V9 Redirect Virus
Posted: February 15, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,909 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 220,750 |
| First Seen: | February 15, 2013 |
|---|---|
| Last Seen: | March 8, 2025 |
| OS(es) Affected: | Windows |
The V9 Redirect Virus is a browser hijacker that promotes V9.com – a link directory and search engine website. Although the V9.com's currently does not appear to have any direct association with the malicious software that redirects your browser to the V9 Redirect Virus, SpywareRemove.com malware experts are unable to verify the safety of all of V9.com's content and recommend that you browse the V9 Redirect Virus with caution. Meanwhile, the V9 Redirect Virus, like every browser hijacker, should be considered a danger to your PC's web-browsing security. To make sure that your browser's settings are restored to normal with a minimum of trouble on your part, removing the V9 Redirect Virus with appropriate anti-malware products is recommended.
Driving Along the V9 Redirect Virus's Virtual Highway
As a generalized term that can apply to multiple browser hijackers, the V9 Redirect Virus can infect your PC through various routes and implement itself in several formats. However, SpywareRemove.com malware experts usually note the complicity of browser vulnerability exploits as the opening gambit in such attacks, which can install malware like the V9 Redirect Virus without your permission. Other viable infection vectors for the V9 Redirect Virus may include spam e-mail and links (often obfuscated) that are distributed through social network-based sites/apps.
Most variants of the V9 Redirect Virus aren't specific to a single browser, and updating or changing your browser is unlikely to put a stop to any V9 Redirect Virus redirect attacks (although updating your browser can reduce vulnerabilities that could infect your PC in the first place). SpywareRemove.com malware researchers have noted the major symptoms of a typical V9 Redirect Virus attack as follows:
- Having your search engine settings changed to redirect you to V9.com whenever you try to search the web.
- Having your default homepage set to V9.com, forcing that site to display whenever you open your browser.
- Being unable to revert these changes through minor browser settings changes (since the V9 Redirect Virus often will change your default web-browsing settings).
Turning a V9 Redirect Virus into a Big V-Zero
The V9 Redirect Virus's main effect of forcing you to use V9.com should not be considered to be immediately harmful to your PC. However, SpywareRemove.com malware experts often find that browser hijackers like the V9 Redirect Virus can include other system changes of an even more negative nature (such as attacks against your browser's security zones or file-downloading settings) that could put your PC at risk during other online attacks.
Whether you acquired your V9 Redirect Virus from a toolbar or a less obtrusive method, SpywareRemove.com malware researchers always suggest removing a V9 Redirect Virus as quickly as you can after the V9 Redirect Virus has been detected. Most anti-malware applications should be able to delete the V9 Redirect Virus with negligible effort, although the same may not apply to any other malware that could be installed next to the V9 Redirect Virus.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to V9 Redirect Virus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
* See Free Trial offer below. EULA and Privacy/Cookie Policy.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\WINDOWS\system32\Newtabs_onmylike.dll
File name: Newtabs_onmylike.dllSize: 68.48 KB (68488 bytes)
MD5: ec68d5ecd1ea15c81fc88dd6343c9080
Detection count: 1,651
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\WINDOWS\system32\Newtabs_onmylike.dll
Group: Malware file
Last Updated: October 13, 2024
%PROGRAMFILES%\iSafe\iSafeSvc.exe
File name: iSafeSvc.exeSize: 238.4 KB (238408 bytes)
MD5: 0ff2898075716f58332dfd570160115a
Detection count: 1,314
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\iSafe
Group: Malware file
Last Updated: July 16, 2013
%PROGRAMFILES%\iSafe\iSafeSvc2.exe
File name: iSafeSvc2.exeSize: 69.96 KB (69960 bytes)
MD5: c7590b83285f76abc6636de7abbcf2d2
Detection count: 1,283
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\iSafe
Group: Malware file
Last Updated: July 16, 2013
%PROGRAMFILES%\iSafe\iSafeTray.exe
File name: iSafeTray.exeSize: 403.27 KB (403272 bytes)
MD5: 1a2d335d2d6e8c088b79f892d6188cfe
Detection count: 1,178
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\iSafe
Group: Malware file
Last Updated: July 16, 2013
%SYSTEMDRIVE%\BKP CLAUDIA 11-07-19\C\Bkp Berton Claudia -14.08.15\C\Program Files\Software Plate\RegAssociate.exe
File name: RegAssociate.exeSize: 55.42 KB (55424 bytes)
MD5: 5b9c994332dcd47cf391748604d359df
Detection count: 148
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\BKP CLAUDIA 11-07-19\C\Bkp Berton Claudia -14.08.15\C\Program Files\Software Plate\RegAssociate.exe
Group: Malware file
Last Updated: January 18, 2024
C:\Program Files (x86)\Software Plate\update.exe
File name: update.exeSize: 234.65 KB (234656 bytes)
MD5: d8e7fbec59da34ee1c7015bbb99c4035
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Software Plate\update.exe
Group: Malware file
Last Updated: January 6, 2025
C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9
File name: v9Size: 1.46 MB (1469368 bytes)
MD5: dd2373d237be64c5f7eeb058c937f064
Detection count: 82
Path: C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9
Group: Malware file
Last Updated: September 22, 2022
v9hpnt_v2.exe
File name: v9hpnt_v2.exeSize: 489.32 KB (489328 bytes)
MD5: acf210196d32fa22e1e7175b667d2c51
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 11, 2013
%PROGRAMFILES%\Software Plate\svcgdp.exe
File name: svcgdp.exeSize: 92.83 KB (92832 bytes)
MD5: 71dcb870d229926054a2ae997b52d20f
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Software Plate
Group: Malware file
Last Updated: July 9, 2013
%PROGRAMFILES(x86)%\Software Plate\gdpclient.exe
File name: gdpclient.exeSize: 241.82 KB (241824 bytes)
MD5: deec43eea17d5ec3113c39f8b8375d84
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\Software Plate
Group: Malware file
Last Updated: July 9, 2013
%PROGRAMFILES(x86)%\newtabs\newtabs.exe
File name: newtabs.exeSize: 261.03 KB (261032 bytes)
MD5: ad9586fb316b4c67298609402952f76a
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\newtabs
Group: Malware file
Last Updated: October 22, 2014
%TEMP%\llynew_v9.exe
File name: llynew_v9.exeSize: 689.8 KB (689808 bytes)
MD5: 2f20dca2ea38d22377a8feafa087a550
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: December 25, 2020
%WINDIR%\system32\v9loader.dll
File name: v9loader.dllSize: 434.1 KB (434104 bytes)
MD5: 461e5d6ae759262ad81b75f0df1759ae
Detection count: 1
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 9, 2016
%APPDATA%\MailUpdate\MailUpdate.exe
File name: MailUpdate.exeSize: 792.06 KB (792064 bytes)
MD5: 931a6b06d958af1adb18b870421ce358
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MailUpdate
Group: Malware file
Last Updated: January 13, 2015
More files
Registry Modifications
CLSID{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}{742E70CF-7770-412d-86CB-230B322E807C}{967CD81E-A11D-4706-AC78-8F17C8677B2A}{DF35E8DC-7F5D-4503-B201-7239A46BEE20}{E7A19171-B1FA-460B-84A8-557C70A925CF}{F386E548-C533-472E-8C61-C026FB14FEA9}File name without pathhttp_pl.v9.com_0.localstoragehttp_pl.v9.com_0.localstorage-journalhttp_www.v9.com_0.localstoragehttp_www.v9.com_0.localstorage-journalV9 player.lnkV9.lnkwww.v9[1].xmlRegexp file mask%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml%TEMP%\V9._[NUMBERS]_[NUMBERS].exe%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx%WINDIR%\system32\v9-toolbar.dll%WINDIR%\system32\v9loader.dll%WINDIR%\SysWOW64\v9-toolbar.dll%WINDIR%\SysWOW64\v9loader.dllHKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\AppID\V9Loader.DLLSOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}SOFTWARE\Classes\V9_ToolBar.V9_ToolBarSOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1SOFTWARE\Classes\V9Loader.BHOLoaderSOFTWARE\Classes\V9Loader.BHOLoader.1Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\v9.comSoftware\Microsoft\Internet Explorer\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.comSOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.comSoftware\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}SOFTWARE\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}SOFTWARE\v9magicSOFTWARE\V9SoftwareSOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}Software\Wow6432Node\v9magicSOFTWARE\Wow6432Node\V9SoftwareHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}v9 uninstallv9 uninstallerV9Software
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.