Windows Efficiency Analyzer Description
Windows Efficiency Analyzer is not as efficient as its name might lead you to believe. Windows Efficiency Analyzer is a fake security program that uses the words "Windows" and "Efficiency" to take away suspicions of it being a scam. Online scams involving rogueware campaigns is the preferred method for cybercriminals to get Internet users to give up their money willingly. Windows Efficiency Analyzer is not the only known rogue anti-spyware program on the Web; some other well-known fake applications are XP Security 2011, Windows 7 Recovery, Vista Security 2011, Windows Vista Recovery, and XP Anti-Virus 2011.
One of the many avenues a naive Internet user may come across a link to download Windows Efficiency Analyzer is from bogus websites alleging to provide an online virus scanner and bundled in freeware found in file-sharing networks. Also, what increases Windows Efficiency Analyzer's level of toxicity is that it uses Trojans to survive in computers. Some Trojans have rootkit-like capabilities which allow Trojan files to hide deep in the computer system and to gain admin privileges to be able to perform all kinds of malicious functions.
Once installed, Windows Efficiency Analyzer will appear to want to help Internet users when it runs a system scan and lists all the dangerous files it alleges to have detected in a machine, but Windows Efficiency Analyzer only wants to frighten Internet users and take them straight to the purchase page to make a payment for the licensed version of the fraudulent program. What you should do is invest in a reputable anti-malware program that has an advanced and smart removal engine to remove nasty rogue anti-spyware programs like Windows Efficiency Analyzer.
Type: Rogue AntiSpyware Programs
Infected with Windows Efficiency Analyzer? Scan Your PC for FreeDownload SpyHunter’s Spyware Scanner
to Detect Windows Efficiency Analyzer
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.
Windows Efficiency Analyzer Technical Report
As new Windows Efficiency Analyzer details are reported by our customers and findings from our Threat Research Center, we will update this section.
Screenshots & Other Imagery
Fake message for Windows Efficiency Analyzer:
The following fake error message(s) appears for Windows Efficiency Analyzer:
|Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
|Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
|System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Location: [application file path]
|System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Windows Efficiency Analyzer has typically the following processes in memory:
|%UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe|
Windows Efficiency Analyzer creates the following registry entries:
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'|
|HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'|
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'|
|HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'|