The Youndoo.com badware is a browser hijacker from the Adware/ShortcutHijacker family that changes the home page of your installed browsers to www.youndoo.com. It does this by installing random named files and Windows services that check the settings of your browser. When it detects that the home page and search has been changed to a page other than trotux.com, it will automatically change it back.

Remove the Youndoo.com Browser Hijacker (Uninstall Guide)

• Tue, 21 Jun 2016 09:15:12 EDT
• Read 272 times

The Youndoo.com badware is a browser hijacker from the Adware/ShortcutHijacker family that changes the home page of your installed browsers to www.youndoo.com. It does this by installing random named files and Windows services that check the settings of your browser. When it detects that the home page and search has been changed to a page other than trotux.com, it will automatically change it back.
When a user performs a search from the trotux.com search engine, it will first log the query to their own system and then redirect the user so the search results come from Google. It is unknown why they do this, but it is possible they are doing it for search query statistical information. When the Youndoo.com browser hijacker is installed it will also install the Gfinder addon into Mozilla Firefox.
How did the Iwatchavi.com hijacker get on my computer?

This program is installed via downloaders found on video and file sharing sites. These sites will offer free videos or downloads, but in reality install the Yeabests.cc hijacker on your computer. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.
In my opinion, the Youndoo.com browser hijacker provides no benefit to the computer it is installed on. As the searches redirect you through Google, you may as well use Google instead of a search engine that hijacks your browsers for an unknown purpose. To remove the Youndoo.com Browser Hijacker and clean the affected shortcuts, please use the removal guide below.
Array
View Associated Youndoo.com Browser Hijacker Files C:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\AppleVersions.dllxhqC:\Program Files (x86)\[random]\msvcr100.dllC:\Program Files (x86)\[random]\rugi.xhtm51trC:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\arrcch.dllC:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\[random]logS.xhtm5C:\Program Files (x86)\[random]\[random]logTs.exeC:\Windows\System32\Tasks\[random] Log


View Associated Youndoo.com Browser Hijacker Registry Information HKCU\Software\645111BF86713EB5097C84F7F202203AHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}HKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\hp http://www.youndoo.com/?z=[id]&from=wak&uid=[computer_id]&type=hp&mode=ffsengextHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\tab http://www.youndoo.com/?z=[id]&from=wak&uid=[computer_id]&type=hp&mode=ffsengextHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\sp http://www.youndoo.com/search/?q={searchTerms}&z=[id]&from=wak&uid=[computer_id]&type=spHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\surl http://www.youndoo.com/search/?&z=[id]&from=wak&uid=[computer_id]&type=sp&q=HKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\uid 645111BF86713EB5097C84F7F202203AHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\s HtTp://d3d5rryrijbudj.cloudfront.net/gzi4nvrb?uid=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&upd ate7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%sHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\spname youndooHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D84CA3-58D3-4F18-8461-0E8BC4DE6FDA}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\[random] LogHKLM\SOFTWARE\Microsoft\help http://www.youndoo.com/?z=[id]&from=wak&uid=[computer_id]&type=hpHKLM\SOFTWARE\Mozilla\FirefoxHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\hp http://www.youndoo.com/?z=[id]&from=wak&uid=[computer_id]&type=hp&mode=ffsengextHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\tab http://www.youndoo.com/?z=[id]&from=wak&uid=[computer_id]&type=hp&mode=ffsengextHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\sp http://www.youndoo.com/search/?q={searchTerms}&z=[id]&from=wak&uid=[computer_id]&type=spHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\surl http://www.youndoo.com/search/?&z=[id]&from=wak&uid=[computer_id]&type=sp&q=HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\uid 645111BF86713EB5097C84F7F202203AHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\s HtTp://d3d5rryrijbudj.cloudfront.net/gzi4nvrb?uid=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&upd ate7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%sHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\spname youndooHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{[id]}HKLM\SYSTEM\CurrentControlSet\services\[random]logS







Click here to view the article.