Windows Efficiency Accelerator

Posted: April 25, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	12

First Seen:	April 25, 2012
Last Seen:	November 19, 2019
OS(es) Affected:	Windows

Although Windows Efficiency Accelerator pretends to guard your PC against such threats as phishing attacks, keyloggers and other security risks, as a member of FakeVimes, Windows Efficiency Accelerator doesn't carry even a single one of the many security features that Windows Efficiency Accelerator boasts of possessing. In lieu of giving you real security information, Windows Efficiency Accelerator will display fake system scans, inaccurate pop-up alerts and fraudulent threat warnings to make it appear as though nonexistent attackers are endangering your computer. In addition to its worthless nature as an anti-virus product, Windows Efficiency Accelerator may also make attacks that can actively reduce your computer's security, including hijacking your browser searches or blocking unrelated applications. Hence, SpywareRemove.com malware experts recommend that you expel Windows Efficiency Accelerator from your PC with genuine anti-malware software, which will also resolve all related symptoms of a Windows Efficiency Accelerator infection when undertaken properly.

Why the Only Thing That Windows Efficiency Accelerator Speeds Up is Its Access to Your Wallet

Like most other types of rogue anti-virus programs, Windows Efficiency Accelerator doesn't have any legitimate ability to find or remove PC threats from your computer, but displays fraudulent security information as a replacement for the real thing. Typical pop-up alerts from Windows Efficiency Accelerator can involve nonexistent data transmission activity, digital signature issues, Trojans or even identity theft-related attacks, all of which should be ignored as fake. SpywareRemove.com malware researchers note that following Windows Efficiency Accelerator's advice and trying to delete 'infected' files is even likely to damage your PC, and that any unusual side effects are most likely caused by Windows Efficiency Accelerator itself (or a related PC threat).

Windows Efficiency Accelerator's main goal is to force you to buy its 'full' version with a purchasable registration key. This should never be done under any circumstances, although SpywareRemove.com malware analysts have found some cases where faking Windows Efficiency Accelerator's registration via the free key '0W000-000B0-00T00-E0020' can be helpful while trying to delete Windows Efficiency Accelerator.

What to Do When Windows Efficiency Accelerator Kicks Its Attacks Into High Gear

SpywareRemove.com malware analysts have also noticed that Windows Efficiency Accelerator can indulge in direct attacks against the security software and settings of an infected PC, as well as other scamware from its family such as Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security. Standard dangers that you should anticipate from Windows Efficiency Accelerator or any other Win32/FakeVimes-based PC threat include:

Search engine hijacks that force your browser to load unfamiliar websites. Since these hijacks use Hosts file modifications, they can function in all types of web browsers.
Blocked security software, such as Task Manager, popular brands of anti-virus scanners and general system diagnostic utilities. Windows Efficiency Accelerator may also block some competing types of rogue anti-virus products although, obviously, the latter isn't any cause for worry.
Changes to your Windows settings that allow you to download files with invalid signature identification without corresponding warning messages.
Disabled UAC features.

These attacks cause SpywareRemove.com malware experts to recommend Windows Efficiency Accelerator's immediate deletion once you have access to any good anti-malware scanner, since they place your computer in a heightened state of vulnerability against other PC threats.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\Protector-aydv.exe

File name: Protector-aydv.exe
Size: 1.85 MB (1856000 bytes)
MD5: 0f9c4d58461ef0983e3399ea489c1987
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 25, 2012

%APPDATA%\Protector-pyqj.exe

File name: Protector-pyqj.exe
Size: 1.86 MB (1860096 bytes)
MD5: c6d040541e5c3a378359698d07e3680b
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: November 19, 2019

%AppData%\NPSWF32.dll

File name: %AppData%\NPSWF32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%AppData%\result.db

File name: %AppData%\result.db
Mime Type: unknown/db
Group: Malware file

%AppData%\Protector-[RANDOM CHARACTERS].exe

File name: %AppData%\Protector-[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%CommonStartMenu%\Programs\Windows Efficiency Accelerator.lnk

File name: %CommonStartMenu%\Programs\Windows Efficiency Accelerator.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%Desktop%\Windows Efficiency Accelerator.lnk

File name: %Desktop%\Windows Efficiency Accelerator.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net

Additional Information

The following messages's were detected:

#	Message
1	Error Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
2	Error Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
3	Torrent Alert Recomended: Please use secure encrypted protocol for torrent links. Torrent link detected! Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation. Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.
4	Warning Firewall has blocked a program from accessing the Internet C:\program files\internet explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
5	Warning Firewall has blocked a program from accessing the Internet. Windows Media Player Resources C:\Windows\system32\dllcache\wmploc.dll C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
6	Warning! Spambot detected! Attention! A spambot sending viruses from your e-mail has been detected on your PC.