v9.com

By GoldSparrow in Browser Hijackers

Threat Scorecard

Ranking: 1,767
Threat Level: 50 % (Medium)
Infected Computers: 92,953
First Seen: February 15, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

v9.com Image

v9.com redirects can also be caused by a severe Trojan or rootkit infection infecting your operating system and not limited to your web browser. The most common symptom of these kinds of problems is constant redirects to the v9.com website in which your web browser forces you to visit this website repeatedly against your will. ESG security researchers strongly advise using an appropriate anti-malware tool to remove all malware that may be causing these kinds of redirects

Browser hijackers are malware infections designed to force your web browser to visit websites like v9.com against your will. A browser hijacker infection interferes severely with your normal activities, making it very difficult to browse the Web normally or use your computer for other tasks. Malware associated with v9.com will also make unauthorized changes to your web browser's settings. For example, you may find that your search engine and bookmarks have been changed to unknown websites, including v9.com. Your homepage will also have been changed to v9.com. Trying to undo these changes is useless unless the infection causing them is removed. The changes will remain when the infected web browser starts up again. v9.com redirects will often occur following a search executed on a genuine search engine as a way to trick inexperienced computer users into exposing themselves to sponsored search results on v9.com.

Sources of Browser Hijackers Responsible for v9.com Redirects

Most computer users affected by v9.com redirects will have installed a malicious toolbar associated with this website. This toolbar is often bundled with freeware applications, and it is often possible to opt out during the installation process. However, careless installation of freeware programs may result in this toolbar being installed without your consent. It is also possible to become infected with browser hijackers associated with v9.com after visiting unsafe websites or opening unsolicited email attachments. Because of this, ESG malware researchers recommend using a dependable anti-malware program to protect your computer, avoiding unsafe websites (such as file sharing networks and pornographic websites) and never opening unsolicited email attachments. It is also preferable to avoid installing freeware programs that require installing a toolbar on your computer. There are often better free alternatives that do not require installing adware or browser hijackers and malicious toolbars.

SpyHunter Detects & Remove v9.com

File System Details

v9.com may create the following file(s):
# File Name MD5 Detections
1. MailUpdate.exe 52fb17403005a864420f7c3087f6bfca 4,458
2. mailUpdate.exe 2c0fcc30756db620a11306cc79d2c024 3,163
3. MailUpdate.exe 57d1e8d051f7bf95ee053c2c76bc1ddc 497
4. MailUpdate.exe 7a39632bfe946198514bb5fdc5bc0740 427
5. MailUpdate.exe b61b445e0e1b86c4a8cdad11ebb45b95 174
6. MailUpdate.exe 4f6a1dfd4516f5867f1de81ea8c47bee 89
7. mailUpdate.exe bfa913e38b0d4ab800623bca16ac51e4 70
8. v9 dd2373d237be64c5f7eeb058c937f064 35
9. v9loader.dll 1c714636b6530503a7db61a13e0b119c 31
10. MailUpdate.exe dd576f758b94ca359c5cb5427e1d74ba 27
11. V9Loader.dll 9d698674d936bc268a448bd7743da660 22
12. mailUpdate.exe 9506d7c0b2c0ca605cd3a135795e6843 19
13. newtabs.exe 4c5a12a6133f9150acd8003ed6ba77a9 14
14. mailUpdate.exe 82761729a7e9050c9994c84d18ba67a3 10
15. newtabs.exe ad9586fb316b4c67298609402952f76a 6
16. mailUpdate.exe 97cac3d0dd4df542c16102b0e52119f1 3
17. mailUpdate.exe 8d4f60990518a60c1921a1b96c3f3221 3
18. llynew_v9.exe 2f20dca2ea38d22377a8feafa087a550 2
19. v9loader.dll 195c7a46dd2ae82f4b9e0589cd6df4e5 2
20. mailUpdate.exe 2752182b671bc1b6ec3d4a78d9fa3d79 2
21. mailUpdate.exe a8e6af6f223aa5467006814962d3d07f 2
22. mailUpdate.exe 2f6653f0196ac362e110711118bfda92 2
23. mailUpdate.exe 13f9a7f84da143d2f8f8eafa221fd790 2
24. MailUpdate.exe e9fcf5bc8d24873a4d7fcf83ab251e29 1
25. Newtabs_v9.dll 0bfe35fccd3c784d558672fd58b074b6 1
26. v9loader.dll 461e5d6ae759262ad81b75f0df1759ae 1
27. MailUpdate.exe 931a6b06d958af1adb18b870421ce358 1
More files

Registry Details

v9.com may create the following registry entry or registry entries:
CLSID
{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}
{742E70CF-7770-412d-86CB-230B322E807C}
{967CD81E-A11D-4706-AC78-8F17C8677B2A}
{DF35E8DC-7F5D-4503-B201-7239A46BEE20}
{E7A19171-B1FA-460B-84A8-557C70A925CF}
{F386E548-C533-472E-8C61-C026FB14FEA9}
File name without path
http_pl.v9.com_0.localstorage
http_pl.v9.com_0.localstorage-journal
http_www.v9.com_0.localstorage
http_www.v9.com_0.localstorage-journal
V9 player.lnk
V9.lnk
www.v9[1].xml
Regexp file mask
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx
%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx
%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml
%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx
%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml
%TEMP%\V9._[NUMBERS]_[NUMBERS].exe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx
%WINDIR%\system32\v9-toolbar.dll
%WINDIR%\system32\v9loader.dll
%WINDIR%\SysWOW64\v9-toolbar.dll
%WINDIR%\SysWOW64\v9loader.dll
SOFTWARE\Classes\AppID\V9Loader.DLL
SOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1
SOFTWARE\Classes\V9Loader.BHOLoader
SOFTWARE\Classes\V9Loader.BHOLoader.1
Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.com
Software\Microsoft\Internet Explorer\DOMStorage\v9.com
Software\Microsoft\Internet Explorer\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}
SOFTWARE\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}
SOFTWARE\v9magic
SOFTWARE\V9Software
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Wow6432Node\v9magic
SOFTWARE\Wow6432Node\V9Software

Directories

v9.com may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player
%AppData%\v9
%PROGRAMFILES%\v9Soft
%PROGRAMFILES(x86)%\v9Soft
%TEMP%\v9_Downloader
%temp%\V9Zip_000

URLs

v9.com may call the following URLs:

.v9.com
http://v9.com/
v9search.com

2 Comments

oh my goodness, THANK YOU SO MUCH! i have recently bought my new laptop because of a similar virus and was totally horrified when these windows kept popping up!! I'm sooo glad that you were able to help me get rid of it!! Thanks again!!

thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my problem!! Provide me information to know how i will be able to know that my system get infected once again by same virus???

Related Posts

Trending

Most Viewed

Loading...