Theprotectall.com
Theprotectall.com is a criminal website responsible for the promotion and distribution of rogueware such as Antivirus IS. Users infected with Antivirus IS or other rogueware, will find themselves being frequently redirected to Theprotectall.com which will provide a payment page for the "licensed version" of the rogueware. No matter how many security alerts Theprotectall.com or Antivirus IS displays, do not believe them and never purchase anything from Theprotectall.com.
File System Details
Theprotectall.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Local Settings\Application Data\{random}\{random}.exe | |
| 2. | %UserProfile%\Local Settings\Application Data\{random} |
Registry Details
Theprotectall.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5643"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "{random}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "{local}"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{random}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
