ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Help with my friend's V9 malware infection?


I don't know if any of you have experience removing the new V9 malware from a PC, but one of my closest friends got infected and has run scans from Prevx, Malwarebytes Antimalware, and MSE without success.

Does anyone know how to get this removed?

Please forgive me if this is NOT a topic allowed on this forum.

Donationcoder is a great community, and I just wanted to help him.

p.s. he has an older Windows XP system, and is getting redirects from email links, an IE home page hijack to the V9 website, etc.

Does this help: V9 Redirect Virus ?

I'd try the manual removal first followed by running HitmanPro, (only if it allows free scan on demand), or ComboFix.  I say manual first because I'd rather not have to install a program to get rid of it.

Just a note on ComboFix, I've used it before and it has yet to fail me or cause a problem but do take note of the warning on the page:
Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.
--- End quote ---

Thank you very much for your suggestions.

I will be looking into them with my friend, and hopefully we will find a solution.

A.  Try Kasperky's Virus Removal Tool v11x


B. try instructions for manual removal from :
Manual removal instructions for search virus (Ensure you backup data before start).

1.  Stop malicious processes:
   Open windows task manager, go to “Processes” tab and stop any virus process which is running. It can be stopped by Right click on it and select “End process”.

2. Remove virus corrupt registry settings:
 Open Windows Registry editor by typing REGEDIT into RUN. Find and delete any keys and values related with this malware. (Please use the name of Malware to search for keys related to it)
 Below is a list of possibly infected registry keys:
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1
 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0

3.  Delete malware infected files & folders
 Go to My Computer, search for malware files. Delete all the files and folders found. (Please use the name of Malware to search for keys related to it).
 Possible locations:
 %UserProfile%\Application Data\
 %UserProfile%\Start Menu\Programs\

Hope this helps


[0] Message Index

Go to full version