Anti-Virus Number 1

Posted: March 16, 2009

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	23

First Seen:	July 24, 2009
Last Seen:	January 9, 2019
OS(es) Affected:	Windows

Anti-Virus Number 1 is a rogue anti-spyware program that is often downloaded and installed without user knowledge or consent by a Trojan or through browser security holes. Anti-Virus Number 1 launches on Windows startup and may generate large numbers of popup adverts. Anti-Virus Number 1 will also display notifications of imaginary security risks in its attempts to get the user to purchase the full version. The fake warning messages state:

"Privacy Violation alert!
Anti-Virus Number-1 detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. click here to block this activity by removing the threat (Recommended)."

"Internal conflict alert.
Anti-Virus Number-1 detected internal software conflict. Some applicztion tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer."

If you follow its directions, you will download Anti-Virus Number 1, and once downloaded Anti-Virus Number 1 may redirect your Internet Explorer home page to a malicious website. Anti-Virus Number 1 may also download and install other software without your permission. Anti-Virus Number 1 may be distributed through bundles of trojans and other malware. Anti-Virus Number-1 is a clone of the infamous Anti-Virus-1 and Antivirus 2010, which are other corrupt distributed programs. Anti-Virus Number-1 should not be trusted and is recommended to be removed.

Aliases

TROJ_KRYPTIK.OL [TrendMicro]Adware/WinAntivirus2006 [Panda]Trojan.FakeXPA.A.220 [McAfee-GW-Edition]not-a-virus:FraudTool.Win32.SecurityCenter.bc [K7AntiVirus]Misc/SecurityCenter [Fortinet]FraudTool.Win32.SecurityCenter.bc [F-Secure]Win32/FakeAV.AKQ [eTrust-Vet]Unclassified Malware [Comodo]FraudTool.SecurityCenter.bc (Not a Virus) [CAT-QuickHeal]Trojan.FakeAV.IS [BitDefender]Agent2.BUU [AVG]FraudTool/Win32.SecurityCenter [Antiy-AVL]TR/FakeXPA.A.220 [AntiVir]Win-Trojan/Fakeav.527360 [AhnLab-V3]TROJ_FAKEAV.AMO [TrendMicro]
More aliases (128)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

install[1].exe

File name: install[1].exe
Size: 53.24 KB (53248 bytes)
MD5: ac8d896fce7ba400e9ce2fd191440db0
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

N1Two.exe, 3[1].exe

File name: N1Two.exe, 3[1].exe
Size: 257.53 KB (257536 bytes)
MD5: b39e48747d1986cbe8967436019d325b
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

QWProtect.dll

File name: QWProtect.dll
Size: 12.9 KB (12904 bytes)
MD5: db7ff4331b0cd6f9462facf4a58bd7a3
Detection count: 75
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

N1.exe

File name: N1.exe
Size: 527.36 KB (527360 bytes)
MD5: 2d6a49219639d63428b91eb7647ce491
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 4, 2010

N1i.exe

File name: N1i.exe
Size: 48.12 KB (48128 bytes)
MD5: 062eb252bb303778d9df724ac81b7184
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

N1.exe

File name: N1.exe
Size: 527.36 KB (527360 bytes)
MD5: 913e4bb71d2f9c88b47f9fa2e025381d
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

QWProtect.dll

File name: QWProtect.dll
Size: 113.15 KB (113152 bytes)
MD5: c45ea7c61144d3586193b1d31c1e796c
Detection count: 43
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

svchost.exe

File name: svchost.exe
Size: 79.36 KB (79360 bytes)
MD5: 530b7ddc5f568d399e767ab1f723bbd7
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

N1i.exe

File name: N1i.exe
Size: 48.12 KB (48128 bytes)
MD5: 0e2c36deac4c770d47f89b6982ae99db
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

AV1Two.exe, Three[1].exe

File name: AV1Two.exe, Three[1].exe
Size: 152.06 KB (152064 bytes)
MD5: dd49dadcd4b78fe5a91788ab73ba7f39
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

n1.exe

File name: n1.exe
Size: 527.36 KB (527360 bytes)
MD5: 4f83288fd1d7bb64e718a05475e332d7
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

AV1Two.exe

File name: AV1Two.exe
Size: 175.61 KB (175616 bytes)
MD5: 4eeb5bedf3baa0f1421daf132abeffef
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010

2 Comments

xp home security says:

March 27, 2012 at 11:58 am

I used safe mode (F8) the did a system restore to a date before the AV security suite was installed and it worked perfectly.
Blair S says:

April 10, 2012 at 12:59 pm

I didn't have the patience to spend another minute trying to battle this demon so I just ended up restoring my system to a day earlier.