Anti-Virus Number 1 is a rogue antivirus/antispyware program, new version of Anti-virus-1 and Antivirus 360. Like Anti-virus-1 and other rogue antispyware programs, it uses advertising on the Internet for distribution that tells that your computer is infected and offers to download and install Anti-Virus Number 1. Also the program may use trojans for invisible installation on your computer.
During installation, Anti-Virus Number 1 configures itself to run automatically every time, when you start your computer. Immediately after launch, the program starts scanning the computer and found a lot of trojans and spyware. All these infections are fake. Then Anti-Virus Number 1 said that you should purchase the program in order to remove them and protect your computer.
Anti-Virus Number 1 also generates false security alerts:
Internal conflict alert.
Anti-Virus Number-1 detected internal software conflict. Some applicztion tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer.
Privacy Violation alert!
Anti-Virus Number-1 detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. click here to block this activity by removing the threat (Recommended).
The fake alerts may drastically slow the performance of your computer. Use the free instructions below for removing the Anti-Virus Number 1 and any associated malware from your computer.
Symptoms in a HijackThis Log.
O1 – Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 a1.review.zdnet.com
O1 – Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 – Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 www.reviews.download.com
O1 – Hosts: 217.20.175.74 reviews.download.com
O1 – Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 – Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 – Hosts: 217.20.175.74 reviews.pcmag.com
O1 – Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 – Hosts: 217.20.175.74 reviews.reevoo.com
O1 – Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.techradar.com
O1 – Hosts: 217.20.175.74 reviews.techradar.com
O2 – BHO: QWProtectBHO – {8D187DFF-423F-41d3-A331-A60DE5886675} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O2 – BHO: QWProtectBHO – {2182220D-AA70-4764-B4E6-1F5BBA322C9C} – C:\Documents and Settings\All Users\Application Data\N1\QWProtect.dll
O4 – HKLM\..\Run: [Drives swap] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
O4 – HKLM\..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Use the following instructions to remove Anti-Virus Number 1 (Uninstall instructions).
1. Remove Anti-Virus Number 1 registry entries and files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D187DFF-423F-41d3-A331-A60DE5886675}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2182220D-AA70-4764-B4E6-1F5BBA322C9C}Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Drives swap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | DriveFolders to delete:
C:\Documents and Settings\All Users\Application Data\AV1
C:\Documents and Settings\All Users\Application Data\N1Then click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
2. Remove Anti-Virus Number 1 associated malware.
- Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
- Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.
Anti-Virus Number 1 creates the following files and folders.
c:\Documents and Settings\All Users\Application Data\AV1
c:\Documents and Settings\All Users\Application Data\AV1\AV1.cab
c:\Documents and Settings\All Users\Application Data\AV1\av1.exe
c:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
c:\Documents and Settings\All Users\Application Data\AV1\AV1Two.exe
c:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
c:\Documents and Settings\All Users\Application Data\AV1\svchost.exe
c:\Documents and Settings\All Users\Desktop\Anti-Virus Number-1.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus Number-1\Anti-Virus Number-1.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus Number-1\Uninstall.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus Number-1
Hello, I was able to remove the registry entries and files using your information. Thank you. I was also able to download the MBAM but when I run it, it will freeze up and I will get a message that the program is not responding. I have tried to run it 3 times and the last time it sat for 3 hours. Can you help me with this?
Matt, probably your computer also infected with a trojan, that blocks running of MBAM. Please follow these steps.
Here is the HJT Results. I will wait for your advice and thank you. Matt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:48 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
…
Matt, please open a new topic at our forum and copy and paste the contents of the HijackThis log into your topic.
Matt, thank you so much for posting this! You just saved me my sanity. I don’t know how I got the Anti-Virus Number 1 on my computer, but for the longest time I just could not remove it or stop it from its constant harassment. I was on the verge of calling the company and give them a piece of my mind! If terrorism existed through a computer, this was a perfect example of what it is! Blessing to you my friend! Best wishes and many thanks! Ri
Thank you so much, at first I was not sure it was going to work, but when I downloaded the program you told me about, i thought to myself: What else could happen, my pc can be ruined, but no, it worked great and althought I paid 80 dollars to those phishers, I’m sure they are gone, and the credit card info they have is no longer valid.