Anti-Virus-1 Description

Anti-Virus-1 is a rogue anti-spyware program similar to Antivirus 2010. Anti-Virus-1 may have been installed by a Trojan known as Zlob or Vundo. Zlob and Vundo Trojans infect users without their knowledge and permission and will attempt to scare or trick the user into buying the full Anti-Virus-1 version of the program. Anti-Virus-1’s common unscrupulous tactics to persuade the user may be bogus system notifications or fake security alerts stating that the computer is infected with an exaggerated amount of spyware. In order to to remove the supposed threats, the user should purchase Anti-Virus-1’s commercial version.

Anti-Virus-1 may also imitate a computer system scan and list supposed spyware infections as a result. However, these resulting entries are created by Anti-Virus-1 itself to make the user believe Anti-Virus-1’s scanner has detected actual threats. Anti-Virus-1 is a threat and should be removed without hesitation.

Type: Rogue AntiSpyware Programs

How Can You Detect Anti-Virus-1?

Anti-Virus-1 Technical Report

As new Anti-Virus-1 details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Anti-Virus-1 files with its MD5s were created in the system:

Anti-Virus-1 has typically the following processes in memory:

• av1.exe
• QWProtect.dll
• %\WINDOWS%\system32\wingamma.exe
• AV1i.exe

Anti-Virus-1 created the following directories, files, paths:

• %AllUsersProfile%\Start Menu\Programs\Anti-virus-1

Anti-Virus-1 creates the following registry entries:

• AppID\29256442-2C14-48CA-B756-3EE0F8BDC774
• QWProtect.QWProtectBHO
• 8D187DFF-423F-41d3-A331-A60DE5886675
• AV1\AV1\F275E931-AFEC-4f70-B0D4-CC2731B945E0
• 051C9A06-FB08-486F-B09B-8B33B261637D
• 512E801E-2F02-4ADE-ACAA-58F08A22B2F8
• 70FEAD04-A7FD-4B89-B814-8A8251C90EF7
• AppID\QWProtect.DLL
• QWProtect.QWProtectBHO.1

Important Article Disclaimer