Jump to content

Not sure what to do


Recommended Posts

My netbook does not have a dvd drive and it's infected so I wanted to re-install windows xp.

Searching the web I found some people say that wintoflash was a good way to make the windows XP ISO bootable on a usb flash drive.

Wow what a mistake.

I downloaded wintoflash on this page

http://wintoflash.com/download/en/

from this link

ftp://wintoflash:YPNP4TVC@downloadserver1.wintoflash.com/distributions/Novicorp%20WinToFlash%200.7.0054%20beta.zip

I extracted the "Novicorp WinToFlash 0.7.0054 beta.zip" file and ran WinToFlash.exe.

It did some stuff to the usb flash drive and after finishing all my home pages were set to www.v9.com

Googling this I see some say it is malware

http://blog.teesupport.com/infected-by-th-v9-com-hijacker-virus-remove-th-v9-com-browser-hijacker-manually/

In the installer zip I see

G:\Novicorp WinToFlash 0.7.0054 beta\ValueAdd\3rdParty\V9\v9wnf.exe.secure

I posted in wintoflash forums what is v9wnf.exe.secure for? Of course no response.

I can't even figure out the purpose of the home page.

Apparently it is run by Beijing ELEX Technology Co.,Ltd.

I emailed them as well but their response made no sense.

There was an application installed that said w9.com or something. I uninstalled that.

I was never prompted to have all of my home pages changed (IE, Chrome)

I ran malware bytes scan but found nothing. But this just happened.

Malwarebytes Anti-Malware

Successfully blocked access to a potentially malicous website: 89.187.53.65

Type: outgoing

Port: 13857, Process iexplore.exe

So I ran DDS.COM and here are the files.

attach.txt

dds.txt

Link to post
Share on other sites

Hello flagrant99! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Thanks for your help. :) I think/hope my system is all right now. Apparently when I ran wintoflash I agreed to have the home page in all my client browsers changed to www.v9.com by clicking next on the 6th screen of the wintoflash app. I got an email response Novicorp stating that I agreed to it, so I ran wintoflash again on a Virtual machine and sure enough "set V9 home page by default" is there (screenshot attached). I still don't get how www.v9.com or wintoflash makes money by having me visit a web page that has links to google and facebook on it. The whole experience is very strange to me.

post-119826-0-69892400-1352087153.png

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.