Y2Go

Y2Go was classified as a potentially unwanted program whose developers have opted for rather dishonest methods to distribute it. However, the worst part about this application has got to be its ability to set up a proxy server to funnel web traffic and install la certificate that grants this program certain privileges. Therefore, we believe that it would be wise to remove this program from your computer entirely. In this article, we will discuss the technical aspects of this program, as well as its distribution methods. For more information, please continue reading.

Let us just jump right into how this application works because it is vital to know how this program can jeopardize your computer’s security. We have found that Y2Go was configured to install a proxy server and makes your PC send all web traffic through it. Consequently, all web traffic is sent through. Furthermore, this application sets a certificate that could allow this program collect all information you submit to a website. So this program can keep tabs on you secretly with is undesirable since there is no telling what information is gathered and how it is used. We have found that the Y2GO certificate is used for the Chase.com banking site. Without a doubt, there is something very wrong with this application because it works in the background and it offers nothing useful to the end-user.

We have found that this program is made up of many executable files. This program consists of certutil.exe, Y2Go.exe, WebControl.exe, UrlHandler.exe, pt.exe, uninstaller.exe, taskutil.exe, dw_util.exe which are placed in C:\Program Files (x86)\Y2Go and %PROGRAMFILES%\Y2Go. The main executable is Y2Go.exe which takes around 2.10 MB while the total added size of all files is 3.91 MB. If you run the executable uninstaller.exe, then it will delete some files, but not all of them. It is set to leave pt.exe, UrlHandler.exe, and Y2Go.exe. Furthermore, this application is set to leave registry keys that include HKEY_CURRENT_USER\Software\Y2Go, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Y2Go, and HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\E478E08FA7CA554530E27AEDC9AB9EE58C259788. You ought to delete these registry keys even though they do not do anything after their associated files are gone.

Now let us talk about how this ransomware is being distributed. We have discovered that this particular application is being distributed via shady bundled software installers. It is said that these installers can install Y2Go onto your PC without your knowledge or consent which is a huge red flag as far as trustworthiness is concerned. Take note that the installers might hide the presence of Y2Go and other software, so you have to opt for advanced or custom installation settings.

However, if you already have this program on your PC, then you ought to remove it as soon as you can. There is no telling what information this program is capable of obtaining and there is no way of knowing whether it will be used for illicit purposes. Furthermore, this program is distributed in a dishonest way, so you might have gotten it on your PC accidentally. If you want to get rid of it, then you can use the guide below on how to delete all of the executables manually.

Manual Removal Guide

1. Press Windows+E keys.
2. Enter %PROGRAMFILES%\Y2Go and then %PROGRAMFILES(x86)%\Y2Go in the address box.
3. Press Enter.
4. Find dw_util.exe, taskutil.exe, uninstaller.exe, pt.exe, UrlHandler.exe, WebControl.exe, Y2Go.exe, and certutil.exe.
5. Right-click them and click Delete.
6. Empty the Recycle Bin.
7. Press Windows+R keys
8. Type regedit in the box and click OK.
9. Find following keys.
   • HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\E478E08FA7CA554530E27AEDC9AB9EE58C259788
   • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Y2Go
   • HKEY_CURRENT_USER\Software\Y2Go
10. Right-click them and click Delete.
11. Close the Registry Editor