YTDownloader Virus

Posted: May 29, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	205
Threat Level:	2/10
Infected PCs:	1,207,170

First Seen:	May 29, 2013
Last Seen:	March 10, 2025
OS(es) Affected:	Windows

YTDownloader is a browser add-on that allows you to download YouTube-based movie content, but also makes several negative modifications to your Web browser. Considered a PUP, much like some other software by the same company (such as highly-similar Youtube Accelerator and Shopper-Pro apps), YTDownloader may redirect your browser or load advertisements. When it comes to removing YTDownloader from your browser, malware analysts recommend using anti-adware or general anti-malware tools with dependable histories of wielding PUP-deletion functions to good effect.

Movie Downloads that Come with Something Extra

Previously, malware experts saw YTDownloader in distribution through the Downloadcamp.com website, although YTDownloader also appears to be in distribution through general software-bundling platforms circulating through other sites, such as 5-pn-installer.com and 2-fusioninstall.com. In some cases, these bundles also installed other PUPs along with YTDownloader, although YTDownloader also may be downloaded and installed as an independent product. Although YTDownloader isn't fraudulent software and does provide movie-downloading functions, YTDownloader also includes browser functions that malware experts deem typically undesirable:

YTDownloader may hijack your browser, redirecting it to other websites. In most cases, redirects may trigger when you use popular search engines, or your browser tries to load generic error pages (such as those displayed when a site fails to load). Content promoted by YTDownloader's redirects may include alternate search sites or affiliated advertisers.
YTDownloader also may load new advertisements directly into unrelated website content, including text links or banners.
PC users also have reported miscellaneous performance problems associated with Goobzo LTD-brand software, including YTDownloader. These problems may extend to random crashes or general site-loading slowdowns.

While these traits may not warrant labeling YTDownloader as a threat, they are sufficiently negative that malware experts would recommend finding other means of downloading YouTube content.

Ditching a Downloader without Your Browser's Safety in Mind

As described earlier in this article, YTDownloader may be installed through additional bundle-based platforms that may place YTDownloader on your hard drive when you try to install an unrelated program. While YTDownloader and other Goobzo products are limited to installing themselves on Windows PCs, they also tend to modify more than one Web browser at the same time. Based on current data, malware experts can conclude that most popular Web-browsing products are at risk of being hijacked or subverted to promote YTDownloader advertisements.

Thankfully, security products that include capabilities designed to fight adware or other PUPs should be able to detect both YTDownloader and the bundles that could install YTDownloader. Scanning files before launching them is the most straightforward way to keep YTDownloader off of your browser, but if that fails, removing YTDownloader with a good anti-adware solution always is a commendable decision.

Aliases

MalSign.Skodna.A8D [AVG]

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to YTDownloader Virus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%SYSTEMDRIVE%\Users\<username>\AppData\Local\Installer\Install_28092\ytdiegut_gutdc_inst.exe

File name: ytdiegut_gutdc_inst.exe
Size: 2.43 MB (2435584 bytes)
MD5: b1ba95767114d426e96d2bda1f27d9fb
Detection count: 2,743
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Installer\Install_28092\ytdiegut_gutdc_inst.exe
Group: Malware file
Last Updated: September 13, 2024

C:\Users\<username>\AppData\Roaming\ZHP\Quarantine\Installer.VIR\Installiwebar_5516\DCytaiesmt_smtyc_setup.exe

File name: DCytaiesmt_smtyc_setup.exe
Size: 1.22 MB (1222640 bytes)
MD5: 736a89f0d253e85c821ff3849533b3ea
Detection count: 1,836
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\ZHP\Quarantine\Installer.VIR\Installiwebar_5516\DCytaiesmt_smtyc_setup.exe
Group: Malware file
Last Updated: February 22, 2022

%USERPROFILE%\Configuraci?n local\Datos de programa\Installer\Install_14384\DCytdiegut_gutdc_setup.exe

File name: DCytdiegut_gutdc_setup.exe
Size: 1.42 MB (1422824 bytes)
MD5: 355c864ab6372d085798abd8024cb0c0
Detection count: 719
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Configuraci?n local\Datos de programa\Installer\Install_14384
Group: Malware file
Last Updated: April 4, 2020

%ALLUSERSPROFILE%\YTD Video Downloader\ytd_installer.exe

File name: ytd_installer.exe
Size: 10.34 MB (10348152 bytes)
MD5: c87b70cf61c2642c8970bb566a1aa4fe
Detection count: 658
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\YTD Video Downloader
Group: Malware file
Last Updated: September 25, 2024

C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe

File name: ytdieamodc_amodc_inst.exe
Size: 770.56 KB (770560 bytes)
MD5: cca74db3b0403f0a55e5eff5e7c0b0a9
Detection count: 372
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Installer\Install_552\ytdieamodc_amodc_inst.exe
Group: Malware file
Last Updated: June 10, 2022

%LOCALAPPDATA%\Installer\Install_4757\DCytdieamo_amodc_setup.exe

File name: DCytdieamo_amodc_setup.exe
Size: 1.42 MB (1422824 bytes)
MD5: e69a572c549b925f48b6acc572ba34aa
Detection count: 368
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Installer\Install_4757
Group: Malware file
Last Updated: July 8, 2016

%LOCALAPPDATA%\YT-Downloader\ytdownloader\1.3.1.14\ytdownloader.exe

File name: ytdownloader.exe
Size: 284.16 KB (284160 bytes)
MD5: 6564e2fa9e4f58a1ed94e8a86882806f
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\YT-Downloader\ytdownloader\1.3.1.14
Group: Malware file
Last Updated: March 19, 2016

%ALLUSERSPROFILE%\smp2.exe

File name: smp2.exe
Size: 271.87 KB (271872 bytes)
MD5: 98beda4ae701cf346217d77b9ed40013
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 7, 2016

%PROGRAMFILES(x86)%\YouTube Downloader Services\v7\youtubeserv.exe

File name: youtubeserv.exe
Size: 2.96 MB (2965600 bytes)
MD5: feec38efa24da4bb1b2efecec42601ff
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\YouTube Downloader Services\v7
Group: Malware file
Last Updated: March 23, 2016

C:\Windows\System32\Menu.dll

File name: Menu.dll
Size: 442.42 KB (442422 bytes)
MD5: c9e8d7d525353825cbcb86c1e2449d9a
Detection count: 28
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Windows\System32\Menu.dll
Group: Malware file
Last Updated: July 28, 2022

%COMMONPROGRAMFILES%\System\SysMenu.dll

File name: SysMenu.dll
Size: 632.16 KB (632168 bytes)
MD5: 0c90bb770b9d39deb5194b52cca5066f
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %COMMONPROGRAMFILES%\System
Group: Malware file
Last Updated: March 26, 2016

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{020B1D4B-5738-4C77-9E19-4F173DD9B486}{1F79EB77-955D-47F5-9B73-A9CF4571C819}{22222222-2222-2222-2222-220322282250}{44444444-4444-4444-4444-440344284450}{4573D215-5247-44F1-8AD5-14DA283D3B41}{5252AC41-94BB-11D1-B2E7-444553540000}{55555555-5555-5555-5555-550355285550}{66666666-6666-6666-6666-660366286650}{6DC82D15-92F2-11D1-A255-00A0C932C7DF}{82351433-9094-11D1-A24B-00A0C932C7DF}{82351440-9094-11D1-A24B-00A0C932C7DF}File name without pathAbout YouTube Accelerator.urlhttp_download.ytddownloader.com_0.localstoragehttp_download.ytddownloader.com_0.localstorage-journalhttp_www.ytddownloader.com_0.localstoragehttp_www.ytddownloader.com_0.localstorage-journalwww.ytddownloader[1].xmlYouTube Downloader.exe.lnkYT-Conv.lnkytaiesmt_smtyc_setup.exeYTD Video Downloader.lnkytdieamodc_amodc_inst.exeytdiegut_gutdc_inst.exeytdkiemon_amodk_setup.exeYTDownloader.lnkRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%PROGRAMFILES(x86)%\ytd\YouTube Downloader.exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\[RANDOM CHARACTERS]www.ytddownloader.com[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\Installer_ytd%WINDIR%\System32\Tasks\SMWPUpd%WINDIR%\System32\Tasks\YTDownloader%WINDIR%\System32\Tasks\YTDownloaderUpd%WINDIR%\Tasks\YTDownloader.job%WINDIR%\Tasks\YTDownloaderUpd.jobHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\CrossriderApp0032850.BHOSOFTWARE\Classes\CrossriderApp0032850.BHO.1SOFTWARE\Classes\CrossriderApp0032850.SandboxSOFTWARE\Classes\CrossriderApp0032850.Sandbox.1SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ytddownloader.comSOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ytddownloader.comSoftware\GreenTree Applications\YTDSoftware\InstallPath\Status\YTDownloaderSOFTWARE\Microsoft\Internet Explorer\DOMStorage\ytddownloader.comSOFTWARE\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpdSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeSOFTWARE\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSoftware\pardeep_youtube_downloaderSOFTWARE\SearchModulePlusSOFTWARE\Wow6432Node\Microsoft\Tracing\YTDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloaderSOFTWARE\Wow6432Node\SearchModulePlusSOFTWARE\Wow6432Node\YTDownloaderSOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}Software\YTDownloaderSoftware\{DAF8B7E5-449D-4180-8281-10E536E597F2}SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet001\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet001\services\BrsHelperSYSTEM\ControlSet001\Services\sbmntrSYSTEM\ControlSet001\services\SMUpdSYSTEM\ControlSet001\services\SMUpddSYSTEM\ControlSet001\services\SMUpdPlusSYSTEM\ControlSet001\services\YTDUpdtSYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTRSYSTEM\ControlSet002\Enum\Root\LEGACY_SMUPDDSYSTEM\ControlSet002\services\BrsHelperSYSTEM\ControlSet002\Services\sbmntrSYSTEM\ControlSet002\services\SMUpdSYSTEM\ControlSet002\services\SMUpddSYSTEM\ControlSet002\services\SMUpdPlusSYSTEM\ControlSet002\services\YTDUpdtSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTRSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMUPDDSYSTEM\CurrentControlSet\services\BrsHelperSYSTEM\CurrentControlSet\Services\sbmntrSYSTEM\CurrentControlSet\services\SMUpdSYSTEM\CurrentControlSet\services\SMUpddSYSTEM\CurrentControlSet\services\SMUpdPlusSYSTEM\CurrentControlSet\services\YTDUpdtYTLoaderHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}YoY 1.00YT-ConvYTConvYTDownloader{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\Application Data\YTD Video Downloader%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%ALLUSERSPROFILE%\SearchModulePlus%ALLUSERSPROFILE%\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader%APPDATA%\Microsoft\Windows\Start Menu\Programs\YTDownloader%COMMONPROGRAMFILES%\GBUpdatePlus%COMMONPROGRAMFILES%\Goobzo\GBUpdatePlus%LOCALAPPDATA%\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%PROGRAMFILES%\GreenTree Applications\YTD Video Downloader%PROGRAMFILES%\Uploads Only for Youtube%PROGRAMFILES%\YT-Conv%PROGRAMFILES%\YTDownloader%PROGRAMFILES%\YoY%PROGRAMFILES%\YouTube Download Pool%PROGRAMFILES%\YouTube Downloader Services%PROGRAMFILES(x86)%\Uploads Only for Youtube%PROGRAMFILES(x86)%\YT-Conv%PROGRAMFILES(x86)%\YTDownloader%PROGRAMFILES(x86)%\YoY%PROGRAMFILES(x86)%\YouTube Download Pool%PROGRAMFILES(x86)%\YouTube Downloader Services%Temp%\YTDownloader%USERPROFILE%\Local Settings\Application Data\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1%USERPROFILE%\Start Menu\Programs\YTDownloader

One Comment

Will says:

December 17, 2014 at 12:53 pm

Just reset your computer to update date set before the program was installed