Remove “Windows AntiBreach Module” virus (Guide)

“Windows AntiBreach Module” is a computer virus, which masquerades as genuine security software, while actually reporting non-existent malware threats in order to scare the user into paying $99,90 for this rogue security software.
[Image: Windows AntiBreach Module malware]

What is Windows AntiBreach Module?

Windows AntiBreach Module is a rogue anti-virus program from the Rogue.FakeVimes family of computer infections. This program is classified as a rogue because it pretends to be an anti-virus program, but will instead displays bogus scan results, report non-existing computer infections, and does not allow you to run your normal applications.
In this case, not only is Windows AntiBreach Module going to disrupt your system, it’s going to try and trick you into making a purchase using your credit card.
Windows AntiBreach Module appears in the form of a fake Windows warning on your computer system that reads you have a specific number of viruses on your computer (usually in the hundreds) and that this software has detected those viruses. To get rid of them you must purchase the full-version of Windows AntiBreach Module. It’s important to remember that by purchasing the “claimed full version to remove the viruses” you will be submitting your personal information to unscrupulous persons and may also end up being a victim of credit card or identity fraud or theft.

To protect itself from being removed, Windows AntiBreach Module will also terminate any application you try to run on your computer. It does this to protect itself from being removed by legitimate security programs and to scare you into thinking your programs are infected. When this infection terminates a program it will display a message similar to the following:

Firewall has blocked a program from accessing the Internet
c:\windows\system32\taskmanger.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

How did Windows AntiBreach Module virus got on my computer?

Windows AntiBreach Module is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this rogue antivirus without your permission.
Another method used to propagate Windows AntiBreach Module is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Windows AntiBreach Module virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The Windows AntiBreach Module infection is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Am I infected with Windows AntiBreach Module virus?

Some examples of the interface, fake alerts, fake scanning results, and pop-ups displayed by Windows AntiBreach Module virus are shown below:
[Image: Windows AntiBreach Module virus]

[Image: Windows AntiBreach Module virus]


How to remove Windows AntiBreach Module virus (Removal Guide)

This page is a comprehensive guide, which will remove the Windows AntiBreach Module infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance. Please keep in mind that to perform this removal guide, you will need a clean (non-infected) computer and a CD or USB stick.

OPTION 1: Remove Windows AntiBreach Module virus using its activation code
OPTION 2: Remove Windows AntiBreach Module virus by fixing your Windows Registry
OPTION 3:Remove Windows AntiBreach Module virus with System Restore

OPTION 1: Remove Windows AntiBreach Module virus using its activation code

STEP 1: Use the Windows AntiBreach Module activation key to stop its malicious behavior

Windows AntiBreach Module has hijacked your Windows Registry to launch itself before any application and stop you from running any other program. To prevent this from happening, we can use the below code to register Windows AntiBreach Module.

  1. Open Windows AntiBreach Module interface, click on the question mark button in the right top corner, then click on Register button.
    [Image: Click on the question mark and select Register]
  2. When the Windows AntiBreach Module Registration box will pop-up, enter the below registration codes to activate this rogue antivirus.
    Windows AntiBreach Module Product Key: 0W000-000B0-00T00-E0021
    Picture of Windows AntiBreach Module Activation Code
  3. Windows AntiBreach Module should now allow Windows to start, and you should be able to open your browser and any other programs.
    Please keep in mind that entering the above registration code will NOT remove Windows AntiBreach Module from your computer, instead it will just stop the fake alerts so that you’ll be able to complete this removal guide without being interrupted by this infection.

STEP 2: Remove Windows AntiBreach Module virus with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware Free uses industry-leading technology to detect and remove all traces of malware, including worms, Trojans, rootkits, rogues, dialers, spyware, and more.
It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts.

  1. You can download download Malwarebytes Anti-Malware from the below link.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a new web page from where you can download Malwarebytes Anti-Malware Free)
  2. Once downloaded, close all programs, then double-click on the icon on your desktop named “mbam-setup-consumer-2.00.xx” to start the installation of Malwarebytes Anti-Malware.
    [Image: Malwarebytes Anti-Malware setup program]
    Picture of User Account Control You may be presented with a User Account Control dialog asking you if you want to run this file. If this happens, you should click “Yes” to continue with the installation.
  3. When the installation begins, you will see the Malwarebytes Anti-Malware Setup Wizard which will guide you through the installation process.
    [Image: Malwarebytes Anti-Malware Setup Wizard]
    To install Malwarebytes Anti-Malware on your machine, keep following the prompts by clicking the “Next” button.
    [Image: Malwarebytes Anti-Malware Final Setup Screen]
  4. Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the “Fix Now” button.
    [Image: Click on the Fix Now button to start a scan]
    Alternatively, you can click on the “Scan” tab and select “Threat Scan“, then click on the “Scan Now” button.
    [Image: Malwarebytes Anti-Malware Threat Scan]
  5. Malwarebytes Anti-Malware will now check for updates, and if there are any, you will need to click on the “Update Now” button.
    [Image: Click on Update Now to update Malwarebytes Anti-Malware]
  6. Malwarebytes Anti-Malware will now start scanning your computer for the Windows AntiBreach Module virus. When Malwarebytes Anti-Malware is scanning it will look like the image below.
    [Image: Malwarebytes Anti-Malware while performing a scan]
  7. When the scan has completed, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the “Quarantine All” button, and then click on the “Apply Now” button.
    [Image: Remove the malware that Malwarebytes Anti-Malware has found]
    Please note that the infections found may be different than what is shown in the image.
  8. Malwarebytes Anti-Malware will now quarantine all the malicious files and registry keys that it has found. When removing the files, Malwarebytes Anti-Malware may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot your computer, please allow it to do so.
    [Image: Malwarebytes Anti-Malware while removing viruses]
    After your computer will restart, you should open Malwarebytes Anti-Malware and perform another “Threat Scan” scan to verify that there are no remaining threats

STEP 3: Remove Windows AntiBreach Module infection with HitmanPro

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.). HitmanPro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    [Image: HitmanPro start-up screen]
    Click on the Next button, to install HitmanPro on your computer.
    [Image: HitmanPro setup options]
  3. HitmanPro will now begin to scan your computer for Windows AntiBreach Module virus.
    [Image: HitmanPro scanning for malware]
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Windows AntiBreach Module virus.
    [Image: HitmanPro scan results]
  5. Click on the “Activate free license” button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro Activate Free License]

OPTION 2: Remove Windows AntiBreach Module virus by fixing your Windows Registry

In some cases the above registration may not work, so we will need to fix your Windows Registry so that we can boot the computer without being blocked by the Windows AntiBreach Module infection.

STEP 1 : Start your computer in Safe Mode with Command Prompt

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart. Alternatively, you can read this guide to start Windows 8 in Safe Mode.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Command Prompt , and then press ENTER.
    [Image: Starting computer in Safe Mode with Command Prompt]
    If you are using Windows 8, press 6 on your keyboard to Enable Safe Mode with Command Prompt.
    Windows will start in Safe Mode with Networking.

STEP 2: Fix your Windows Registry to remove Windows AntiBreach Module and scan with Malwarebytes Anti-Malware and HitmanPro

Windows AntiBreach Module has hijacked your Windows Registry to start automatically before your Windows desktop is shown, which makes your computer unusable until the infection is removed.

  1. While your computer is in Safe Mode with Command Prompt, the Command Prompt allows you to type commands and then press Enter on your keyboard to execute them.
    In this Command Prompt window, please type explorer.exe and then press Enter on your keyboard.
    [Image: Type explorer.exe in Command Prompt]
  2. The Windows desktop will now appear. When the desktop appears you can then close the Command Prompt window by clicking on the X.
  3. Using a clean (non-infected) computer download onto a CD or USB stick the below program to fix your Windows Registry:
    REGFIX DOWNLOAD LINK (This link will automatically download the registry fix for the Windows AntiBreach Module infection)
  4. Now insert your CD or USB drive into the infected machine and open up the drive letter associated with your inserted media. You can access this drive letter by opening the Computer icon on your desktop or from the Start Menu. Once the drive letter is open, double-click on the RegFix.reg and allow the data to be merged when you are prompted. Once the data has been merged, you can press the OK button and remove the removable media from your computer.
    [Image: Run RegFix.reg in Safe Mode with Networking]
  5. Please reboot your computer into the normal Windows mode and login as the infected user. When you are back at your normal Windows desktop perform a scan with Malwarebytes Anti-Malware and HitmanPro as seen in OPTION 1.

OPTION 3: Remove Windows AntiBreach Module virus with System Restore

System Restore helps you restore your computer’s system files to an earlier point in time. It’s a way to undo system changes to your computer without affecting your personal files, such as e‑mail, documents, or photos.

  1. Reboot your computer into Safe Mode with Command Prompt. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
    [Image: F8 key]
    If you are using Windows 8, the trick is to hold the Shift button and gently tap the F8 key repeatedly, this will sometimes boot you into the new advanced “recovery mode”, where you can choose to see advanced repair options. On the next screen, you will need to click on the Troubleshoot option, then select Advanced Options and select Windows Start-up Settings. Click on the Restart button, and you should now be able to see the Advanced Boot Options screen.
  2. Using the arrow keys on your keyboard, select Safe Mode with Command Prompt and press Enter on your keyboard.
    [Image: Starting computer in Safe Mode with Command Prompt]
  3. At the command prompt, type rstrui.exe, and then press ENTER.
    [Image: Start System Restore to remove Windows AntiBreach Module virus]
    Alternatively, if you are using Windows Vista, 7 and 8, you can type: C:\windows\system32\rstrui.exe , and press Enter. And if you are a Windows XP user, type C:\windows\system32\restore\rstrui.exe, then press Enter.
  4. System Restore should start, and you will display also a list of restore points. Try using a restore point created just before the date and time the Windows AntiBreach Module virus has infected your computer.
    [Image: Restore settings to remove ransomware]
  5. When System Restore has completed its task, start your computer in Windows regular mode, and perform a scan with Malwarebytes Anti-Malware and HitmanPro.

Your computer should now be free of the Windows AntiBreach Module virus. If you are still experiencing problems while trying to remove Windows AntiBreach Module virus from your machine, please start a new thread in our Malware Removal Assistance forum.
How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.