Youndoo

The search engine we have come to know as Youndoo is not a search engine at all. Our research has revealed that it is a mere browser hijacker that enters a PC via malicious installers. For this reason, alone we recommend that you remove it. However, there is more to this infection than meets the eye. It must be said that this hijacker is part of a web monetization campaign which means that it is set to show advertisements, but they are shown as links in the search results. Furthermore, it is configured to collect information about you and your Internet usage automatically, but before we delve into that, let us start off with its origins.

You do not have to look any further than its clones to know that it comes from a shady background. Our research has shown that Youndoo has numerous clones that include names such as Dozensearch.com, Search.startjoysearch.com, and YesSearches.com. Evidently, all of them come from the same development group that does not indicate its brand name on its browser hijackers. The fact that the entity that developed this and other hijackers do not sign them is an indication that they are up to no good. This is illustrated by the way this malicious search engine is distributed.

Distribution methods are crucial when determining whether a search engine is a browser hijacker or not. If a given distribution channel does not impose a search engine on the users without their consent, but honestly offers them to install it at their will, then that search engine is not malicious. However, if a distribution channel I set to impose a search engine without asking the user, then it is a clear-cut case of a browser hijacker. In the case of Youndoo, we found that it comes in malicious software bundles that inject it into a web browser automatically, without giving you the opportunity to opt out. The malicious installers it comes with are probably featured on not so legitimate software sharing websites that are constantly changed.

Our research has revealed that this browser hijacker is compatible with Google Chrome and Mozilla Firefox, but modifies them in a slightly different way due to the nature of the web browsers. Testing has shown that it changes the homepage address of Firefox while it replaces the search engine and new tab page of Chrome. Once it has hijacked your browser’s settings it can start its advertising campaign. Unsurprisingly, we have discovered that it redirects the search queries to Google.com which is a legitimate search engine. However, we think that its domain might modify the presented search results to include additional advertisements that may be unreliable.

Furthermore, Youndoo is set to collect information about you. As stated in its Privacy Policy, “Every time a user accesses our website and every time a file is retrieved, data concerning this event are automatically stored on our web server in a log file and processed.” The collected information includes IP address, date, and time of the request, requested page/name of the file retrieved, the amount of data transferred, internet address, from where the site or file was retrieved, and web browser used. All of this information is used to advance the cause of the web monetization campaign and generate income. This information allows this hijacker to inject more relevant advertising in the search results which increases the amount of revenue made, but you need to click the links for the developers to generate that income.

So as you can see, this self-proclaimed search engine is a browser hijacker that is set to hijack your web browser’s settings and subject you to promotional links, and there is no telling whether the links do not include shady websites. So you should remove Youndoo, but you might encounter problems because even though you can uninstall it from Control Panel, it only renames its .dll file to .dllez7. You should look for this file in a randomly named folder in C:\Program Files (x86) or C:\Program Files. In addition to manually deleting the contents of its folder, you should also remove its registry keys. Please refer to the instructions below for more information. Note that the name of the hijacker in Control Panel is randomized.

How to remove Youndoo from Control Panel

Windows 10

1. Press Win+X and open Programs and Features.
2. Find the application, double-click it and click Uninstall.

Windows 8 and 8.1

1. Press the Win+R keys.
2. Type Control Panel in the dialog box and click OK.
3. Select Uninstall a program.
4. Find the program and click the Uninstall button.

Windows 7 and Vista

1. Open the Start menu and click Control Panel.
2. Select Uninstall a program.
3. Find the unwanted application and double-click on it and click Uninstall.

Windows XP

1. Open the Start menu and click Control Panel.
2. Open Add or Remove Programs.
3. Find the software and click Remove.

Delete files and registry keys manually

1. Press the Win+E keys.
2. Enter C:\Program Files (x86) or C:\Program Files in the address bar.
3. Locate Youndoo’s folder (e.g. Plunasystagedom)
4. Delete the folder.
5. Close File Explorer and press Win+R keys.
6. Enter regedit in the box and click OK.
7. Go to the following keys and delete them.

• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BB328F8-6CAF-4181-BA0F-62563CE5CC87}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BB328F8-6CAF-4181-BA0F-62563CE5CC87}

Note that the {9BB328F8-6CAF-4181-BA0F-62563CE5CC87} ID number may vary, so we suggest searching for strings that contain the name Youndoo.