Sunday, February 23, 2014

Remove Windows AntiBreach HelperRemove Windows AntiBreach Helper

Windows AntiBreach Helper Removal Guide
Windows AntiBreach Helper is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows AntiBreach Helper. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows AntiBreach Helper is installed on the computer, it will start automatically when Windows boot. Then Windows AntiBreach Helper will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows AntiBreach Helper will repeatedly shows the pop ups to urge the user to purchase the full version of Windows AntiBreach Helper so that to remove all the threats. However, Windows AntiBreach Helper cannot detect and remove any kind of virus, malware and trojan.


Windows AntiBreach Helper can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows AntiBreach Helper shown in the removal guide below. Windows AntiBreach Helper DLL Files should be unregistered too (see removal guide). All files related to Windows AntiBreach Helper must be deleted. 

Windows AntiBreach Helper provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows AntiBreach Helper should be removed immediately!

Windows AntiBreach Helper Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows AntiBreach Helper.lnk
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.



No comments:

Post a Comment