Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: adware.Yontoo, adware Yontoo

Category: Malware

Type: Adware, potentially unwanted application (PUP), trojan

Platform: Windows, macOS

Variants: Multiple, usually named after the host program (such as YontooDesktop.exe), for example: Yontoo Layers, Yontoo Pagerage, Yontoo Runtime, Yontoo Webcake, Yontoo ShopperPro, Yontoo Desktop, Yontoo.Pagerage, Yontoo.C.

Damage potential: Browser hijacking, advertising scams, exposure of personal data, malware infection, data theft


Yontoo is a family of adware that typically targets Windows devices, although several variants exist specifically for Mac computers. Yontoo web apps and browser plugins offer expanded web functionality to users (such downloading YouTube videos with the Best Video Downloader), but at the cost of hijacking their browser, tracking their behavior, and showing dubious ads.

Possible symptoms

The most common sign of a Yontoo infection is the presence of Yontoo tools (such as the Yontoo toolbar) in your browser. You will also likely see a marked increase in banners, coupons, and pop ups shown while using your browser.

Other symptoms of a Yontoo infection include:

  • Yontoo apps appear on the list of programs installed on your device.

  • Ads from Google and YouTube are replaced by Yontoo content.

  • Your device starts to heat up due to Yontoo running in the background.

  • Specific keywords in websites are automatically highlighted and linked to Yontoo-affiliated sites.

Sources of the infection

Unlike many other forms of adware, Yontoo apps are typically downloaded by users willingly for the functions they offer (such as downloading YouTube videos or rearranging the layout of the Facebook website). In most cases, users are simply unaware that Yontoo apps will serve them additional ads or collect their data.

Your device may also get infected with Yontoo from:

  • Software (typically freeware) that includes Yontoo in the setup.

  • Drive-by downloading (malicious scripts on compromised websites that force your device to automatically download malware when the page loads.)

  • Infected email attachments.

  • Peer-to-peer (P2P) sharing of infected files.

  • Infected external devices, such as hard drives or USB sticks.


Once discovered, Yontoo tools can be removed from your device like other apps and browser extensions — for example, you can remove Yontoo from Windows 11 devices using the “Add or remove programs” option in the “Control panel.”

Other protective measures include:

  • Take care when you install new programs, especially free ones. Where possible, opt for a custom installation to avoid automatically opting in to Yontoo tools.

  • Avoid potentially dangerous websites, like dark web pages or torrent repositories. These websites may attempt to install malware (including Yontoo) on your device as soon as you open them.

  • Use NordVPN’s Threat Protection to scan programs and files for malware while they’re being downloaded. Threat Protection will also alert you if you’re about to enter a known infected website to prevent drive-by-download attacks.

Ultimate digital security