Windows AntiBreach Module
Written by Tomas Meskauskas on (updated)
What is Windows AntiBreach Module?
Windows AntiBreach Module is a fake antivirus program that generates fake security warning messages in order to trick unsuspecting PC users into purchasing a useless license key. Cyber criminals responsible for creating this scam use fake online security scanners and 'exploit kits' to proliferate this bogus software.
Fake online security scanners are pop-up ads that imitate computer scans and report 'critical security issues' - these issues can supposedly be eliminated by downloading and installing Windows AntiBreach Module. Exploit kits are malware infections that rely on outdated software to infiltrate operating systems.
After successful infiltration, this rogue antivirus program modifies operating system registry files and configures itself to run automatically on each system Start-up.
These system modifications can lead to a situation whereby each computer boot/Startup is followed by the display of a fake security scan performed by Windows AntiBreach Module. This fake security scan results in the 'detection' of various high-risk malware and viruses.
To remove these supposedly-detected security infections, the rogue software demands activation of 'ultimate protection' (the 'full version'). Do not buy this program - it is a scam developed by cyber criminals. Paying for this rogue program is equivalent to sending your money and banking information to cyber criminals.
If you observe Windows AntiBreach Module scanning your computer for security infections, your PC is infected with a rogue antivirus program - ignore the fake security warning messages. The correct way to deal with this bogus program is to eliminate it from your computer.
This fake antivirus program originates from a family of rogue security scanners called FakeVimes. The previous variant of this fake antivirus program was called Windows Antivirus Adviser.
Cyber criminals who created this scam attempt to make the program appear as if it was developed by Microsoft, however, Microsoft maintains just one antivirus program called Microsoft Security Essentials - a legitimate free program (which makes no demand to purchase a 'full version' to access the desktop).
Computer users who are dealing this this bogus program should be aware that none of the security infections indicated by Windows AntiBreach Module exist on their computer - this bogus program generates an identical list of supposedly-detected malware on all computers infiltrated.
If you observe this program on your desktop, use the removal instructions provided to eliminate this scam from your operating system.
Screenshot of Windows AntiBreach Module blocking execution of Internet browsers:
Screenshot of Windows AntiBreach Module demanding payment of $99.9 for the 'full version':
Rogue website used in Windows AntiBreach Module fake antivirus distribution:
How does Windows AntiBreach Module infect the user's computer?
This fake antivirus program infiltrates operating systems using fake online security warning messages. When landing on a malicious or hacked website, users are presented with the fake Microsoft Security Alert message: "To help protect your computer, Windows Web Security has detected trojans and ready to remove them".
In the second step of this scam, users are presented with another fake message - supposedly derived from Microsoft Security Essentials: "Microsoft Security Essentials Alert. Unable to remove threat. Click "Scan online" button to remove this threat."
Clicking the "Scan Online" button downloads Windows AntiBreach Module on the victim's computer.
PC users who observe Windows AntiBreach Module scanning their computers for security infections, should use this removal guide to eliminate this fake antivirus program from their computers.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is Windows AntiBreach Module?
- STEP 1. Windows AntiBreach Module removal - deleting svc-[random letters].exe file.
- STEP 2. Remove Windows AntiBreach Module using a registration key.
- STEP 3. Remove Windows AntiBreach Module using Safe Mode with Networking.
Windows AntiBreach Module fake antivirus removal:
1. Access "Computer". Double click the "Computer" icon.
2. Navigate to C:\Users\[YOUR USER NAME]\AppData\Roaming
3. Locate a file named "svc-[random letters].exe" and click your right mouse button over this file.
4. In the opened menu, select "Rename". Change the filename of "svc-[random letters].exe" to "fake.exe".
5. After renaming the "svc-[random letters].exe" file, restart your computer. Next time the operating system boots, Windows AntiBreach Module will be inactive and will not block access to the Internet.
6. Download legitimate anti-spyware software to completely remove this rogue antivirus program from your computer.
If you cannot download or run the spyware remover, try running the registry fix (link below), which enables execution of programs. Download the registryfix.reg file, double click it, click YES and then OK.
Windows AntiBreach Module removal using a registration key:
1. Click the question mark icon (at the top of the main window of Windows AntiBreach Module) and select "Register".
2. In the opened window, enter this registry key: 0W000-000B0-00T00-E0021
3. After entering this registry key, Windows AntiBreach Module imitates the removal of previously 'detected' security threats and allows execution of installed programs. Note that entering this registration key will not remove this rogue antivirus program - it simply makes the removal process less complicated.
4. Download legitimate anti-spyware software to completely remove Windows AntiBreach Module from your computer.
Windows AntiBreach Module removal using Safe Mode with Networking:
Step 1
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".
Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Video showing how to start Windows XP in "Safe Mode with Networking":
Video showing how to start Windows 8 in "Safe Mode with Networking":
Step 2
Remove proxy settings from Internet Explorer. This rogue antivirus adds a proxy to the user's Internet connection settings to display various errors when attempting to access the Internet. To remove proxy settings: Open Internet Explorer and click the gear icon. In the opened menu, select "Internet Options".
In the opened window, select the "Connections" tab.
In the "Connections" tab, click "LAN settings".
If "Use a proxy server for your LAN" is checked, uncheck it and click OK.
Step 3
Download legitimate anti-spyware software to completely remove this fake antivirus program from your computer.
Step 4
After removing this rogue software, reset your Hosts file. Do not skip this step since Windows AntiBreach Module modifies your Hosts file, and you will encounter browser redirect problems unless malicious entries are eliminated.
The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar.
It is difficult to determine which sites are genuine when the Hosts file is modified. To fix this, download the Microsoft Fix It tool, which restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Summary:
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of windows antibreach module scam and other rogue antivirus programs:
To protect your computer from windows antibreach module scam and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you have additional information on windows antibreach module scam or it's removal please share your knowledge in the comments section below.
▼ Show Discussion