Remove-all-malware.com

Remove-all-malware.com Description

Remove-all-malware.com is a browser hijacker promoting the distribution of the rogue anti-spyware application known as Total Security. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the Remove-all-malware.com domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing and downloading the fake spyware remover Total Security.

Technical Information

File System Details

Remove-all-malware.com creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\system32\winsource.dll N/A
2 %Program Files%\TSC\Sc2C21UvvM.exe N/A
3 %Program Files%\TSC\tsc.exe N/A
4 %UserProfile%\Desktop\TSC.lnk N/A
5 %UserProfile%\Start Menu\TSC\Registration.lnk N/A
6 %Program Files%\Common Files\System\Uninstall\Uninstall TSC.lnk N/A
7 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\TSC.lnk N/A
8 %UserProfile%\Start Menu\TSC\Help.lnk N/A
9 %Program Files%\Common Files\System\Uninstall N/A
10 %Program Files%\TSC N/A
11 %UserProfile%\Start Menu\TSC N/A
12 %UserProfile%\Start Menu\TSC\TSC.lnk N/A

Registry Details

Remove-all-malware.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CLASSES_ROOT\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_CURRENT_USER\Software\1FD92E3F7C34799BFB075C41DA05D1FE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "1FD92E3F7C34799BFB075C41DA05D1FE"