Windows Efficiency Analyzer
Windows Efficiency Analyzer is a rogue security and anti-virus program that's installed in the form of a Trojan payload. Like most rogue threats, Windows Efficiency Analyzer will pretend to detect large amounts of infections on your computer, but Windows Efficiency Analyzer can't detect any real threats. Infected computers may also have a multitude of applications blocked and experience browser hijacks that redirect you to malicious websites. You can remove Windows Efficiency Analyzer by using standard anti-malware strategies like Safe Mode and anti-virus software system scans.
This New Member of the Rogue Program Gang Has Nothing New to Say
Windows Efficiency Analyzer keeps the same interface that many other clones from its family are using lately - examples of Windows Efficiency Analyzer's identical cohorts include Windows Safeguard Utility, Windows Custom Settings, Windows Risks Preventions and Windows Oversight Center.
Like the other members of its family, Windows Efficiency Analyzer will pretend to monitor and grade different aspects of your PC like 'hard disk optimization' and 'media components.' You don't need to worry about getting a failing grade on Windows Efficiency Analyzer's test, however, because Windows Efficiency Analyzer is preprogrammed to give negative scores to all computers without ever trying to analyze anything.
Another common false alarm that Windows Efficiency Analyzer may use on a regular basis is the creation of fake infection and system alert pop-ups:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Acting on the advice that these pop-ups give you can result in serious harm to your PC, since Windows Efficiency Analyzer only creates these errors without checking for accuracy in the first place.
What Else Windows Efficiency Analyzer Has Hidden Behind Its Back
Windows Efficiency Analyzer is distributed by Fake Microsoft Security Essentials Alert infections. Either the Fake Microsoft Security Essentials Alert Trojan or Windows Efficiency Analyzer itself may engage in other malicious behavior, including browser hijacks and disabling system maintenance and security programs.
All members of the Windows Efficiency Analyzer group of rogue programs will exploit the Windows Registry to run automatically. Use Safe Mode to disable this automatic startup, and then scan your computer for Windows Efficiency Analyzer and any related threats like the Fake Microsoft Security Essentials Alert Trojan.
As of June 2011, Windows Efficiency Analyzer is a new clone and may be sufficiently altered to avoid previous detection methods. It's strongly recommended that you update your security software before trying to remove Windows Efficiency Analyzer.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
Additional Information on Windows Efficiency Analyzer
- The following messages's were detected:
# Message 1 Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!2 Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!3 System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.4 Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot5 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.6 Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Oh. I don't like AVG. Merely not detecting viruses in many cases. same as in the case of this windows essential virus. had to use your download malware scanner. thanks a million.