V9 Redirect Virus
Posted: February 15, 2013
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,685 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 217,956 |
| First Seen: | February 15, 2013 |
|---|---|
| Last Seen: | October 16, 2023 |
| OS(es) Affected: | Windows |
The V9 Redirect Virus is a browser hijacker that promotes V9.com – a link directory and search engine website. Although the V9.com's currently does not appear to have any direct association with the malicious software that redirects your browser to the V9 Redirect Virus, SpywareRemove.com malware experts are unable to verify the safety of all of V9.com's content and recommend that you browse the V9 Redirect Virus with caution. Meanwhile, the V9 Redirect Virus, like every browser hijacker, should be considered a danger to your PC's web-browsing security. To make sure that your browser's settings are restored to normal with a minimum of trouble on your part, removing the V9 Redirect Virus with appropriate anti-malware products is recommended.
Driving Along the V9 Redirect Virus's Virtual Highway
As a generalized term that can apply to multiple browser hijackers, the V9 Redirect Virus can infect your PC through various routes and implement itself in several formats. However, SpywareRemove.com malware experts usually note the complicity of browser vulnerability exploits as the opening gambit in such attacks, which can install malware like the V9 Redirect Virus without your permission. Other viable infection vectors for the V9 Redirect Virus may include spam e-mail and links (often obfuscated) that are distributed through social network-based sites/apps.
Most variants of the V9 Redirect Virus aren't specific to a single browser, and updating or changing your browser is unlikely to put a stop to any V9 Redirect Virus redirect attacks (although updating your browser can reduce vulnerabilities that could infect your PC in the first place). SpywareRemove.com malware researchers have noted the major symptoms of a typical V9 Redirect Virus attack as follows:
- Having your search engine settings changed to redirect you to V9.com whenever you try to search the web.
- Having your default homepage set to V9.com, forcing that site to display whenever you open your browser.
- Being unable to revert these changes through minor browser settings changes (since the V9 Redirect Virus often will change your default web-browsing settings).
Turning a V9 Redirect Virus into a Big V-Zero
The V9 Redirect Virus's main effect of forcing you to use V9.com should not be considered to be immediately harmful to your PC. However, SpywareRemove.com malware experts often find that browser hijackers like the V9 Redirect Virus can include other system changes of an even more negative nature (such as attacks against your browser's security zones or file-downloading settings) that could put your PC at risk during other online attacks.
Whether you acquired your V9 Redirect Virus from a toolbar or a less obtrusive method, SpywareRemove.com malware researchers always suggest removing a V9 Redirect Virus as quickly as you can after the V9 Redirect Virus has been detected. Most anti-malware applications should be able to delete the V9 Redirect Virus with negligible effort, although the same may not apply to any other malware that could be installed next to the V9 Redirect Virus.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\ProgramData\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 764.41 KB (764416 bytes)
MD5: 2c0fcc30756db620a11306cc79d2c024
Detection count: 7,408
File type: Executable File
Mime Type: unknown/exe
Path: C:\ProgramData\MailUpdate\mailUpdate.exe
Group: Malware file
Last Updated: September 1, 2023
C:\Documents and Settings\<username>\Datos de programa\MailUpdate\MailUpdate.exe
File name: MailUpdate.exeSize: 759.8 KB (759808 bytes)
MD5: b61b445e0e1b86c4a8cdad11ebb45b95
Detection count: 408
File type: Executable File
Mime Type: unknown/exe
Path: C:\Documents and Settings\<username>\Datos de programa\MailUpdate\MailUpdate.exe
Group: Malware file
Last Updated: October 31, 2022
%APPDATA%\MailUpdate\MailUpdate.exe
File name: MailUpdate.exeSize: 1.29 MB (1298432 bytes)
MD5: 4f6a1dfd4516f5867f1de81ea8c47bee
Detection count: 208
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%APPDATA%\MailUpdate\MailUpdate.exe
File name: MailUpdate.exeSize: 557.05 KB (557056 bytes)
MD5: e9fcf5bc8d24873a4d7fcf83ab251e29
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9
File name: v9Size: 1.46 MB (1469368 bytes)
MD5: dd2373d237be64c5f7eeb058c937f064
Detection count: 82
Path: C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9
Group: Malware file
Last Updated: September 22, 2022
%WINDIR%\system32\v9loader.dll
File name: v9loader.dllSize: 434.08 KB (434080 bytes)
MD5: 1c714636b6530503a7db61a13e0b119c
Detection count: 73
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 9, 2016
%ALLUSERSPROFILE%\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 241.3 KB (241304 bytes)
MD5: 9506d7c0b2c0ca605cd3a135795e6843
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%PROGRAMFILES%\newtabs\newtabs.exe
File name: newtabs.exeSize: 263.04 KB (263048 bytes)
MD5: 4c5a12a6133f9150acd8003ed6ba77a9
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\newtabs\newtabs.exe
Group: Malware file
Last Updated: August 2, 2023
%ALLUSERSPROFILE%\Application Data\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 786.94 KB (786944 bytes)
MD5: 82761729a7e9050c9994c84d18ba67a3
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%PROGRAMFILES(x86)%\newtabs\newtabs.exe
File name: newtabs.exeSize: 261.03 KB (261032 bytes)
MD5: ad9586fb316b4c67298609402952f76a
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\newtabs
Group: Malware file
Last Updated: October 22, 2014
%ALLUSERSPROFILE%\Application Data\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 767.48 KB (767488 bytes)
MD5: 97cac3d0dd4df542c16102b0e52119f1
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%ALLUSERSPROFILE%\Application Data\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 786.94 KB (786944 bytes)
MD5: 8d4f60990518a60c1921a1b96c3f3221
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%TEMP%\llynew_v9.exe
File name: llynew_v9.exeSize: 689.8 KB (689808 bytes)
MD5: 2f20dca2ea38d22377a8feafa087a550
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 25, 2020
%ALLUSERSPROFILE%\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 715.26 KB (715264 bytes)
MD5: 2752182b671bc1b6ec3d4a78d9fa3d79
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%ALLUSERSPROFILE%\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 786.94 KB (786944 bytes)
MD5: a8e6af6f223aa5467006814962d3d07f
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%ALLUSERSPROFILE%\MailUpdate\mailUpdate.exe
File name: mailUpdate.exeSize: 787.45 KB (787456 bytes)
MD5: 13f9a7f84da143d2f8f8eafa221fd790
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
%WINDIR%\system32\v9loader.dll
File name: v9loader.dllSize: 434.1 KB (434104 bytes)
MD5: 461e5d6ae759262ad81b75f0df1759ae
Detection count: 1
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 9, 2016
%APPDATA%\MailUpdate\MailUpdate.exe
File name: MailUpdate.exeSize: 792.06 KB (792064 bytes)
MD5: 931a6b06d958af1adb18b870421ce358
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
More files
Registry Modifications
The following newly produced Registry Values are:
CLSID{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}{742E70CF-7770-412d-86CB-230B322E807C}{967CD81E-A11D-4706-AC78-8F17C8677B2A}{DF35E8DC-7F5D-4503-B201-7239A46BEE20}{E7A19171-B1FA-460B-84A8-557C70A925CF}{F386E548-C533-472E-8C61-C026FB14FEA9}File name without pathhttp_pl.v9.com_0.localstoragehttp_pl.v9.com_0.localstorage-journalhttp_www.v9.com_0.localstoragehttp_www.v9.com_0.localstorage-journalV9 player.lnkV9.lnkwww.v9[1].xmlRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml%TEMP%\V9._[NUMBERS]_[NUMBERS].exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx%WINDIR%\system32\v9-toolbar.dll%WINDIR%\system32\v9loader.dll%WINDIR%\SysWOW64\v9-toolbar.dll%WINDIR%\SysWOW64\v9loader.dllHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\AppID\V9Loader.DLLSOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}SOFTWARE\Classes\V9_ToolBar.V9_ToolBarSOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1SOFTWARE\Classes\V9Loader.BHOLoaderSOFTWARE\Classes\V9Loader.BHOLoader.1Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.comSOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}SOFTWARE\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}SOFTWARE\v9magicSOFTWARE\V9SoftwareSOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Wow6432Node\v9magicSOFTWARE\Wow6432Node\V9SoftwareHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}v9 uninstallv9 uninstallerV9Software
CLSID{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}{742E70CF-7770-412d-86CB-230B322E807C}{967CD81E-A11D-4706-AC78-8F17C8677B2A}{DF35E8DC-7F5D-4503-B201-7239A46BEE20}{E7A19171-B1FA-460B-84A8-557C70A925CF}{F386E548-C533-472E-8C61-C026FB14FEA9}File name without pathhttp_pl.v9.com_0.localstoragehttp_pl.v9.com_0.localstorage-journalhttp_www.v9.com_0.localstoragehttp_www.v9.com_0.localstorage-journalV9 player.lnkV9.lnkwww.v9[1].xmlRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml%TEMP%\V9._[NUMBERS]_[NUMBERS].exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx%WINDIR%\system32\v9-toolbar.dll%WINDIR%\system32\v9loader.dll%WINDIR%\SysWOW64\v9-toolbar.dll%WINDIR%\SysWOW64\v9loader.dllHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\AppID\V9Loader.DLLSOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}SOFTWARE\Classes\V9_ToolBar.V9_ToolBarSOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1SOFTWARE\Classes\V9Loader.BHOLoaderSOFTWARE\Classes\V9Loader.BHOLoader.1Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.comSOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}SOFTWARE\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}SOFTWARE\v9magicSOFTWARE\V9SoftwareSOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Wow6432Node\v9magicSOFTWARE\Wow6432Node\V9SoftwareHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}v9 uninstallv9 uninstallerV9Software
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player%AppData%\v9%PROGRAMFILES%\v9Soft%PROGRAMFILES(x86)%\v9Soft%TEMP%\v9_Downloader%temp%\V9Zip_000
The following URL's were detected:
.v9.comhttp://v9.com/v9search.com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.