How to remove Anti-virus-1 (Delete instructions)

Anti-virus-1 is a rogue antivirus/antispyware program that looks like Antivirus 360 and Antivirus 2010. Like other rogue antispyware programs, it uses malicious programs and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Anti-virus-1. Also the program may use trojans for invisible installation on your computer.

During installation, Anti-virus-1 configures itself to run automatically every time, when you start your computer. Immediately after launch, the program starts scanning the computer and found a lot of trojans and spyware, some of these “infections”: Infostealer.Banker.E, Spyware.IEMonster.d, Zlob.PornAdvertiser.ba, Spyware.IMMonitor and others. All these infections are fake. Then Anti-virus-1 said that you should purchase the program in order to remove them and protect your computer.

Anti-virus-1 also generates false security alerts:

svchost.exe
Internal conflict alert.
Anti-virus-1 detected internal software conflict. Some applicztion tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer.

Spyware activity alert!
Spyware.IEMonster activity detected. It is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs, including logins and passwords from online banking sessions, eBay, PayPal.

The fake alerts may drastically slow the performance of your computer. Use the free instructions below for removing the Anti-virus-1 and any associated malware from your computer.

Symptoms in a HijackThis Log.

O1 – Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 a1.review.zdnet.com
O1 – Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 – Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 www.reviews.download.com
O1 – Hosts: 217.20.175.74 reviews.download.com
O1 – Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 – Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 – Hosts: 217.20.175.74 reviews.pcmag.com
O1 – Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 – Hosts: 217.20.175.74 reviews.reevoo.com
O1 – Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.techradar.com
O1 – Hosts: 217.20.175.74 reviews.techradar.com
O2 – BHO: QWProtectBHO – {70FEAD04-A7FD-4B89-B814-8A8251C90EF7} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O4 – HKLM\..\Run: [Monitor calibration] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe

Use the following instructions to remove Anti-virus-1 (Uninstall instructions).

1. Remove Anti-virus-1 registry entries and files.

• Download Avenger from here and unzip to your desktop.
• Run Avenger, copy,then paste the following text in Input script Box:

  Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}

  Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Monitor calibration

  Folders to delete:
C:\Documents and Settings\All Users\Application Data\AV1

  Then click on ‘Execute’.

• You will be asked Are you sure you want to execute the current script?. Click Yes.
• You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
• Your PC will now be rebooted.

2. Remove Anti-virus-1 associated malware.

• Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
• Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select “Perform Quick Scan”, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.

Anti-virus-1 creates the following files and folders.

c:\Documents and Settings\All Users\Desktop\Anti-virus-1.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-virus-1\Anti-virus-1.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-virus-1\Uninstall.lnk
c:\Documents and Settings\All Users\Application Data\AV1
c:\Documents and Settings\All Users\Start Menu\Programs\Anti-virus-1
c:\Documents and Settings\All Users\Application Data\AV1\AV1.cab
c:\Documents and Settings\All Users\Application Data\AV1\av1.exe
c:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
c:\Documents and Settings\All Users\Application Data\AV1\AV1i2.exe
c:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
c:\Documents and Settings\All Users\Application Data\AV1\svchost.exe