v9.com

By GoldSparrow in Browser Hijackers

Translate To:

Threat Scorecard

Ranking:	1,767
Threat Level:	50 % (Medium)
Infected Computers:	92,953

First Seen:	February 15, 2013
Last Seen:	September 20, 2023
OS(es) Affected:	Windows

v9.com Image

v9.com redirects can also be caused by a severe Trojan or rootkit infection infecting your operating system and not limited to your web browser. The most common symptom of these kinds of problems is constant redirects to the v9.com website in which your web browser forces you to visit this website repeatedly against your will. ESG security researchers strongly advise using an appropriate anti-malware tool to remove all malware that may be causing these kinds of redirects

Browser hijackers are malware infections designed to force your web browser to visit websites like v9.com against your will. A browser hijacker infection interferes severely with your normal activities, making it very difficult to browse the Web normally or use your computer for other tasks. Malware associated with v9.com will also make unauthorized changes to your web browser's settings. For example, you may find that your search engine and bookmarks have been changed to unknown websites, including v9.com. Your homepage will also have been changed to v9.com. Trying to undo these changes is useless unless the infection causing them is removed. The changes will remain when the infected web browser starts up again. v9.com redirects will often occur following a search executed on a genuine search engine as a way to trick inexperienced computer users into exposing themselves to sponsored search results on v9.com.

Table of Contents

Sources of Browser Hijackers Responsible for v9.com Redirects

Most computer users affected by v9.com redirects will have installed a malicious toolbar associated with this website. This toolbar is often bundled with freeware applications, and it is often possible to opt out during the installation process. However, careless installation of freeware programs may result in this toolbar being installed without your consent. It is also possible to become infected with browser hijackers associated with v9.com after visiting unsafe websites or opening unsolicited email attachments. Because of this, ESG malware researchers recommend using a dependable anti-malware program to protect your computer, avoiding unsafe websites (such as file sharing networks and pornographic websites) and never opening unsolicited email attachments. It is also preferable to avoid installing freeware programs that require installing a toolbar on your computer. There are often better free alternatives that do not require installing adware or browser hijackers and malicious toolbars.

SpyHunter Detects & Remove v9.com

File System Details

v9.com may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	MailUpdate.exe	52fb17403005a864420f7c3087f6bfca	4,458
Name: MailUpdate.exe MD5: 52fb17403005a864420f7c3087f6bfca Size: 759.8 KB (759808 bytes) Detections: 4,458 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\MailUpdate\MailUpdate.exe Group: Malware file Last Updated: May 26, 2021
2.	mailUpdate.exe	2c0fcc30756db620a11306cc79d2c024	3,163
Name: mailUpdate.exe MD5: 2c0fcc30756db620a11306cc79d2c024 Size: 764.41 KB (764416 bytes) Detections: 3,163 Type: Executable File Path: C:\ProgramData\MailUpdate\mailUpdate.exe Group: Malware file Last Updated: September 1, 2023
3.	MailUpdate.exe	57d1e8d051f7bf95ee053c2c76bc1ddc	497
Name: MailUpdate.exe MD5: 57d1e8d051f7bf95ee053c2c76bc1ddc Size: 759.8 KB (759808 bytes) Detections: 497 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\MailUpdate\MailUpdate.exe Group: Malware file Last Updated: January 22, 2022
4.	MailUpdate.exe	7a39632bfe946198514bb5fdc5bc0740	427
Name: MailUpdate.exe MD5: 7a39632bfe946198514bb5fdc5bc0740 Size: 764.41 KB (764416 bytes) Detections: 427 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\MailUpdate\MailUpdate.exe Group: Malware file Last Updated: August 27, 2023
5.	MailUpdate.exe	b61b445e0e1b86c4a8cdad11ebb45b95	174
Name: MailUpdate.exe MD5: b61b445e0e1b86c4a8cdad11ebb45b95 Size: 759.8 KB (759808 bytes) Detections: 174 Type: Executable File Path: C:\Documents and Settings\<username>\Datos de programa\MailUpdate\MailUpdate.exe Group: Malware file Last Updated: October 31, 2022
6.	MailUpdate.exe	4f6a1dfd4516f5867f1de81ea8c47bee	89
Name: MailUpdate.exe MD5: 4f6a1dfd4516f5867f1de81ea8c47bee Size: 1.29 MB (1298432 bytes) Detections: 89 Type: Executable File Path: %APPDATA%\MailUpdate Group: Malware file Last Updated: January 13, 2015
7.	mailUpdate.exe	bfa913e38b0d4ab800623bca16ac51e4	70
Name: mailUpdate.exe MD5: bfa913e38b0d4ab800623bca16ac51e4 Size: 721.04 KB (721048 bytes) Detections: 70 Type: Executable File Path: %ALLUSERSPROFILE%\MailUpdate Group: Malware file Last Updated: January 13, 2015
8.	v9	dd2373d237be64c5f7eeb058c937f064	35
Name: v9 MD5: dd2373d237be64c5f7eeb058c937f064 Size: 1.46 MB (1469368 bytes) Detections: 35 Path: C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9 Group: Malware file Last Updated: September 22, 2022
9.	v9loader.dll	1c714636b6530503a7db61a13e0b119c	31
Name: v9loader.dll MD5: 1c714636b6530503a7db61a13e0b119c Size: 434.08 KB (434080 bytes) Detections: 31 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: April 9, 2016
10.	MailUpdate.exe	dd576f758b94ca359c5cb5427e1d74ba	27
Name: MailUpdate.exe MD5: dd576f758b94ca359c5cb5427e1d74ba Size: 557.56 KB (557568 bytes) Detections: 27 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\MailUpdate\MailUpdate.exe Group: Malware file Last Updated: February 26, 2023
11.	V9Loader.dll	9d698674d936bc268a448bd7743da660	22
Name: V9Loader.dll MD5: 9d698674d936bc268a448bd7743da660 Size: 434.08 KB (434080 bytes) Detections: 22 Type: Dynamic link library Path: C:\Users\<username>\AppData\Local\Temp\V9Loader.dll Group: Malware file Last Updated: January 12, 2023
12.	mailUpdate.exe	9506d7c0b2c0ca605cd3a135795e6843	19
Name: mailUpdate.exe MD5: 9506d7c0b2c0ca605cd3a135795e6843 Size: 241.3 KB (241304 bytes) Detections: 19 Type: Executable File Path: %ALLUSERSPROFILE%\MailUpdate Group: Malware file Last Updated: January 13, 2015
13.	newtabs.exe	4c5a12a6133f9150acd8003ed6ba77a9	14
Name: newtabs.exe MD5: 4c5a12a6133f9150acd8003ed6ba77a9 Size: 263.04 KB (263048 bytes) Detections: 14 Type: Executable File Path: %PROGRAMFILES%\newtabs\newtabs.exe Group: Malware file Last Updated: August 2, 2023
14.	mailUpdate.exe	82761729a7e9050c9994c84d18ba67a3	10
Name: mailUpdate.exe MD5: 82761729a7e9050c9994c84d18ba67a3 Size: 786.94 KB (786944 bytes) Detections: 10 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data\MailUpdate Group: Malware file Last Updated: January 13, 2015
15.	newtabs.exe	ad9586fb316b4c67298609402952f76a	6
Name: newtabs.exe MD5: ad9586fb316b4c67298609402952f76a Size: 261.03 KB (261032 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES(x86)%\newtabs Group: Malware file Last Updated: October 22, 2014
16.	mailUpdate.exe	97cac3d0dd4df542c16102b0e52119f1	3
Name: mailUpdate.exe MD5: 97cac3d0dd4df542c16102b0e52119f1 Size: 767.48 KB (767488 bytes) Detections: 3 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data\MailUpdate Group: Malware file Last Updated: January 13, 2015
17.	mailUpdate.exe	8d4f60990518a60c1921a1b96c3f3221	3
Name: mailUpdate.exe MD5: 8d4f60990518a60c1921a1b96c3f3221 Size: 786.94 KB (786944 bytes) Detections: 3 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data\MailUpdate Group: Malware file Last Updated: January 13, 2015
18.	llynew_v9.exe	2f20dca2ea38d22377a8feafa087a550	2
Name: llynew_v9.exe MD5: 2f20dca2ea38d22377a8feafa087a550 Size: 689.8 KB (689808 bytes) Detections: 2 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: December 25, 2020
19.	v9loader.dll	195c7a46dd2ae82f4b9e0589cd6df4e5	2
Name: v9loader.dll MD5: 195c7a46dd2ae82f4b9e0589cd6df4e5 Size: 93.11 KB (93112 bytes) Detections: 2 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: April 9, 2016
20.	mailUpdate.exe	2752182b671bc1b6ec3d4a78d9fa3d79	2
Name: mailUpdate.exe MD5: 2752182b671bc1b6ec3d4a78d9fa3d79 Size: 715.26 KB (715264 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\MailUpdate Group: Malware file Last Updated: January 13, 2015
21.	mailUpdate.exe	a8e6af6f223aa5467006814962d3d07f	2
Name: mailUpdate.exe MD5: a8e6af6f223aa5467006814962d3d07f Size: 786.94 KB (786944 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\MailUpdate Group: Malware file Last Updated: January 13, 2015
22.	mailUpdate.exe	2f6653f0196ac362e110711118bfda92	2
Name: mailUpdate.exe MD5: 2f6653f0196ac362e110711118bfda92 Size: 779.77 KB (779776 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data\MailUpdate Group: Malware file Last Updated: January 13, 2015
23.	mailUpdate.exe	13f9a7f84da143d2f8f8eafa221fd790	2
Name: mailUpdate.exe MD5: 13f9a7f84da143d2f8f8eafa221fd790 Size: 787.45 KB (787456 bytes) Detections: 2 Type: Executable File Path: %ALLUSERSPROFILE%\MailUpdate Group: Malware file Last Updated: January 13, 2015
24.	MailUpdate.exe	e9fcf5bc8d24873a4d7fcf83ab251e29	1
Name: MailUpdate.exe MD5: e9fcf5bc8d24873a4d7fcf83ab251e29 Size: 557.05 KB (557056 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\MailUpdate Group: Malware file Last Updated: January 13, 2015
25.	Newtabs_v9.dll	0bfe35fccd3c784d558672fd58b074b6	1
Name: Newtabs_v9.dll MD5: 0bfe35fccd3c784d558672fd58b074b6 Size: 60.92 KB (60928 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: October 22, 2014
26.	v9loader.dll	461e5d6ae759262ad81b75f0df1759ae	1
Name: v9loader.dll MD5: 461e5d6ae759262ad81b75f0df1759ae Size: 434.1 KB (434104 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: April 9, 2016
27.	MailUpdate.exe	931a6b06d958af1adb18b870421ce358	1
Name: MailUpdate.exe MD5: 931a6b06d958af1adb18b870421ce358 Size: 792.06 KB (792064 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\MailUpdate Group: Malware file Last Updated: January 13, 2015

More files

Registry Details

v9.com may create the following registry entry or registry entries:

CLSID

{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}

{742E70CF-7770-412d-86CB-230B322E807C}

{967CD81E-A11D-4706-AC78-8F17C8677B2A}

{DF35E8DC-7F5D-4503-B201-7239A46BEE20}

{E7A19171-B1FA-460B-84A8-557C70A925CF}

{F386E548-C533-472E-8C61-C026FB14FEA9}

File name without path

http_pl.v9.com_0.localstorage

http_pl.v9.com_0.localstorage-journal

http_www.v9.com_0.localstorage

http_www.v9.com_0.localstorage-journal

V9 player.lnk

V9.lnk

www.v9[1].xml

Regexp file mask

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx

%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx

%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml

%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml

%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx

%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml

%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml

%TEMP%\V9._[NUMBERS]_[NUMBERS].exe

%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx

%WINDIR%\system32\v9-toolbar.dll

%WINDIR%\system32\v9loader.dll

%WINDIR%\SysWOW64\v9-toolbar.dll

%WINDIR%\SysWOW64\v9loader.dll

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\V9Loader.DLL

SOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}

SOFTWARE\Classes\V9_ToolBar.V9_ToolBar

SOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1

SOFTWARE\Classes\V9Loader.BHOLoader

SOFTWARE\Classes\V9Loader.BHOLoader.1

Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.com

Software\Microsoft\Internet Explorer\DOMStorage\v9.com

Software\Microsoft\Internet Explorer\DOMStorage\www.v9.com

Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com

Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}

SOFTWARE\Microsoft\Tracing\V9_RASAPI32

SOFTWARE\Microsoft\Tracing\V9_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}

SOFTWARE\v9magic

SOFTWARE\V9Software

SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Wow6432Node\v9magic

SOFTWARE\Wow6432Node\V9Software

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

v9 uninstall

v9 uninstaller

V9Software

Directories

v9.com may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player

%AppData%\v9

%PROGRAMFILES%\v9Soft

%PROGRAMFILES(x86)%\v9Soft

%TEMP%\v9_Downloader

%temp%\V9Zip_000

URLs

v9.com may call the following URLs:

.v9.com

http://v9.com/

v9search.com

2 Comments

jeswald 11 years ago Reply

oh my goodness, THANK YOU SO MUCH! i have recently bought my new laptop because of a similar virus and was totally horrified when these windows kept popping up!! I'm sooo glad that you were able to help me get rid of it!! Thanks again!!

Neil 11 years ago Reply

thank you sooo much…..u saved me the trouble and time of taking my pc to the store……thnks a million….all ur steps work and did fix my problem!! Provide me information to know how i will be able to know that my system get infected once again by same virus???

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

v9.com

Threat Scorecard

EnigmaSoft Threat Scorecard

Sources of Browser Hijackers Responsible for v9.com Redirects

SpyHunter Detects & Remove v9.com

File System Details

Registry Details

Directories

URLs

2 Comments

Submit Comment

Related Posts

Antimalwarescannerv9.com

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen