Windows Efficiency Manager

Posted: March 2, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	28

First Seen:	March 2, 2011
Last Seen:	January 8, 2020
OS(es) Affected:	Windows

Windows Efficiency Manager is a rogue system diagnostics program that pretends to have useful features while actually harms your computer. Trojans are the primary infection method for Windows Efficiency Manager, and the rogue anti-spyware product will quickly take over any computers it infects by forcing itself to be run and go through a scan immediately after system startup. Scan results and other communications by Windows Efficiency Manager are all faked to get you to give money to criminals, and the infection will actually block your real security programs. If you find yourself infected with Windows Efficiency Manager, delete it from your machine since it's a non-negligible security risk while present.

Windows Efficiency Manager is a Clone of a Clone of a Clone (Ad Infinitum)

Windows Efficiency Manager is far from innovative; Windows Efficiency Manager belongs to a family with many duplicates differentiated mostly by their names. As a clone of preexisting rogue anti-spyware threats like Windows Troubles Analyzer, Windows Optimal Tool and Windows Problems Solution, Windows Efficiency Manager relies on a lack of recognition on the user's part to be effective. Updated and reliable security programs should be able to thwart Windows Efficiency Manager and its related Trojan delivery mechanism before serious harm is done.

As is the case with all its other family members, Windows Efficiency Manager is delivered primarily through the fake Microsoft Security Essentials Alert Malware. This Trojan will create a convincing-looking desktop pop-up warning of infection, followed by a clarification of Win32/Trojan presence.

If you go along with this Trojan, you'll find Windows Efficiency Manager 'scanning' your system, detecting Trojan.Horse.Win32.PAV.64.a, and then recommending installation of a rogue anti-spyware program! If you spot these matches and treat them as threatening Trojan behavior and not as a helping hand from Windows, you'll be able to sidestep ever needing to figure out how to remove Windows Efficiency Manager or otherwise deal with it.

Windows Efficiency Manager is a Rogue Anti-spyware Program's Seemingly Friendly Behavior – Not So Friendly After All

Windows Efficiency Manager will appear to be useful when it's first installed. You'll see Windows Efficiency Manager offering a scan of your system after every reboot, and Windows Efficiency Manager will also offer handy diagnostic visuals of your licenses and general computer security updates. Sadly, this is all too good to be true; Windows Efficiency Manager inevitably displays poor scores and poor updates in all areas, no matter what your computer is like. Scans and alerts issued by Windows Efficiency Manager are also completely erroneous. You may see error messages like the ones below:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning!
Name: firefox.exe
Name: c:\program files\firefox\firefox.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

The worst way Windows Efficiency Manager abuses these error messages is to use them as part of a scheme to block out all your real security programs. Not only should you not pay for Windows Efficiency Manager, but just having Windows Efficiency Manager around at all inherently makes your computer vulnerable to other attacks! The sooner you delete Windows Efficiency Manager from your computer and your life, the better off you'll be.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\nhlkko.exe

File name: nhlkko.exe
Size: 2.35 MB (2351104 bytes)
MD5: 5190c0f3d4c10fd825d0ab272a3cba8f
Detection count: 97
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: January 8, 2020