Yandex Rescue Tool

When you download torrent clients, add-ons, and other programs from suspicious sites with unlicensed content, unwanted programs can be installed on your computer without your knowledge. They aren't viruses, but they can reduce the browser speed, install additional toolbars without your consent, and redirect you to fraudulent, phishing, or advertising pages.

Yandex Browser has a built-in Yandex Rescue Tool that automatically collects data about unwanted software in your OS and offers to delete it. Gathering statistics helps your browser detect if you have unwanted software in your system. These statistics do not infringe on your data privacy.

Alert

Yandex Browser prevents certain widespread internet-based threats, but it is not a full-fledged antivirus program. However, Protect technology protects against computer threats that antivirus programs do not block. We recommend using both for full protection.

How to enable it

The utility is disabled by default. To enable it:

  1. Click  → Settings.
  2. Go to Security at the top of the page.
  3. Under Threat security, enable the Automatically neutralize threats in background mode option.

The utility scans and deletes folders, registry files, scheduler tasks, and drivers once a day. You can view the results in the scan report. If Yandex Rescue Tool couldn't neutralize a threat, you'll receive the error code and you'll be offered to contact support.

If you can't find the Automatically neutralize threats in background mode option:

  1. Go to browser://components
  2. Find RescueTool and click Check for update.
  3. When the Status line reads Component already up to date, the option becomes available in the Security tab.

To run an unscheduled scan:

  1. Click  → Settings.
  2. Go to Security at the top of the page.
  3. Under Threat security, click Scan now next to the Remove threats automatically in the background option.

Threat types

Modified system launch parameters (StartPage)

Unwanted software adds an address to the system registry for an advertising site that imitates a popular online service. The key containing the address is added to the section where legal software is registered for auto-start.

As a result, whenever you restart your computer, your default browser opens the advertised site.

Driver filter that displays unwanted content (Fake NetFilter)

The Driver filter intercepts internet traffic to display intrusive and disturbing ads in the browser, open ad tabs, send users to unwanted sites, and steal their personal data.

Warning

The driver filter works regardless of what browser you use and even when the browser is closed.

DNS substitution (Infected DNS)

An unwanted program changes DNS settings.

Normally, when you open a page, the browser sends a request specifying the domain to a special DNS server. The DNS server returns a response with the appropriate IP address.

Unwanted software replaces the DNS server address in the system settings. As a result, all requests are sent to a different server, which will redirect users to fraudulent, phishing, or advertising sites.

Browser shorcut modification (Infected LNK)

The unwanted program changes the browser launch shortcut by adding additional parameters (usually a site address) or launches another app instead of the browser. As a result, each time you launch the browser, it displays ad pages.

An unwanted site opens on browser startup

Another application opens instead of the browser

Infected Hosts

The hosts system file located in the C:\Windows\System32\drivers\etc folder contains a list of website domain addresses and their corresponding IP addresses. Malicious programs can write fake addresses to the hosts file, block access to popular sites, redirect users to phishing pages, or disable browsers' security functions.

Unwanted software that modifies traffic (PBot)

The unwanted program launches every time an infected computer is turned on and tracks apps that the user launches. When the user opens one of the browsers, the malicious software embeds its code in the browser process to redirect the user to an advertising or phishing page, change their default search settings, and steal the user's personal data.

Unwanted browser extensions

The program installs malicious extensions that open advertising tabs, display intrusive or disturbing ads, or steal user's personal data without the user's knowledge.

Antiviruses are not very good at recognizing malicious extensions. This is because all extensions operate within a browser and do not affect the computer’s operating system.

We recommend installing extensions from the Opera Add-ons or Chrome Web Store online stores, where extensions are checked to ensure they're safe.

<,span,class="button",>Contact support
Previous
Extensions security
Next
Protected mode