Jump to content

flagrant99

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your help. I think/hope my system is all right now. Apparently when I ran wintoflash I agreed to have the home page in all my client browsers changed to www.v9.com by clicking next on the 6th screen of the wintoflash app. I got an email response Novicorp stating that I agreed to it, so I ran wintoflash again on a Virtual machine and sure enough "set V9 home page by default" is there (screenshot attached). I still don't get how www.v9.com or wintoflash makes money by having me visit a web page that has links to google and facebook on it. The whole experience is very strange to me.
  2. I had avast download latest virus definitions, and disabled windows defender still crashed. Then I saw this page http://www.bleepingc...ownload/aswmbr/. It says to rename aswMBR.exe to iExplore.exe. That worked! and got it to run successfully. Attached are the logs aswMBR.txt MBR.zip
  3. I did a System Restore to a Restore Point before the install on my windows 8 OS. MalwareBytes still shows no problems (b4 the system restore it showed no problems either). aswMBR.exe just crashes every time I run it. Perhaps it doesn't work on windows 8? I attached the screen shot. mbam-log-2012-11-04 (13-11-54).txt
  4. My netbook does not have a dvd drive and it's infected so I wanted to re-install windows xp. Searching the web I found some people say that wintoflash was a good way to make the windows XP ISO bootable on a usb flash drive. Wow what a mistake. I downloaded wintoflash on this page http://wintoflash.com/download/en/ from this link ftp://wintoflash:YPNP4TVC@downloadserver1.wintoflash.com/distributions/Novicorp%20WinToFlash%200.7.0054%20beta.zip I extracted the "Novicorp WinToFlash 0.7.0054 beta.zip" file and ran WinToFlash.exe. It did some stuff to the usb flash drive and after finishing all my home pages were set to www.v9.com Googling this I see some say it is malware http://blog.teesupport.com/infected-by-th-v9-com-hijacker-virus-remove-th-v9-com-browser-hijacker-manually/ In the installer zip I see G:\Novicorp WinToFlash 0.7.0054 beta\ValueAdd\3rdParty\V9\v9wnf.exe.secure I posted in wintoflash forums what is v9wnf.exe.secure for? Of course no response. I can't even figure out the purpose of the home page. Apparently it is run by Beijing ELEX Technology Co.,Ltd. I emailed them as well but their response made no sense. There was an application installed that said w9.com or something. I uninstalled that. I was never prompted to have all of my home pages changed (IE, Chrome) I ran malware bytes scan but found nothing. But this just happened. Malwarebytes Anti-Malware Successfully blocked access to a potentially malicous website: 89.187.53.65 Type: outgoing Port: 13857, Process iexplore.exe So I ran DDS.COM and here are the files. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.