications


The following newly produced Registry Values are:

Registry keySOFTWARE\Classes\CrossriderApp0032850.BHOSOFTWARE\Classes\CrossriderApp0032850.BHO.1SOFTWARE\Classes\CrossriderApp0032850.SandboxSOFTWARE\Classes\CrossriderApp0032850.Sandbox.1SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.comSoftware\GreenTree Applications\YTDSoftware\InstallPath\Status\YTDownloaderSOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpdSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSoftware\pardeep_youtube_downloaderSOFTWARE\SearchModulePlusSOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSOFTWARE\Wow6432Node\SearchModulePlusSOFTWARE\Wow6432Node\YTDownloaderSOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}Software\YTDownloaderSoftware\{DAF8B7E5-449D-4180-8281-10E536E597F2}SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet001\services\BrsHelperSYSTEM\ControlSet001\Services\sbmntrSYSTEM\ControlSet001\services\SMUpdSYSTEM\ControlSet001\services\SMUpddSYSTEM\ControlSet001\services\SMUpdPlusSYSTEM\ControlSet001\services\YTDUpdtSYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet002\services\BrsHelperSYSTEM\ControlSet002\Services\sbmntrSYSTEM\ControlSet002\services\SMUpdSYSTEM\ControlSet002\services\SMUpddSYSTEM\ControlSet002\services\SMUpdPlusSYSTEM\ControlSet002\services\YTDUpdtSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTRSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDDSYSTEM\CurrentControlSet\services\BrsHelperSYSTEM\CurrentControlSet\Services\sbmntrSYSTEM\CurrentControlSet\services\SMUpdSYSTEM\CurrentControlSet\services\SMUpddSYSTEM\CurrentControlSet\services\SMUpdPlusSYSTEM\CurrentControlSet\services\YTDUpdtYTLoaderFile name without pathAbout YouTube Accelerator.urlhttp_download.ytddownloader.com_0.localstoragehttp_download.ytddownloader.com_0.localstorage-journalhttp_www.ytddownloader.com_0.localstoragehttp_www.ytddownloader.com_0.localstorage-journalwww.ytddownloader[1].xmlYouTube Downloader.exe.lnkYT-Conv.lnkytaiesmt_smtyc_setup.exeYTD Video Downloader.lnkytdieamodc_amodc_inst.exeytdiegut_gutdc_inst.exeytdkiemon_amodk_setup.exeYTDownloader.lnkHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}YoY 1.00YT-ConvYTConvYTDownloader{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1Directory%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%ALLUSERSPROFILE%\Application Data\SearchModulePlus%ALLUSERSPROFILE%\Application Data\YTD Video Downloader%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%ALLUSERSPROFILE%\SearchModulePlus%ALLUSERSPROFILE%\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTDownloader%COMMONPROGRAMFILES%\GBUpdatePlus%COMMONPROGRAMFILES%\Goobzo\GBUpdatePlus%COMMONPROGRAMFILES(x86)%\GBUpdatePlus%COMMONPROGRAMFILES(x86)%\Goobzo\GBUpdatePlus%LOCALAPPDATA%\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan%PROGRAMFILES%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES%\Uploads Only for Youtube%PROGRAMFILES%\YouTube Download Pool%PROGRAMFILES%\YouTube Downloader Services%PROGRAMFILES%\YoY%PROGRAMFILES%\YT-Conv%PROGRAMFILES%\YTDownloader%PROGRAMFILES(x86)%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES(x86)%\Uploads Only for Youtube%PROGRAMFILES(x86)%\YouTube Download Pool%PROGRAMFILES(x86)%\YouTube Downloader Services%PROGRAMFILES(x86)%\YoY%PROGRAMFILES(x86)%\YT-Conv%PROGRAMFILES(x86)%\YTDownloader%Temp%\YTDownloader%USERPROFILE%\Local Settings\Application Data\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan%USERPROFILE%\Microsoft\Windows\Start Menu\Programs\YTDownloader%USERPROFILE%\Start Menu\Programs\YTDownloader%WINDIR%\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2%WINDIR%\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate3%WINDIR%\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate2%WINDIR%\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3CLSID{020B1D4B-5738-4C77-9E19-4F173DD9B486}{1F79EB77-955D-47F5-9B73-A9CF4571C819}{22222222-2222-2222-2222-220322282250}{44444444-4444-4444-4444-440344284450}{4573D215-5247-44F1-8AD5-14DA283D3B41}{5252AC41-94BB-11D1-B2E7-444553540000}{55555555-5555-5555-5555-550355285550}{66666666-6666-6666-6666-660366286650}{6DC82D15-92F2-11D1-A255-00A0C932C7DF}{82351433-9094-11D1-A24B-00A0C932C7DF}{82351440-9094-11D1-A24B-00A0C932C7DF}Regexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%PROGRAMFILES%\ytd\YouTube Downloader.exe%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\Installer_ytd%WINDIR%\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2.xml%WINDIR%\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate3.xml%WINDIR%\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate2.xml%WINDIR%\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3.xml%WINDIR%\System32\Tasks\SMWPUpd%WINDIR%\System32\Tasks\YTDownloader%WINDIR%\System32\Tasks\YTDownloaderUpd%WINDIR%\Tasks\YTDownloader.job%WINDIR%\Tasks\YTDownloaderUpd.job
Posted: May 29, 2013
Threat Metric
Threat Level: 2/10
Infected PCs 887,483
Home Malware Programs Adware YTDownloader Virus

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.