(Removal Guide) - Feb 2017 update Removal Guide

What is

Youndoo virus. How bad is it?

Youndoo virus was first detected in June 2016. Since then, it had its ups and downs while trying to become a popular headache of computer users. However, it seems that the virus is not done – security experts have just reported about the renewed activity of this browser hijacker[1]. Could 2017 year be the year of virus? We will see. Now you should take a look at dangers that it can cause on your computer. In the beginning it may look like a reliable search engine alternative and may trick you into thinking that it is as functional and secure as any other popular browsing tools. Unfortunately, that is far from the truth. The security experts deem Youndoo virus a for its peculiar quality of taking over browsers and setting its own web page as their primary search engines and home pages. What is more, the PUP is widely known for its redirect tendency which is not only annoying and disruptive but can sometimes have some very unpleasant impact on the PC. We will talk more in depth why this browsing tool should not be trusted and how to remove Youndoo from the system in the following sections of this article. As for those looking for a quick removal solution, we can recommend FortectIntego — a program which will ensure the full and removal of this potentially unwanted program.

The image displaying virus is a sneaky browser hijacker which enters computers without asking user's permission and creates fake Chrome and Firefox profiles to control the browser.

In comparison to other browser hijackers, say, which is overcrowded with unnecessary shopping and gaming platforms, Youndoo does not seem suspicious at all. Its style is specifically designed to create a sense of reliability. Nonetheless, this impression is instantly shattered once you start using this website as a regular search engine. First of all, you will notice its hideous tendency to drop you off on questionable domains [2]. It wouldn’t be such an annoying issue if not for its potential damage. In other words, redirect scope is not limited to advertising domains alone, but may include unreliable web pages with potentially malicious content as well. Thus, if the malware lurking out there infects your computer, your system programs may start malfunctioning or fake system error messages may begin popping up everywhere. Therefore, it would be wise to start Youndoo removal immediately.

In addition, collects specific non-personally identifiable information. In the site’s Privacy Policy, it is stated that the search engine compiles computer’s IP address, web browser type, the date and time of the request, the amount of data transferred, internet address, from where the site or file was retrieved or the desired function was requested, etc. This information is used for statistical purposes. Youndoo employs Google Analytics to process this data. The problem is that the website is supported by third-parties as well. Thus, if they get hold of the previously-mentioned data, your browser may be bombarded with customized and specifically targeted ads [3]. Consequently, the probability that you click on these pay-per-click [4] commercial offers doubles. The worst part is, while the owners of these ads receive a benefit, you get nothing. Another highly detested feature of Youndoo malware is that it employs additional software to help it with its shady activities. Alternatively called “helper objects,” these programs are primarily responsible for fortifying the position of the hijacker on the computer. As a result of their activity, you might encounter difficulties removing the hijacker from the first attempt. Since these files are scatter across the system, uninstalling Youndoo from the primary browser settings is not enough to completely banish this virus from the computer. In addition, they might also create loopholes for other unnecessary browser extensions and plug-ins to secretly enter and settle on the computer.

Update October 2016: Hijacker now creates a fake Chrome profile

Youndoo developers do not step back and continue to improve the hijacker by introducing another feature which help to place and keep this shady marketing platform on the infected browser’s homepage. This feature involves creating a fake Google Chrome profile and running all of the Internet traffic through it [5]. Not to look too suspicious, the hijacker transfers some of the users’ original content, such as extensions and browsing history to the new profile, but replaces the default search engine and homepage with Besides, this new alteration also prevents the users from changing the undesirable settings back to the regular ones, even if the new profile is deleted. Instead, hijacker reappears every time the browser is rebooted. To find our whether your browser is not manipulated by this sneaky infection, you should go to the browser’s setting and pay attention to the section “People.” A legitimate Google Chrome profile will feature a blue users’ icon with your chosen name or “Person1” if you are not logged in. The fake profile will most likely go under a name “user0” which will appear next to the current user. Plus, you will notice that the icon is grey instead of the regular blue. You should react immediately if you notice such changes and initiate an antivirus scan.

Update February 2017: virus is caught creating additional Firefox profiles

Just a few months ago, Youndoo began terrorizing Chrome users by creating fake profiles on this web engine and gaining control over its settings. It seems that now the hackers have turned their full attention to Mozilla Firefox. It sticks to its old ways of creating additional profiles and typically labels them as “Firefox Default” [red en-6]. In a way, this makes it easier to remove the virus, since you simply have to delete the undesirable profile from the list of profiles and setting “default” one instead. Unfortunately, this is not the only addition that Youndoo creators have implemented to the newest version of this malware. The virus is now able to Schedule Tasks that will automatically run every couple of hours, downloading updates or reinstalling the virus after attempts of removal. It might be difficult to notice such processes because the virus will try to run them silently in the background of your system. Thus, you can make yourself feel more secure by running regular scans of your system and allowing antivirus utilities to take care of the potentially malicious components automatically.

Methods of browser hijacker distribution:

This program spreads using software bundling technique, so when you are about to install new software, opt for “Custom/Advanced” settings. Only when you are sure that no attachments are pre-marked, finish the installation. Lastly, taking a glance at privacy policies and reading user reviews might also be useful in identifying whether this search engine is reliable or not. Please do not blindly rely on recommended installation settings (“Default/Standard/Basic”), because you might miss these offers and lose the opportunity to reject them.

Another suspicious method that helps to implement hijack is called DLL hijacking. This method has been discovered in August 2016. It appears that this browser hijacker is being distributed in the form of a bogus Wtsapi32.dll file, which originally is an essential system file, which is required to load a web browser fully. When this browser hijacker drops a fake Wtsapi32.dll file in browser’s folder, Windows loads it, but not the original file that is located in C:\Windows\System32 folder. This DLL file alters Windows Registry and makes the browser open a specified web page instead of default one. To fix this problem, the user needs to remove the wtsapi32.dll file from Google Chrome, Mozilla Firefox, and other affected browser’s application folders. That can also be done using malware removal programs.

Tactics that will help you remove hijacker in no time:

To remove Youndoo virus from your computer within few minutes, you should choose automatic removal option and install an anti-spyware program. To make sure that it protects you from other PUPs and viruses, we recommend updating it regularly. Keep in mind that a proper security program is not only necessary but also vital to the general protection of your computer. However, if you don’t want to install additional software on your computer, you can also perform manual removal procedure on your computer. Make sure you go through each removal step carefully to prevent the reappearance of this browser hijacker.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Follow these steps

Uninstall from Windows

Though it might seem rational to remove fake Chrome profile from your infected browser first, this step is not necessary. The fake profile can be eliminated by resetting the browser. But don’t forget that you have to delete the hijacker from your computer first. As we have mentioned, the virus runs on a fake Wtsapi32.dll file which you have to terminate in order to stop the virus resetting your homepage and default search engine. Please NOTE that you should be very careful not to delete the legitimate system file that goes by the same title! You should investigate the virus description before you do that and, ideally, scan the file with an antivirus scanner. In Add/Remove programs list, you should also look for an entries called youndoo – Uninstall, youndoo 1.0, or similar ones, and delete them.

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

In case your Mac OS X has been infected with and you see “user0” profile has replaced your regular Chrome profile, you shouldn’t rush eliminating this new profile from your browser directly. Instead, look through your recently installed programs, delete software that looks suspicious (youndoo – Uninstall, youndoo 1.0 or similar applications) and reset your browser. The instructions below will explain how this should be done step-by-step.

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

To remove the fake Youndoo profile from your Mozilla Firefox browser you should first terminate every process that is running on your computer and then open the Run box by simultaneously pressing R and Windows keys. In the command window enter Firefox -P which will then open Firefox profile manager. In the new window select “Firefox Default” and click Delete Profile. In the pop-up window, select the option “Delete files”. When you are back on the profile choosing window, select “default” or your preferred profile and mark the box saying “Use the selected profile without asking at startup”. Finally, hit the Start Firefox button. The browser should open your chosen profile and settings. If these steps don’t help you reset your browser, you should follow the instructions presented below.

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

To reset the regular settings of your Google Chrome, enter the Chrome’s settings panel and find the section labeled “People” under this section, you will see all profiles that have been created on your browser. You should select the entry called user0 and delete it. Then, unmark the section which “Allow anyone add a person to Chrome” and select your preferred profile as your default one.  

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting stealing programs

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

Removal guides in other languages