Windows Efficiency Analyzer

Windows Efficiency Analyzer Description

ScreenshotWindows Efficiency Analyzer is not as efficient as its name might lead you to believe. Windows Efficiency Analyzer is a fake security program that uses the words "Windows" and "Efficiency" to take away suspicions of it being a scam. Online scams involving rogueware campaigns is the preferred method for cybercriminals to get Internet users to give up their money willingly. Windows Efficiency Analyzer is not the only known rogue anti-spyware program on the Web; some other well-known fake applications are XP Security 2011, Windows 7 Recovery, Vista Security 2011, Windows Vista Recovery, and XP Anti-Virus 2011.

One of the many avenues a naive Internet user may come across a link to download Windows Efficiency Analyzer is from bogus websites alleging to provide an online virus scanner and bundled in freeware found in file-sharing networks. Also, what increases Windows Efficiency Analyzer's level of toxicity is that it uses Trojans to survive in computers. Some Trojans have rootkit-like capabilities which allow Trojan files to hide deep in the computer system and to gain admin privileges to be able to perform all kinds of malicious functions.

Once installed, Windows Efficiency Analyzer will appear to want to help Internet users when it runs a system scan and lists all the dangerous files it alleges to have detected in a machine, but Windows Efficiency Analyzer only wants to frighten Internet users and take them straight to the purchase page to make a payment for the licensed version of the fraudulent program. What you should do is invest in a reputable anti-malware program that has an advanced and smart removal engine to remove nasty rogue anti-spyware programs like Windows Efficiency Analyzer.

Infected with Windows Efficiency Analyzer? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Windows Efficiency Analyzer

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery


File System Details

Windows Efficiency Analyzer creates the following file(s):
# File Name Size MD5 Detection Count
1 %AppData%\Microsoft\scmaqh.exe 1,763,328 1ef03bfa98f8b7b2ea63c5e96c345db6 55
2 %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe N/A

Registry Details

Windows Efficiency Analyzer creates the following registry entry or registry entries:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

More Details on Windows Efficiency Analyzer

The following messages associated with Windows Efficiency Analyzer were found:
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 7 + 8 ?