Do you know what Y2Go is?
If you have Y2Go on your PC, then you should know that it is not a reliable application by any stretch of the imagination. Our malware analysts have classified it as a potentially unwanted program set to perform some rather undesirable actions on your PC. What you get in exchange for that is nothing because, apart from performing the shady actions, this program does not do anything else. We recommend that you remove it from your PC, but note that its uninstaller does not delete all files, so you have to move them to the Recycle Bin manually.
Our research has revealed that this application is currently being distributed via third-party software installers. These installers come bundled with several additional applications, and one of them is Y2Go. The installers might not disclose their full contents and install their additional software automatically and without your knowledge or consent. You may encounter these bundled software installers on freeware distributing sites because such websites bundle their software to generate revenue. We have no information on any other distribution methods related to this particular program. So let us move on to how this particular application works.
According to our cyber security experts, Y2Go was designed to install a proxy server and configure your computer to send all web traffic through it. As a result, this program will monitor everything you submit to a website. Furthermore, it can inject a certificate on to your PC that allows this program to potentially keep tabs on all of your network communication without your knowledge. However, the extent of its information collection is not entirely known at this point. Interestingly, though the Y2Go certificate is used for the Chase.com banking website.
No, let us get into some technical details. According to our researchers, this program consists of many executable files that include dw_util.exe, taskutil.exe, uninstaller.exe, pt.exe, pt.exe, UrlHandler.exe, WebControl.exe, Y2Go.exe, and certutil.exe. All of them make up 3.91 MB (4099984 bytes) that make this application quite small indeed. All of these executables are placed in C:\Program Files (x86)\Y2Go which is the default location, but you can modify it when running the installer. Interestingly, the uninstaller leaves behind pt.exe, UrlHandler.exe, and Y2Go.exe. Also, the sample tested by our malware researchers did not have an uninstaller in Control Pane, but the one at C:\Program Files (x86)\Y2Go does not work fully.
We also want to point out that this program creates several registry keys that it leaves behind after you run the uninstaller. There key are include HKEY_CURRENT_USER\Software\Y2Go, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Y2Go, and HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\E478E08FA7CA554530E27AEDC9AB9EE58C259788. You should get rid of these registry keys as well even though they should not do anything without their associated files.
We hope that you found this article useful. As you can see, Y2Go is one highly unreliable application that performs rather shady actions on your PC. There is no telling what the extent of its information collection practices is or how the collected information is used. However, since it keeps tabs on you in secret, we recommend that you remove it from your computer as soon as the opportunity arises. You can make use of the instructions found below.
How to delete Y2Go
- Press Windows+E keys.
- Enter %PROGRAMFILES%\Y2Go or %PROGRAMFILES(x86)%\Y2Go in the address box.
- Press Enter.
- Locate dw_util.exe, taskutil.exe, uninstaller.exe, pt.exe, UrlHandler.exe, WebControl.exe, Y2Go.exe, and certutil.exe.
- Right-click them and click Delete.
- Empty the Recycle Bin.
Delete the registry keys
- Press Windows+R keys
- Type regedit in the box and click OK.
- Find and delete the following keys.
- Close the Registry Editor.
In non-techie terms:
Y2Go is a potentially unwanted program that performs several undesirable actions on your PC if you happen to get it accidentally as a result of installing a software bundle. It installs a server proxy to channel all web traffic through it and sets up a custom certificate as well. They are used to collect information about you Internet usage, but the purpose behind this action is unknown. In any case, you ought to remove it to keep your PC safe.