V9 Redirect Virus

V9 Redirect Virus Description

V9 Redirect Virus Image 1The V9 Redirect Virus is a browser hijacker designed to force computer users to visit the URL v9.com/us repeatedly. This is done in order to generate traffic to this particular website, allowing various forms of monetizing this traffic, such as using affiliate marketing advertising or pay-per-click schemes to profit from infected visitors to this website. The V9 Redirect Virus typically enters a computer because of existing vulnerabilities in your applications or operating system. These can be exploited by specifically crafted scripts contained in attack websites. The V9 Redirect Virus can also spread through malicious email attachments or instant messaging spam. Finally, versions of the V9 Redirect Virus are bundled as toolbars that are included in the installation of popular freeware software from a third party.

The Consequence of a V9 Redirect Virus Infection

Once the V9 Redirect Virus infects a computer, the V9 Redirect Virus will change the infected computer's web browser's home page and default search engine to v9.com. The V9 Redirect Virus will also interfere with your online searches by always directing your search results to that website. Security analysts have also linked the V9 Redirect Virus to the appearance of unwanted pop-up advertisements. These can intrude on your work and interfere with normal online activities. V9 Redirect Virus has the capacity to keep track of your online habits and browser history.

While the functionality of hijackers may vary, most do what the name suggests - they mess with the user’s browser. V9, as well as many other hijackers, can infiltrate a user’s system through software bundle installers. Bad actors have refined numerous ways to sneak malware in bundles. Often the user isn’t even prompted whether they want to install everything in the bundle.

Once V9 has been installed it hijacks the victim’s browser homepage and default search engine. V9.com looks like a basic search engine page and currently, if someone tries to use it, it simply forwards the query to google.com and the user gets the same results they would get if they had done the Google search themselves. Previously, however, V9 would display completely different results mostly filled with ads and links to potentially malicious sites.

While the V9 Redirect Virus doesn’t seem to be a huge threat in its current state, users may want to still stay away because the connection the site uses is not secure and any searches may be tracked and data could be collected by bad actors. At best, V9 is completely useless and offers absolutely no added functionality for the user over a simple Google search.

Removing the V9 Redirect Virus is seldom a straightforward process. Even though there may be an uninstaller for this program, your web browser settings probably will need to be changed in order to restore your preferences to their defaults (such as your web browser's homepage and default search engine). Since the V9 Redirect Virus will often infect a computer along with various other forms of malware, the presence of this threat in a computer frequently indicates that other malware is present as well. In the event of a V9 Redirect Virus infection, ESG malware analysts advise PC users to analyze their entire machine with the aid of a fully updated and trustworthy anti-malware solution. To prevent further infections, ESG malware analysts advise using safe browsing practices and never downloading freeware software from sources other than the manufacturer.

Do You Suspect Your PC May Be Infected with V9 Redirect Virus & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like V9 Redirect Virus as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

V9 Redirect Virus creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\Newtabs_22find.dll 66,184 86f6ea136da23a07ac402df2a946f124 2,243
2 %WINDIR%\system32\Newtabs_v9.dll 60,928 380c6afbfd84a20316c9703933e9c766 1,898
3 %WINDIR%\system32\Newtabs_onmylike.dll 68,488 ec68d5ecd1ea15c81fc88dd6343c9080 691
4 %PROGRAMFILES%\iSafe\iSafeSvc.exe 238,408 0ff2898075716f58332dfd570160115a 561
5 %PROGRAMFILES%\iSafe\iSafeSvc2.exe 69,960 c7590b83285f76abc6636de7abbcf2d2 548
6 %PROGRAMFILES%\iSafe\iSafeTray.exe 403,272 1a2d335d2d6e8c088b79f892d6188cfe 503
7 %WINDIR%\system32\v9loader.dll 93,088 939573335072c8a4860b56dc609a753b 367
8 %PROGRAMFILES(x86)%\Software Plate\RegAssociate.exe 55,424 5b9c994332dcd47cf391748604d359df 7
9 %ALLUSERSPROFILE%\Application Data\MailUpdate\mailUpdate.exe 786,944 8d4f60990518a60c1921a1b96c3f3221 3
10 setup.exe 1,469,368 dd2373d237be64c5f7eeb058c937f064 3
11 %PROGRAMFILES%\Software Plate\gdpclient.exe 235,168 c92ed55a9e5f69b82d87b854da029697 2
12 %PROGRAMFILES(x86)%\newtabs\newtabs.exe 263,048 4c5a12a6133f9150acd8003ed6ba77a9 2
13 %PROGRAMFILES%\Software Plate\update.exe 234,656 d8e7fbec59da34ee1c7015bbb99c4035 1
14 %TEMP%llynew_v9.exe 689,808 2f20dca2ea38d22377a8feafa087a550 1
15 v9hpnt_v2.exe 489,328 acf210196d32fa22e1e7175b667d2c51 0
16 file.exe 1,491,896 90f9ec1d410fe7a8723b427a91b3d058 0
More files

Registry Details

V9 Redirect Virus creates the following registry entry or registry entries:
Regexp file mask
%APPDATA%\CheckRunv9.exe
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx
%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx
%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml
%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx
%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml
%TEMP%\V9._[NUMBERS]_[NUMBERS].exe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx
%WINDIR%\system32\v9-toolbar.dll
%WINDIR%\system32\v9loader.dll
%WINDIR%\SysWOW64\v9-toolbar.dll
%WINDIR%\SysWOW64\v9loader.dll
File name without path
http_pl.v9.com_0.localstorage
http_pl.v9.com_0.localstorage-journal
http_www.v9.com_0.localstorage
http_www.v9.com_0.localstorage-journal
V9 player.lnk
V9.lnk
www.v9[1].xml
Registry key
AppID\V9Loader.DLL
AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}
SOFTWARE\Classes\AppID\V9Loader.DLL
SOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1
SOFTWARE\Classes\V9Loader.BHOLoader
SOFTWARE\Classes\V9Loader.BHOLoader.1
SOFTWARE\Google\Chrome\Extensions\bpeeepmahhfjiediknjejcmcfmjcjdck
SOFTWARE\Google\Chrome\Extensions\dkdkpmmkgdbglmfmmmmehbkmnkopingb
SOFTWARE\Google\Chrome\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd
Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.com
Software\Microsoft\Internet Explorer\DOMStorage\v9.com
Software\Microsoft\Internet Explorer\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}
SOFTWARE\Microsoft\Tracing\V9 Redirect_RASAPI32
SOFTWARE\Microsoft\Tracing\V9 Redirect_RASMANCS
SOFTWARE\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}
SOFTWARE\v9magic
SOFTWARE\V9Software
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpeeepmahhfjiediknjejcmcfmjcjdck
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkdkpmmkgdbglmfmmmmehbkmnkopingb
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gjokjdicpfckeiihaniimbbmhadclefc
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9 Redirect_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9 Redirect_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CheckRunv9_uninstaller
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\V9Software
Software\Wow6432Node\v9magic
SOFTWARE\Wow6432Node\V9Software
V9_ToolBar.V9_ToolBar
V9_ToolBar.V9_ToolBar.1
V9Loader.BHOLoader
V9Loader.BHOLoader.1
Directory
%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\V9 player
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player
%ALLUSERSPROFILE%\Start Menu\Programs\V9 player
%APPDATA%\Microsoft\Windows\Start Menu\Programs\V9 player
%AppData%\v9
%LocalAppData%\Google\Chrome\User Data\Default\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd
%PROGRAMFILES%\v9Soft
%PROGRAMFILES(x86)%\v9Soft
%TEMP%\v9_Downloader
%temp%\V9Zip_000
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd
%USERPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player
CLSID
{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}
{742E70CF-7770-412d-86CB-230B322E807C}
{967CD81E-A11D-4706-AC78-8F17C8677B2A}
{DF35E8DC-7F5D-4503-B201-7239A46BEE20}
{E7A19171-B1FA-460B-84A8-557C70A925CF}
{F386E548-C533-472E-8C61-C026FB14FEA9}
Uninstaller
v9 uninstall
v9 uninstaller
V9Software
Run keys
CheckRunv9_uninstaller

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

9 Comments

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.