Home Malware Programs Adware YTDownloader Virus

YTDownloader Virus

Posted: May 29, 2013

Threat Metric

Ranking: 79
Threat Level: 2/10
Infected PCs: 912,866
First Seen: May 29, 2013
Last Seen: October 11, 2021
OS(es) Affected: Windows

YTDownloader is a browser add-on that allows you to download YouTube-based movie content, but also makes several negative modifications to your Web browser. Considered a PUP, much like some other software by the same company (such as highly-similar Youtube Accelerator and Shopper-Pro apps), YTDownloader may redirect your browser or load advertisements. When it comes to removing YTDownloader from your browser, malware analysts recommend using anti-adware or general anti-malware tools with dependable histories of wielding PUP-deletion functions to good effect.

Movie Downloads that Come with Something Extra

Previously, malware experts saw YTDownloader in distribution through the Downloadcamp.com website, although YTDownloader also appears to be in distribution through general software-bundling platforms circulating through other sites, such as 5-pn-installer.com and 2-fusioninstall.com. In some cases, these bundles also installed other PUPs along with YTDownloader, although YTDownloader also may be downloaded and installed as an independent product. Although YTDownloader isn't fraudulent software and does provide movie-downloading functions, YTDownloader also includes browser functions that malware experts deem typically undesirable:

  • YTDownloader may hijack your browser, redirecting it to other websites. In most cases, redirects may trigger when you use popular search engines, or your browser tries to load generic error pages (such as those displayed when a site fails to load). Content promoted by YTDownloader's redirects may include alternate search sites or affiliated advertisers.
  • YTDownloader also may load new advertisements directly into unrelated website content, including text links or banners.
  • PC users also have reported miscellaneous performance problems associated with Goobzo LTD-brand software, including YTDownloader. These problems may extend to random crashes or general site-loading slowdowns.

While these traits may not warrant labeling YTDownloader as a threat, they are sufficiently negative that malware experts would recommend finding other means of downloading YouTube content.

Ditching a Downloader without Your Browser's Safety in Mind

As described earlier in this article, YTDownloader may be installed through additional bundle-based platforms that may place YTDownloader on your hard drive when you try to install an unrelated program. While YTDownloader and other Goobzo products are limited to installing themselves on Windows PCs, they also tend to modify more than one Web browser at the same time. Based on current data, malware experts can conclude that most popular Web-browsing products are at risk of being hijacked or subverted to promote YTDownloader advertisements.

Thankfully, security products that include capabilities designed to fight adware or other PUPs should be able to detect both YTDownloader and the bundles that could install YTDownloader. Scanning files before launching them is the most straightforward way to keep YTDownloader off of your browser, but if that fails, removing YTDownloader with a good anti-adware solution always is a commendable decision.

Aliases

MalSign.Skodna.A8D [AVG]

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to YTDownloader Virus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SYSTEMDRIVE%\Users\arianna\AppData\Local\Installer\Install_28092\ytdiegut_gutdc_inst.exe\ytdiegut_gutdc_inst.exe File name: ytdiegut_gutdc_inst.exe
Size: 2.43 MB (2435584 bytes)
MD5: b1ba95767114d426e96d2bda1f27d9fb
Detection count: 2,621
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\arianna\AppData\Local\Installer\Install_28092\ytdiegut_gutdc_inst.exe\
Group: Malware file
Last Updated: October 11, 2021
%LOCALAPPDATA%\Installer\Install_18564\DCytaiesmt_smtyc_setup.exe File name: DCytaiesmt_smtyc_setup.exe
Size: 1.22 MB (1222640 bytes)
MD5: 93cda7388cf5cb115c5ba1e4d3899ad5
Detection count: 2,113
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_18564\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Install_16828\DCytdieamo_amodc_setup.exe File name: DCytdieamo_amodc_setup.exe
Size: 1.42 MB (1422824 bytes)
MD5: 88a2067b3a4a180211ca9c1e0c22dc68
Detection count: 920
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_16828\
Group: Malware file
Last Updated: March 22, 2016
%LOCALAPPDATA%\Installer\Install_23100\DCytdiegut_gutdc_setup.exe File name: DCytdiegut_gutdc_setup.exe
Size: 1.42 MB (1422824 bytes)
MD5: b1446377c0d7978ddf163e7156bda1ea
Detection count: 621
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_23100\
Group: Malware file
Last Updated: July 8, 2016
%ALLUSERSPROFILE%\YTD Video Downloader\ytd_installer.exe File name: ytd_installer.exe
Size: 10.34 MB (10348152 bytes)
MD5: c87b70cf61c2642c8970bb566a1aa4fe
Detection count: 532
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\YTD Video Downloader\
Group: Malware file
Last Updated: September 21, 2021
%COMMONPROGRAMFILES%\System\SysMenu.dll File name: SysMenu.dll
Size: 604.16 KB (604160 bytes)
MD5: 463e1fc04badd550e0ee48378200b45d
Detection count: 129
File type: Dynamic link library
Mime Type: unknown/dll
Path: %COMMONPROGRAMFILES%\System\
Group: Malware file
Last Updated: March 26, 2016
%PROGRAMFILES(x86)%\YouTube Downloader Services\youtubeserv.exe File name: youtubeserv.exe
Size: 2.28 MB (2282080 bytes)
MD5: 167be98f1c4ad00bbbb78e56d2bcf13b
Detection count: 124
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Downloader Services\
Group: Malware file
Last Updated: March 23, 2016
%LOCALAPPDATA%\YT-Downloader\ytdownloader\1.3.1.14\ytdownloader.exe File name: ytdownloader.exe
Size: 284.16 KB (284160 bytes)
MD5: 6564e2fa9e4f58a1ed94e8a86882806f
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\YT-Downloader\ytdownloader\1.3.1.14\
Group: Malware file
Last Updated: March 19, 2016
%LOCALAPPDATA%\Installer\Install_94\ytdieamodc_amodc_inst.exe File name: ytdieamodc_amodc_inst.exe
Size: 1.16 MB (1168896 bytes)
MD5: 13f3a6fd8fd644974456a58ea7a097ad
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_94\
Group: Malware file
Last Updated: March 23, 2016
%ALLUSERSPROFILE%\smp2.exe File name: smp2.exe
Size: 81.06 KB (81069 bytes)
MD5: 75280e3fb509029fd0c4bea95eb2a626
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\
Group: Malware file
Last Updated: April 7, 2016

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{020B1D4B-5738-4C77-9E19-4F173DD9B486}{1F79EB77-955D-47F5-9B73-A9CF4571C819}{22222222-2222-2222-2222-220322282250}{44444444-4444-4444-4444-440344284450}{4573D215-5247-44F1-8AD5-14DA283D3B41}{5252AC41-94BB-11D1-B2E7-444553540000}{55555555-5555-5555-5555-550355285550}{66666666-6666-6666-6666-660366286650}{6DC82D15-92F2-11D1-A255-00A0C932C7DF}{82351433-9094-11D1-A24B-00A0C932C7DF}{82351440-9094-11D1-A24B-00A0C932C7DF}Directory%ALLUSERSPROFILE%\Application Data\YTD Video Downloader%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%ALLUSERSPROFILE%\SearchModulePlus%ALLUSERSPROFILE%\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTDownloader%COMMONPROGRAMFILES%\GBUpdatePlus%COMMONPROGRAMFILES%\Goobzo\GBUpdatePlus%LOCALAPPDATA%\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%PROGRAMFILES%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES%\Uploads Only for Youtube%PROGRAMFILES%\YouTube Download Pool%PROGRAMFILES%\YouTube Downloader Services%PROGRAMFILES%\YoY%PROGRAMFILES%\YT-Conv%PROGRAMFILES%\YTDownloader%PROGRAMFILES(x86)%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES(x86)%\Uploads Only for Youtube%PROGRAMFILES(x86)%\YouTube Download Pool%PROGRAMFILES(x86)%\YouTube Downloader Services%PROGRAMFILES(x86)%\YoY%PROGRAMFILES(x86)%\YT-Conv%PROGRAMFILES(x86)%\YTDownloader%Temp%\YTDownloader%USERPROFILE%\Local Settings\Application Data\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%USERPROFILE%\Start Menu\Programs\YTDownloaderFile name without pathAbout YouTube Accelerator.urlhttp_download.ytddownloader.com_0.localstoragehttp_download.ytddownloader.com_0.localstorage-journalhttp_www.ytddownloader.com_0.localstoragehttp_www.ytddownloader.com_0.localstorage-journalwww.ytddownloader[1].xmlYouTube Downloader.exe.lnkYT-Conv.lnkytaiesmt_smtyc_setup.exeYTD Video Downloader.lnkytdieamodc_amodc_inst.exeytdiegut_gutdc_inst.exeytdkiemon_amodk_setup.exeYTDownloader.lnkRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\Installer_ytd%WINDIR%\System32\Tasks\SMWPUpd%WINDIR%\System32\Tasks\YTDownloader%WINDIR%\System32\Tasks\YTDownloaderUpd%WINDIR%\Tasks\YTDownloader.job%WINDIR%\Tasks\YTDownloaderUpd.jobHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\CrossriderApp0032850.BHOSOFTWARE\Classes\CrossriderApp0032850.BHO.1SOFTWARE\Classes\CrossriderApp0032850.SandboxSOFTWARE\Classes\CrossriderApp0032850.Sandbox.1SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.comSoftware\GreenTree Applications\YTDSoftware\InstallPath\Status\YTDownloaderSOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpdSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSoftware\pardeep_youtube_downloaderSOFTWARE\SearchModulePlusSOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSOFTWARE\Wow6432Node\SearchModulePlusSOFTWARE\Wow6432Node\YTDownloaderSOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}Software\YTDownloaderSoftware\{DAF8B7E5-449D-4180-8281-10E536E597F2}SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet001\services\BrsHelperSYSTEM\ControlSet001\Services\sbmntrSYSTEM\ControlSet001\services\SMUpdSYSTEM\ControlSet001\services\SMUpddSYSTEM\ControlSet001\services\SMUpdPlusSYSTEM\ControlSet001\services\YTDUpdtSYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet002\services\BrsHelperSYSTEM\ControlSet002\Services\sbmntrSYSTEM\ControlSet002\services\SMUpdSYSTEM\ControlSet002\services\SMUpddSYSTEM\ControlSet002\services\SMUpdPlusSYSTEM\ControlSet002\services\YTDUpdtSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTRSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDDSYSTEM\CurrentControlSet\services\BrsHelperSYSTEM\CurrentControlSet\Services\sbmntrSYSTEM\CurrentControlSet\services\SMUpdSYSTEM\CurrentControlSet\services\SMUpddSYSTEM\CurrentControlSet\services\SMUpdPlusSYSTEM\CurrentControlSet\services\YTDUpdtYTLoaderHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}YoY 1.00YT-ConvYTConvYTDownloader{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1

One Comment