Windows AntiBreach Patrol

Hey, I somehow caught a virus and now my computer is infected with a fake antivirus program - Windows AntiBreach Patrol. Ive stopped using AV tools a long time ago and I didnt have any problems until now. So I googled it and I found a couple of removal guides. I followed this one xp-vista.com/spyware-removal/windows-antibreach-patrol-removal-guide (sorry I can't post links) but now I dont know if the product they suggest is a good choice. What program should I use? Can you recommend a free one? Thanks!

 

My suggestion is...
dissconnect your computer from your network
Reinstall your OS if you don't have a disk you can buy a recover disk for your computer on line. You can buy one for your computer for about 50 USDs.
Install what ever security and software you an get without being connected to the internet.
Before you connect, image your clean setup to an external drive.
The next time this happens you can just reimage.
Formatting is about the only way to get rid of all your malware.
There are articles on doing just that in this forum and how to get imaging software for free.
Before you disconnect you might want to download Belarc Advisor and run that on your computer. It inventories your software licenses, keys etc. Save that infor to a safe place.

PS before you connect unplug your router. It is probably infected and unplugging it clears the RAM. Otherwise you will be attacked the second you connect bask to your network.

 

@Mez, Your too paranoid, it is not necessary to reformat/reinstall at this time.

Hi Aliee, DDP is correct in trying a System Restore to a point before you were infected with this Rogue.. And if that fails then follow the instructions at the link: http://malwaretips.com/blogs/windows-antibreach-patrol-virus/ and use the option1 for Malwarebytes and free HiotmanPro to remove this. After doing that since you haven't been using any security software, you are probably infected with other threats that just haven't shown up so I can give you some scans to run and get you cleaned then suggest some Security software to prevent re-infection.

p.s. don't use that second link that DDP posted, it has a reputation for delivering malware.

2oG

 

Guilty as charged!

Still, McAfee has admitted to only dealing with the new malware that damages the computer and ignoring the malware that doesn't just because they can't resmond to the rest because they don't have the resorces. I think the new finds stated by McAfee are now above 100,000 per day. The worst is, I bet the statement had as much positive 'spin' as they dared add.

For me that means I don't trust that a malware scanner is going to find all the malware on MY computer let alone the military grade maleware that is too stealthy to find by the top AV scanners. 12-2012 80 out of 80 malware tested successfully infected computers protected by the top 3 or 5 AV scanners/security systems without any alarm given.

I am paranoid but my fears are not groundless.

 

A little food for thought - maybe

“At the present time Kaspersky Lab detects and blocks more than 200,000 new malicious programs every day, a significant increase from the first half of 2012, when 125,000 malicious programs were detected and blocked each day on average.”

To all you non-paranoids out there…

There is no way new 200,000 malware botnet are being written from scratch daily. I believe they are NOT adding 200K new viral signitures to the scanning database every day. If they did, scanning a computer would take days. They are acting on a very small segment of what was found that day the rest are ignored. I am sure more are being ignored than are added to the scanning database. If I am correct, your scanner will not even detect all the known malware let alone all the unknown ones.

This is my wacky paranoid theory…
You have 3 basic grades of malware.
1 Military grade – fairly unstoppable and undetectable cost for a kit 2500 USDs
2 Professional grade fairly stealthy average cost for a kit 700 USDs
3 Freeware grade given away to anyone that wants to download a copy.

Kits allow the bot-master to build a customized botnet and require some skill.
My whacky theory is #3 is given away by the producers of 2. #2s can be located by AV scanners if their viral signature is in the scanner’s database so they are vulnerable to AV.
I bet #3 have routines that attack their computer host, probably with a long time delay like a year. This gives the botmaster time to make the 700 USDs to upgrade to the real deal. I am sure every down load has a different viral signature. These keep the AV business overloaded trying to just trying to keep computers from being attacked.
The beauty of a plan like this is it provides an entry platform. The freeware is supposed to be so easy a teenager with no IT training can become a botmaster. The entry platform has an expiration date. The botmaster can either upgrade or get another freebee that will unleash a new sacrificial botnet on the world when his botnet starts to shrink instead of grow. #3 gives amble cover for #2. Lastly, #3s add to world anarchy.

 

Oh Mez, your a hoot. lol

You appear to me to be so paranoid that you wear spenders AND a belt because you don't trust your pants. lol

The malware hitting the web each day has more than tripled since XP has lost M$ support, that is, unless you pay M$ for it to continue...

I test and recommend security software for about 50 of my customers and clients that I have built computers for over the past 15+ years. Since XP went south and I have some XP diehard's that will not give it up until someone takes it from their cold dead hand, I have set them up with Faronics DeepFreeze. DeepFreeze is about as Bullet Proof as you can get. It runs in a Virtual Machine and can pass Data to the Real machine through a special partition called Igloo. Anything that infects you can be killed by simply rebooting.

 

mez your logic is flawed cause if someone knows how to make botnets they know how to detect botnets.

I have a solution to stop malware but it might seem dramatic and draconian.If 1 person makes malware (a bot,virus,hack or any sort of malware) and gots caught he has to pay to have every computer in the world that's infected with the malware he created replaced with all latest hardware including any software the consumer wants.It would make them pay for there actions and it would be more fitting to the crime than jailing them for years.

 

Well, on that note...
From what I can tell, no botnet has attacked a government web site since the Pentagon. I suspect they thought the attack couldn't be traced back to them. I am sure other botmasters thought about this and may have realized that the botnet owners were lucky and attacked the US. A smaller, less ethical country might have just sent a hit man to settle the score. That was a fairly long time ago. The hackers are not rabid dogs.

2old, I don't mind being thought a crazy and I am unsure myself. Still, if what Kaspersky Labs stated about 200,000 new signitures a day is true that is over 1 million new viral signitures a week and over 50 million/ year. How many signitures can be scanned for each file on your computer? How big does that viral database need to be? What about serverside polymorphic malware? It does exist or at least a few major security firms have solutions to protect you from web attacks. Only a firewall can stop an attack directed to your IP address. This is a common mode of attack. With botnets that have more than 10 million zombies could attack every IP address in the world within a week or so. Where is my judgement error? What is my big mistake? Why shouldn't I be worried?

I know another security professional that uses a sacrificial VM when he buys anything on the web. He is a mid level manager at SAIC in the security division. He is more 'paranoid' than I am as is your customers using Faronics DeepFreeze. I suspect they are the smart ones.

 

I have always said that sometimes paranoia is just good thinking! lol

Instead of attempting to maintain a signature or black list of the ever changing or polymorphic malware, the cloud technology now can keep a huge white list of the known good programs and if a file doesn't pass that it is stopped.. The only kink in that is if a file is really new or very old and has very few users, it will not pass.. Even with that, the list can be kept up a lot faster than a constantly changing black list.

 

I like the white list concept it is likely smaller than a weeks worth of new malware. I have seen my security balk and ask if I really wanted to install an unusual application. Had I not been installing any software that warning would have been VERY useful. That is the most useful bit of information I have gotten off AD this year. It is also somewhat comforting. I have had maybe a half dozen attacks to by browser this year. I am guessing browser addons are not white listed. If browser addons were not part of that protection process that would be a great vulnerability to exploit. It is also possible that they are since the attacks were all interrupted.

None of this explains how something installed itself on my computer at about the time of the last attempted browser attack. I didn't notice the 'bubble note' that something had been installed until I went to click on the Start button to shut down. I assure you I NEVER install anything during a browse session. As a paranoid, I have removed most if not all applications that that auto update on my computers. Until I figure that one out I will continue to be paranoid.

 

i hear you mez.i dont let anything autoupdate.

 

I guess I am less paranoid that you guys. Or at least more confident in my security set up.
I use this machine to roam the web and search for info, download and test programs, test my security against tons of Zero-Day Threats and intentionally allow threats to infect me so that I can see what is the best way to remove all traces. Sometimes I use a VM but mostly just stay in my real machine. My drivers are updated automatically and I use Secunia PSI to keep all my programs updated auto. Which is about 85 programs on this machine. I don't allow my browser to be updated, I take care of that. I also have a couple of end of life programs that don't get updated, Office 2003 and Quicken 2010...

I have no problem with any infection because I keep a restore point and registry backup before playing with any malware. If that don't work, I have daily Image backups for the past month... All my Data is kept on another drive and is backed up in real time with Acronis Nonstop backup. My desktop is also kept with my data and if I ever do lose something, I can recover it in a heartbeat.

 

You may have a BIG point in your favor. If I was a bot master, I would keep a database of all my zombies. IP address, OS, security ect. Once you have been a zombie you are a known quantity and your defenses will be continually tested until you are back in the fold. If you have been clever enough to never been infected you aren't on anyone's hit list. I know I have been infected. I am sure all IP addresses are probed routinely but if your firewall is stealthed they may not know if the address is active. This computer is rarely connected to the internet. That combined with a stealthed firewall ought to confuse the AI if any exists. The AI would be a record as to what attacks worked and which failed. When the computer is off or disconnected it is invincible. Like all predators, they go after low hanging fruit.

 

@aldan and Mez
Mez,
As paranoid as you are and being around an IT Dept., I think… Do you not know about EMET? (Enhanced Mitigation Experience Toolkit)
I have been using it for years in the IT Dept I was over before retiring and also at home to stop hackers, exploits and plug holes in the OS and applications until they are patched.

MalwareBytes has released a very limited home version called MBAE (anti exploit) that I have been testing and it’s doing very well but very limited and designed for the inexperienced novice user.

While the security world is busy spreading meaningless fear and drama around the birth of Zero Day Exploits and similar things, Microsoft has released an update to the best security software ever created, their Enhanced Mitigation Experience Kit (EMET). You would expect the websites to be busy writing about it, but no. Maybe one or two sources.

Why, you ask? Well, because money is all about selling inferior blacklisting products rather than resolving user issues. When it comes to security, EMET takes a fraction of bandwidth to download and install, it requires no reboot, it's fully supported by Microsoft, it can be deployed and managed in a centralized manner using GUI or command line or even group policies, and it imposes no performance penalty on the user. It's a whitelist product, it requires no interaction, and it's virtually foolproof. The perfect security product or as near perfect as you can get. IMHO And the security industry hates it and tries to keep it under the radar.

I believe this is the first and only time I have ever mentioned it on AD. That’s because it’s NOT for a novice or anyone who doesn’t have some advanced knowledge of computers.

The latest update to EMET, version 4.1, now covers Win 8, Server 2012 and requires .Net Framework 4 to be installed..

I have used EMET v3 for a very long time and have just upgraded to v4.1 and when I make the statement that I NEVER get any Malware unless I install it myself, I MEAN IT!


Tutorial:
http://www.dedoimedo.com/computers/windows-emet-v4.html

User manual:
http://www.microsoft.com/en-us/download/details.aspx?id=41138


2oG

 

an addendum to that,i have one question for mez.what makes you think you are so interesting that the hackers even care about you?ive been on the net since 2006,yes a relative newbie,and havent had a major infection in all that time.mez,you need help,and it might be time to get it.conspiracy theories are just what they sound like.theories.

 

2old,

No I have never heard about EMET. I will look into it. For the last 15 years or so I may not have even been in the same building as the serurity team.

aldan, I don't. That would actually make me delusional and parniod if I thought that way.

I am a database programmer I assure you it is only a little harder than child's play to have a database record of every IP address you have attacked. I could probably build something like that in a weekend. If you brake in to the computer you inventory the computer and store that info back in a database record. That would't take much more than maybe .1 seconds. Everything you need are in memory variables. You might even copy the registry.

If you are never breached and completely stealthed then no one really knows if that IP address is active. No smart hacker beats on a dead horse when there are billions of easy targets out there.

I suspect both you and 2old have been breached but who knows, and 2old has pleanty of tricks so maybe he is clean. I don't think you are close to that clever.

I do not like your attitude. Who made you omnipotent? Maybe I have good reason to be paranoid.

5+ years ago I had a local hacker break into my wireless network using an amplified directional antenna. We had a tug of war with my wireless network for over a year. I would boot him out and upgrade my security. Some upgrades kept him out for months. The hacker had to be young and had something to prove. Had he been sneeky, I probably would have never noticed. When he ‘came back’ he changed the router login credentials and used up enough bandwidth that we couldn’t browse the internet. Since I cut and pasted the credentials from note pad then print them out and taped them to the router, I can be sure I didn’t forget the password. At the end, he broke the highest security and longest and most complex ID and password the router would allow in a few hrs. 32 char ID and 64 char password. Upper and lowercase alphas some numbers and special characters. I went wired and put an end to that. I wonder how long the hacker continued to try to find my signal? I had been experimenting with making my antenna directional just before I went wired.

Do you think this was a delusion?

About a year later I didn’t like the bandwidth on my internet but the ISP claimed the connectin was strong. I ran over a dozen malware scanners and it looked clean. Some thought I was jumping at shadows on this forum since nothing was found and I believe one of them was you. I Bought a new C: and the old became D: The problem was gone. 2+ years later malware was discovered on d:. I remember posting that find. The infection was in my old airupdater. I remember getting flack that it was probably a false positive. I probably stated it could be there was no info on the malware at that time other than it existed. Much later, I discovered a full write up on it on one of the virus scanner web sites. The attack was to update the airupdater into malware. After than it has cart blanch permissions and free access through the firewall.

Do you think this was a delusion or maybe Norton was spouting nonsense?

A few years back my new MOBO started to fail. My HD then USB ports and mouse started going bad. Since I still had 2 HD drives and more than 4 USP ports and no money, I got a USB mouse and forgot about it.

Less than 2 years back I formatted and reinstalled all the software I could without needing to be connected to the web. Before this I would have MS validate my credentials using the web right after the OS installation. After the install, my motherboard was as good as new. Googling I found plenty of malware that could have been responsible. All malware scans were clean for the year or 2 between when my MOBO started to go and the rebuild. I don’t look for malware any more other than my automated scans. I consider the effort worthless.

Do you think this was a delusion?

Since I started installing my firewall and having it up and running, something would always try to get through. This was always be instantaneous after connecting to the network. After reading about thing-bots I reimaged all my computers and swapped out my router. When I connected my computers, nothing tried to get into anything. I had a clean system.

Do you think maybe the attacks were coming from the router or am I just babbling?

I read an article where some techs randomly checked routers and other IoTs looking for botnets most were infected. What makes you think your IoTs and computers are clean?

In 2012 an article was published. It took a set of 80 terribly sophisticated malware taken from the wild and had them each attack computers protected by the top 3-5 personal security softwares. All 240 – 400 computers (I can’t remember which) were infected without detection. It has been confirmed in 2013 that there is no technology available to find this grade of malware on your computer. There is technology that will prevent attacks while you browse the internet. One is available for free to personal users. There is no personal firewall that is certain to keep everything out.

Do you have any good reason why you think your compuiters and router are not infected?

Silly me figures unstoppable and undetectable maleware would spread like wild fire. What magic protected your computer from them or do you think the article was a hoax and the dozens of compaines are playing along?

I am truly curious to understand the working of your mind…
Why aren’t you paranoid and think I am silly?

I knew 2 white hat hackers and took a security course from another and had a long chat with him afterwards. I met a few back hat hackers on AD. The one I know fairly well considered me lackadaisical, not paranoid. All went to unimaginable extremes to stay safe.

It just came to me, do you even have a good idea what a botnet is? Bot stands for robot. These things run 24/365 without any need for human intervention. The only time a human is involved is when you add a new routine or alter the marching orders. This is done by only using a master computer. From there the new stuff is copied automatically throughout the botnet. Once these are up and running a 100,000,000 zombie network only requires a few hrs of human instruction. All the attacks and other 'good work' they do is completly automated running on zombies like your computer. They are the Borg of the computer world.

 

ok mez,point taken.maybe i was being harsh with you but i remember when you counted bitrates,not botnets and you were a lot more interesting then.im just a dumb canuck who only got his first computer in 2004.a pentium p54c with windows 95 (later upgraded to 98se).ive spent 10 entertaining years learning about computers,breaking a few along the way,including the p54c.lol.the most serious infection ive had was avtivirus 2009 and with 2olds help got rid of it.i too have a few tricks up my sleeve,or rather in my notebook,most learned from tuts on this site and reading every malware post with 2old contributing.i dont reinstall my os every 6mos,and i dont worry about threats that may or may not come my way.i was a kid when the countdown clock was only seconds away from armageddon and remember the duck and cover drills well.if i let the threat of nuclear anihilation bother me i would probably be dead by now,so dont expect me to go all gaga about botnets.in the final analysis its just a computer.ive lost way more valuable things in my life than that.im now going to surf some porn and im not the least bit worried.lol.ps i miss your input in the audio forumns.

 

Were you using WPA2 encryption? You said Password and ID but what kind of Shared Key were you using?

You have to forgive my disbelief but that kid could win every lottery out there with that kind of guessing..

To be able to find a password or Shared Key of 32 or 64 random chars using the Brute Force method would take several Trillion Years…. If I recall there are 94 printable keys on a keyboard meaning a total of 94 to the 32nd or 64th power would be required.

I use a "pseudo-random" 63 chracter Shared Key in my router.
Example (not mine):

YS7w7M|bDp(n`amU]^n8ww\>zsGcC:c((5k<^Bm8Q9DHq_k~Wj[-@K#kg=9sm0G

 

christ,i cant read it let alone crack it.lol