Multi-License Discounts

Change Region

English Português 日本語
Threat Database Viruses V9 Redirect Virus
10 Comments

V9 Redirect Virus

By ZulaZuza in Viruses
Translate To:
English

Threat Scorecard

Ranking: 1,755
Threat Level: 50 % (Medium)
Infected Computers: 93,120
First Seen: February 15, 2013
Last Seen: November 2, 2023
OS(es) Affected: Windows

V9 Redirect Virus Image

The V9 Redirect Virus is a browser hijacker designed to force computer users to visit the URL v9.com/us repeatedly. This is done in order to generate traffic to this particular website, allowing various forms of monetizing this traffic, such as using affiliate marketing advertising or pay-per-click schemes to profit from infected visitors to this website. The V9 Redirect Virus typically enters a computer because of existing vulnerabilities in your applications or operating system. These can be exploited by specifically crafted scripts contained in attack websites. The V9 Redirect Virus can also spread through malicious email attachments or instant messaging spam. Finally, versions of the V9 Redirect Virus are bundled as toolbars that are included in the installation of popular freeware software from a third party.

The Consequence of a V9 Redirect Virus Infection

Once the V9 Redirect Virus infects a computer, the V9 Redirect Virus will change the infected computer's web browser's home page and default search engine to v9.com. The V9 Redirect Virus will also interfere with your online searches by always directing your search results to that website. Security analysts have also linked the V9 Redirect Virus to the appearance of unwanted pop-up advertisements. These can intrude on your work and interfere with normal online activities. V9 Redirect Virus has the capacity to keep track of your online habits and browser history.

While the functionality of hijackers may vary, most do what the name suggests - they mess with the user’s browser. V9, as well as many other hijackers, can infiltrate a user’s system through software bundle installers. Bad actors have refined numerous ways to sneak malware in bundles. Often the user isn’t even prompted whether they want to install everything in the bundle.

Once V9 has been installed it hijacks the victim’s browser homepage and default search engine. V9.com looks like a basic search engine page and currently, if someone tries to use it, it simply forwards the query to google.com and the user gets the same results they would get if they had done the Google search themselves. Previously, however, V9 would display completely different results mostly filled with ads and links to potentially malicious sites.

While the V9 Redirect Virus doesn’t seem to be a huge threat in its current state, users may want to still stay away because the connection the site uses is not secure and any searches may be tracked and data could be collected by bad actors. At best, V9 is completely useless and offers absolutely no added functionality for the user over a simple Google search.

Removing the V9 Redirect Virus is seldom a straightforward process. Even though there may be an uninstaller for this program, your web browser settings probably will need to be changed in order to restore your preferences to their defaults (such as your web browser's homepage and default search engine). Since the V9 Redirect Virus will often infect a computer along with various other forms of malware, the presence of this threat in a computer frequently indicates that other malware is present as well. In the event of a V9 Redirect Virus infection, ESG malware analysts advise PC users to analyze their entire machine with the aid of a fully updated and trustworthy anti-malware solution. To prevent further infections, ESG malware analysts advise using safe browsing practices and never downloading freeware software from sources other than the manufacturer.

SpyHunter Detects & Remove V9 Redirect Virus

File System Details

V9 Redirect Virus may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. MailUpdate.exe 52fb17403005a864420f7c3087f6bfca 4,458
2. mailUpdate.exe 2c0fcc30756db620a11306cc79d2c024 3,163
3. MailUpdate.exe 57d1e8d051f7bf95ee053c2c76bc1ddc 497
4. MailUpdate.exe 7a39632bfe946198514bb5fdc5bc0740 428
5. MailUpdate.exe b61b445e0e1b86c4a8cdad11ebb45b95 174
6. MailUpdate.exe 4f6a1dfd4516f5867f1de81ea8c47bee 89
7. mailUpdate.exe bfa913e38b0d4ab800623bca16ac51e4 70
8. v9 dd2373d237be64c5f7eeb058c937f064 35
9. v9loader.dll 1c714636b6530503a7db61a13e0b119c 31
10. MailUpdate.exe dd576f758b94ca359c5cb5427e1d74ba 27
11. V9Loader.dll 9d698674d936bc268a448bd7743da660 22
12. mailUpdate.exe 9506d7c0b2c0ca605cd3a135795e6843 19
13. newtabs.exe 4c5a12a6133f9150acd8003ed6ba77a9 14
14. mailUpdate.exe 82761729a7e9050c9994c84d18ba67a3 10
15. newtabs.exe ad9586fb316b4c67298609402952f76a 6
16. mailUpdate.exe 97cac3d0dd4df542c16102b0e52119f1 3
17. mailUpdate.exe 8d4f60990518a60c1921a1b96c3f3221 3
18. llynew_v9.exe 2f20dca2ea38d22377a8feafa087a550 2
19. v9loader.dll 195c7a46dd2ae82f4b9e0589cd6df4e5 2
20. mailUpdate.exe 2752182b671bc1b6ec3d4a78d9fa3d79 2
21. mailUpdate.exe a8e6af6f223aa5467006814962d3d07f 2
22. mailUpdate.exe 2f6653f0196ac362e110711118bfda92 2
23. mailUpdate.exe 13f9a7f84da143d2f8f8eafa221fd790 2
24. MailUpdate.exe e9fcf5bc8d24873a4d7fcf83ab251e29 1
25. Newtabs_v9.dll 0bfe35fccd3c784d558672fd58b074b6 1
26. v9loader.dll 461e5d6ae759262ad81b75f0df1759ae 1
27. MailUpdate.exe 931a6b06d958af1adb18b870421ce358 1
More files

Registry Details

V9 Redirect Virus may create the following registry entry or registry entries:
CLSID
{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}
{742E70CF-7770-412d-86CB-230B322E807C}
{967CD81E-A11D-4706-AC78-8F17C8677B2A}
{DF35E8DC-7F5D-4503-B201-7239A46BEE20}
{E7A19171-B1FA-460B-84A8-557C70A925CF}
{F386E548-C533-472E-8C61-C026FB14FEA9}
File name without path
http_pl.v9.com_0.localstorage
http_pl.v9.com_0.localstorage-journal
http_www.v9.com_0.localstorage
http_www.v9.com_0.localstorage-journal
V9 player.lnk
V9.lnk
www.v9[1].xml
Regexp file mask
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx
%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx
%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml
%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx
%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml
%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml
%TEMP%\V9._[NUMBERS]_[NUMBERS].exe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx
%WINDIR%\system32\v9-toolbar.dll
%WINDIR%\system32\v9loader.dll
%WINDIR%\SysWOW64\v9-toolbar.dll
%WINDIR%\SysWOW64\v9loader.dll
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\AppID\V9Loader.DLL
SOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar
SOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1
SOFTWARE\Classes\V9Loader.BHOLoader
SOFTWARE\Classes\V9Loader.BHOLoader.1
Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.com
Software\Microsoft\Internet Explorer\DOMStorage\v9.com
Software\Microsoft\Internet Explorer\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}
SOFTWARE\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}
SOFTWARE\v9magic
SOFTWARE\V9Software
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Software\Wow6432Node\v9magic
SOFTWARE\Wow6432Node\V9Software
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
v9 uninstall
v9 uninstaller
V9Software

Directories

V9 Redirect Virus may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player
%AppData%\v9
%PROGRAMFILES%\v9Soft
%PROGRAMFILES(x86)%\v9Soft
%TEMP%\v9_Downloader
%temp%\V9Zip_000

URLs

V9 Redirect Virus may call the following URLs:

.v9.com
http://v9.com/
v9search.com

10 Comments

joseph Reply

my notebook shuts down by it self and the screen turns a bright colour

ray Sotto Reply

I want to get rid of myway from my computer

Mohammad R Moghaddam Reply

thnak you

cornelis coetzee Reply

my computer did't want to process a request

vanesa ramirezramirez Reply

I want to have an antivirus to protect my pc

Ralf Hamerla ( from Germany ) Reply

Does there exist a program ( Freeware ) that deletes all actual Viruses ? Thank You

bannie camanga Reply

need antivirus

SURESH SADANANDn Reply

VERY GOOD

mahmoud elayan Reply

i like and i hope it works

GUSTAVO QUINTEROMARQUEZ Reply

es muy bueno para mi pc

Trending

Most Viewed

Loading...