Help with my friend's V9 malware infection?

[HankFriedman]

I don't know if any of you have experience removing the new V9 malware from a PC, but one of my closest friends got infected and has run scans from Prevx, Malwarebytes Antimalware, and MSE without success.

Does anyone know how to get this removed?

Please forgive me if this is NOT a topic allowed on this forum.

Donationcoder is a great community, and I just wanted to help him.

p.s. he has an older Windows XP system, and is getting redirects from email links, an IE home page hijack to the V9 website, etc.

[4wd]

Does this help: V9 Redirect Virus ?

I'd try the manual removal first followed by running HitmanPro, (only if it allows free scan on demand), or ComboFix.  I say manual first because I'd rather not have to install a program to get rid of it.

Just a note on ComboFix, I've used it before and it has yet to fail me or cause a problem but do take note of the warning on the page:

Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.

[HankFriedman]

Thank you very much for your suggestions.

I will be looking into them with my friend, and hopefully we will find a solution.

[SKA]

A.  Try Kasperky's Virus Removal Tool v11x
http://www.kaspersky...-removal-tool?form=1

or

B. try instructions for manual removal from : http://techvts.com/v9-com-virus-removal
Manual removal instructions for www.v9.com search virus (Ensure you backup data before start).

1.  Stop malicious processes:
   Open windows task manager, go to “Processes” tab and stop any v9.com virus process which is running. It can be stopped by Right click on it and select “End process”.

2. Remove v9.com virus corrupt registry settings:
 Open Windows Registry editor by typing REGEDIT into RUN. Find and delete any keys and values related with this malware. (Please use the name of Malware to search for keys related to it)
 Below is a list of possibly infected registry keys:
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0

3.  Delete v9.com malware infected files & folders
 Go to My Computer, search for malware files. Delete all the files and folders found. (Please use the name of Malware to search for keys related to it).
 Possible locations:
 %UserProfile%\
 %UserProfile%\Application Data\
 %UserProfile%\Start Menu\Programs\

Hope this helps
Ska