Windows Antibreach Helper
Posted: February 20, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 12 |
First Seen: | February 20, 2014 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
Windows Antibreach Helper is a fraudulent anti-malware product of a family known for re-branding its members frequently in an effort to disguise them as real security products as opposed to the threat that they actually are. Although Windows Antibreach Helper might pretend to have features to detect and block threats, malware researchers have found nothing but false flags from Windows Antibreach Helper, which is likely to mislead you about the health of your PC while blocking real security software. The use of legitimate anti-malware tools and protocols while removing Windows Antibreach Helper is recommended, as is the case with all PC threats that match or exceed its sophistication.
The Helper Who Ends Up Debilitating Your Computer
Due to their dependence on social engineering to make a profit, families of scamware, including the Tritax/NameChanger and the FakeVimes family that is from where Windows Antibreach Helper has its origins, often require frequent changes to the names of their members. Windows Antibreach Helper is one of the latest of these modifications and is a member of a vast family of clones that include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
These scamware products often use fake online scanners, with its attacks implemented through scripts, to assist with their distribution. On the other hand, Windows Antibreach Helper's installation also can be accomplished by Trojans and other threats. No matter how Windows Antibreach Helper chances upon your PC, Windows Antibreach Helper will display 'system scans' and a range of different pop-up warnings that alert you to fake infections, with every effort to make these attacks look real. Malware experts also find that Windows Antibreach Helper infections may involve broad attempts to block other software, whether it's through monitoring your PC's memory processes or making harmful changes to your Registry.
Helping Yourself to the Solution to Windows Antibreach Helper
The purpose behind Windows Antibreach Helper's entire strategy is to interfere with the computer operations of its victims until they agree to pay a registration fee for its 'security suite,' but there aren't any benefits to doing so. Nor do malware experts recommend giving Windows Antibreach Helper's creators your financial information, which could be used to make a variety of fraudulent charges even after Windows Antibreach Helper has been removed. In spite of its appearance, Windows Antibreach Helper is threatening software and should be treated as such, with no regard paid to its numerous warning messages.
Even though competent anti-malware products should be more than able to remove Windows Antibreach Helper, Windows Antibreach Helper may attempt to block common anti-malware solutions that could disinfect your PC. To deal with these dilemmas, malware researchers often find that the use of Safe Mode or booting your OS from a removable device are adequate weak points in the threat's defenses. Either option should let you launch an operating system without Windows Antibreach Helper also being launched, enabling full access to any required software.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:svc-cesv.exe
File name: svc-cesv.exeSize: 1.23 MB (1239040 bytes)
MD5: 0a87dc22cfbbc05178ceabed8f51e9c3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2020
%AppData%\data.sec
File name: %AppData%\data.secMime Type: unknown/sec
Group: Malware file
%AppData%\svc-[RANDOM CHARACTERS].exe
File name: %AppData%\svc-[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnk
File name: %AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Windows AntiBreach Helper.lnk
File name: %UserProfile%\Desktop\Windows AntiBreach Helper.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM CHARACTERS].exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exeHKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
Additional Information
# | Message |
---|---|
1 | Error Attempt to run a potentially dangerous script detected. Full system scan is highly recommended. |
2 | Error There's a suspicious software running on your PC. For more details, run a system file check. |
3 | Firewall has blocked a program from accessing the Internet Internet Explorer C:\Windows\system32\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits themto a remote server. |
You can also remove it by going to a separate user account with admin privileges. go to the folder %UserProfile%\AppData\Romaing there will be a randomly named .exe file (Hidden as a system file) that needs to be deleted. If you don't see this, you'll need to enable system files by going to Control Panel > Folder Options > View > Hide Protected Operating System Files (Recommended) - and uncheck this box. You should then be able to see the virus and delete it. This will take a lot less time than the previous steps.