Windows AntiBreach Tool malware (removal instructions)

What is Windows AntiBreach Tool and how could it appear on your PC? If you’ve found this article then you probably would like to have these questions answered. This story is all you need to know about Windows AntiBreach Tool program on your PC.

Windows AntiBreach Tool fake antivirus

Please be advised that Windows AntiBreach Tool is a fake security program currently running on your PC. This fact is surely a regret to us. The program that has such a name is the product of cyber frauds and hackers who want to get your money. They don’t care about rendering any real security services for your PC by means of this fake antivirus.

Windows AntiBreach Tool comes into computers through fake Microsoft Security Essentials Alerts. Some users are scared and tricked by them, so they obey these misleading instructions, and this is how they eventually install Windows AntiBreach Tool malware on their computers.

Windows AntiBreach Tool, being a rogue antivirus software, self-starts itself each time you turn the computer on. It immediately begins imitating the system cleanup of your computer. So, it runs the fake scan of your PC and reports many fake threats. Then it tells that you need to buy its full version (so-called ultimate protection) to have those infections removed. In reality, buying this helpless license of this rogue antivirus is just the waste of your funds, which most probably will never be refunded by the crooks who stand behind this scam.

We recommend you to immediately remove Windows AntiBreach Tool virus from your PC once you detect its presence on it. You will first need to activate this rogue by specifying its working product key, and then you will need to scan your system with a reliable antivirus software that will detect all its related files and registry entries and will remove them from your computer.


Software necessary for Windows AntiBreach Tool virus removal:

Windows AntiBreach Tool removal steps:

  • In Windows AntiBreach Tool click “?” Menu button anc click “Register”:
  • Register FakeVimes virus

  • Paste this product key – 0W000-000B0-00T00-E0022 exactly as shown at the image below, then click “Register“:
  • FakeVimes reg key

  • Afer registration download Plumbytes Anti-Malware without any restrictions on the part of the rogue, scan your PC with Plumbytes Anti-Malware and remove all infections detected by clicking “Apply” button at the end of scan.
  • Restart your computer and repeat scan.

Windows AntiBreach Tool similar removal video at YouTube:

Beware of ways how Windows AntiBreach Tool is spread today:

Windows AntiBreach Tool uses various vulnerabilities of browsers like Internet Explorer, Google Chrome, Mozilla Firefox, Opera and many others for the interference into your computer. For example, you might get the following scary alert, supposedly coming from Microsoft Antivirus:

Microsoft Antivirus fake alert
Microsoft Antivirus has found critical process activity on your PC

Microsoft Antivirus has found critical process activity on your PC. You will need to clean your computer to prevent the system breakage.

If you actually click the “OK” button as shown at the image you will have another fake alert, not associated at all to Microsoft Security Essential Alert, but yet claiming to be such:

Microsoft Security Essentials fake alert
Fake MSE Alert

Microsoft Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash.
Detected items:
– Trojan-PSW.Win32.launch
– HackTool:Win32/Welevate.A
– Adware.Win32.Fraud

Associated files and registry entries:

Related files:

%AppData%\svc-[rnd].exe
%CommonAppData%\connector.swf
%Programs%\Windows AntiBreach Tool.lnk
%Desktop%\Windows AntiBreach Tool.lnk

Related registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\PrSft %AppData%\svc-[rnd].exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe\Debugger svchost.exe

Fake security alerts, notifications and warnings of Windows AntiBreach Tool scam:

Firewall has blocked a program from accessing the Internet
C:\Program Files\Internet Explorer\iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

Error
Trojan activity detected. System integrity at risk.
Full system scan is highly recommended.

Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.