Home Malware Programs Rogue Anti-Spyware Programs Windows Antibreach Helper

Windows Antibreach Helper

Posted: February 20, 2014

Threat Metric

Threat Level: 10/10
Infected PCs: 12
First Seen: February 20, 2014
Last Seen: January 8, 2020
OS(es) Affected: Windows


Windows Antibreach Helper is a fraudulent anti-malware product of a family known for re-branding its members frequently in an effort to disguise them as real security products as opposed to the threat that they actually are. Although Windows Antibreach Helper might pretend to have features to detect and block threats, malware researchers have found nothing but false flags from Windows Antibreach Helper, which is likely to mislead you about the health of your PC while blocking real security software. The use of legitimate anti-malware tools and protocols while removing Windows Antibreach Helper is recommended, as is the case with all PC threats that match or exceed its sophistication.

The Helper Who Ends Up Debilitating Your Computer

Due to their dependence on social engineering to make a profit, families of scamware, including the Tritax/NameChanger and the FakeVimes family that is from where Windows Antibreach Helper has its origins, often require frequent changes to the names of their members. Windows Antibreach Helper is one of the latest of these modifications and is a member of a vast family of clones that include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.

These scamware products often use fake online scanners, with its attacks implemented through scripts, to assist with their distribution. On the other hand, Windows Antibreach Helper's installation also can be accomplished by Trojans and other threats. No matter how Windows Antibreach Helper chances upon your PC, Windows Antibreach Helper will display 'system scans' and a range of different pop-up warnings that alert you to fake infections, with every effort to make these attacks look real. Malware experts also find that Windows Antibreach Helper infections may involve broad attempts to block other software, whether it's through monitoring your PC's memory processes or making harmful changes to your Registry.

Helping Yourself to the Solution to Windows Antibreach Helper

The purpose behind Windows Antibreach Helper's entire strategy is to interfere with the computer operations of its victims until they agree to pay a registration fee for its 'security suite,' but there aren't any benefits to doing so. Nor do malware experts recommend giving Windows Antibreach Helper's creators your financial information, which could be used to make a variety of fraudulent charges even after Windows Antibreach Helper has been removed. In spite of its appearance, Windows Antibreach Helper is threatening software and should be treated as such, with no regard paid to its numerous warning messages.

Even though competent anti-malware products should be more than able to remove Windows Antibreach Helper, Windows Antibreach Helper may attempt to block common anti-malware solutions that could disinfect your PC. To deal with these dilemmas, malware researchers often find that the use of Safe Mode or booting your OS from a removable device are adequate weak points in the threat's defenses. Either option should let you launch an operating system without Windows Antibreach Helper also being launched, enabling full access to any required software.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



svc-cesv.exe File name: svc-cesv.exe
Size: 1.23 MB (1239040 bytes)
MD5: 0a87dc22cfbbc05178ceabed8f51e9c3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2020
%AppData%\data.sec File name: %AppData%\data.sec
Mime Type: unknown/sec
Group: Malware file
%AppData%\svc-[RANDOM CHARACTERS].exe File name: %AppData%\svc-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnk File name: %AllUsersProfile%\Start Menu\Programs\Windows AntiBreach Helper.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Windows AntiBreach Helper.lnk File name: %UserProfile%\Desktop\Windows AntiBreach Helper.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM CHARACTERS].exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exeHKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exeHKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe

Additional Information

The following messages's were detected:
# Message
1Error
Attempt to run a potentially dangerous script detected. Full system scan is highly recommended.
2Error
There's a suspicious software running on your PC. For more details, run a system file check.
3Firewall has blocked a program from accessing the Internet
Internet Explorer
C:\Windows\system32\iexplore.exe is suspected to have infected your PC.
This type of virus intercepts entered data and transmits themto a remote server.

One Comment

  • Wesley says:

    You can also remove it by going to a separate user account with admin privileges. go to the folder %UserProfile%\AppData\Romaing there will be a randomly named .exe file (Hidden as a system file) that needs to be deleted. If you don't see this, you'll need to enable system files by going to Control Panel > Folder Options > View > Hide Protected Operating System Files (Recommended) - and uncheck this box. You should then be able to see the virus and delete it. This will take a lot less time than the previous steps.

Loading...