Remove Windows AntiBreach Tool

Windows AntiBreach Tool is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, Windows AntiBreach Tool cannot detect and remove any kind of virus, malware or trojan on the computer. When Windows AntiBreach Tool is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by Windows AntiBreach Tool. Windows AntiBreach Tool will recommend the user to purchase the full version of Windows AntiBreach Tool in order to remove all the detected threats. Do not buy Windows AntiBreach Tool as it can do nothing.

Windows AntiBreach Tool provide fake features such as Firewall, Automatic Update, Antivirus Protection, Anti-Phising, Advanced Process Control, Autorun Manager, Service Manager, All-in-one Suite, Quick Scan, Deep Scan, Custom Scan etc. All of them cannot protect the computer from any kind of malware.

Windows AntiBreach Tool can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by Windows AntiBreach Tool. These can be done by using Emsisoft HiJackFree.

Windows AntiBreach Tool should be removed immediately!

Windows AntiBreach Tool Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PrSft"=%AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.