Windows Performance Manager
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | March 1, 2011 |
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
Windows Performance Manager Image
If you have something called Windows Perfomance [sic] Manager popping up on your computer, and you're wondering why a security program would be so disruptive and include a spelling error in its name, you're not alone. Windows Perfomance Manager is malware, and it is part of a very large rogue anti-spyware family that adds a new member every day or two, which means that this threat is very widespread. Needless to say, you should not trust anything that Windows Perfomance Manager tells you about your computer or the security of your information.
Table of Contents
Symptoms of Windows Perfomance Manager
The most noticeable and most destructive symptom of an infection with Windows Perfomance Manager is the fake interface that Windows Perfomance Manager loads every time Windows starts, which will prevent you from viewing the desktop at least temporarily. There have been reports of people being unable to view the desktop at all, when Windows is in its regular mode. This bogus user interface is meant to look realistic, so Windows Perfomance Manager uses the Windows name and logo, along with some icons that are supposed to represent different security functions. However, that realism is diminished by the fact that the malware's creators neglected to check their spelling, and left out the second "r" in "performance."
The fake user interface for Windows Perfomance Manager will always rate your PC's security as very poor. Also, when Windows Perfomance Manager appears, it will always pretend to run a scan of your system, with a little progress bar animation and a list of "threats" that Windows Perfomance Manager claims to have found. Regardless of what is actually going on with your computer, Windows Perfomance Manager will always report that Windows Perfomance Manager has detected threats during these "scans," and the list of results will often include the names of real viruses. That's because the entire purpose of the interface and the fake scans is to scare you into thinking that your computer is infected with malware and that your only hope is to use Windows Perfomance Manager – for a price, of course.
After each phony scan, Windows Perfomance Manager will prompt you to activate its software, or to agree to the removal of the threats, and ultimately, you will find yourself at the malicious website that supports Windows Perfomance Manager. On the site, you can enter your credit card information and pay an activation fee, but Windows Perfomance Manager will not gain any functionality or remove any threats, because Windows Perfomance Manager isn't capable of detecting threats in the first place. In fact, if you take a closer look at the scan results that Windows Perfomance Manager gives you, you'll find that the files Windows Perfomance Manager labels as malware are harmless Windows files and components and that none of the horrible viruses Windows Perfomance Manager names are actually present.
Usually, it is possible to make it past the scanner interface eventually and see the desktop. Unfortunately, doing so does not mean that you will be able to use your computer without Windows Perfomance Manager's interference. Windows Perfomance Manager will cause security alerts to appear frequently and repetitively, displaying the same warnings about the same threats over and over, and its warnings are always include reminders to "activate" the malware. The three alerts that show up consistently are: one that says that an individual is attempting to modify the "register" keys, one that says that lsass.exe prevented Windows from booting properly, and one that says that Firefox is a keylogger. Furthermore, Windows Perfomance Manager will show alerts when you try to run any other program, and the alerts will say that whatever program you just tried to run was prevented from starting because Windows Perfomance Manager identified it as malicious.
Meanwhile, in order to engage in its scare tactics, Windows Perfomance Manager consumes a big chunk of system resources. That means that Windows Perfomance Manager can cause your computer to become extremely slow. Windows Perfomance Manager is also known to cause serious problems with Internet access, which can range from extremely slow Internet speed to complete loss of ability to get online. If this malware is infecting your computer, you may find that you are unable to access any websites other than Windows Perfomance Manager's own payment site, which is nothing less than the endpoint of a scam. After all, the entire point of Windows Perfomance Manager's existence is to squeeze money out of the users of infected computers.
How Windows Perfomance Manager Finds a Way into Your PC
As is the case with all of the malware that is part of this same scam, Windows Perfomance Manager infects PC's with the aid of the fake Microsoft Security Essentials Alerts Malware. The Trojan is often bundled with downloads on malicious websites and file sharing services, and it is especially common in downloads of phony video codecs or application updates. Once the Trojan is on your computer, Windows Perfomance Manager causes alerts to pop up out of the system tray, and the alerts look as if they are coming from Microsoft Security Essentials. First, the alerts will warn you that Windows has detected a threat, and then they will claim that they have come across a specific Trojan, which can be removed by downloading a specific anti-virus program. The alerts will have a prompt that asks you to click to agree to a download of this software to remove the Trojan, and if you agree to the download, what you actually agree to install is the Windows Perfomance Manager malware. The next time you start Windows, Windows Perfomance Manager becomes active.
Background Information on Windows Perfomance Manager
The malware family that Windows Perfomance Manager comes from has been causing a large number of infections over the first few months of 2011, in part because the malware is re-released almost every day with a new name and one or two very minor, superficial changes. In reality, there is one piece of malware with one set of symptoms, and one goal, and all of the manifestations of this malware support the same Russian scam. Windows Perfomance Manager just happens to be a name that this scam began using at the end of February. Finally, when dealing with Windows Perfomance Manager and with the Trojan that precedes Windows Perfomance Manager, remember that this malware has no relationship to Microsoft or to Windows, and Windows Perfomance Manager is not a Windows product. 
SpyHunter Detects & Remove Windows Performance Manager
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | ecxggg.exe | 0bd5767b2cf900f3ec17c5b23fb2bed4 | 1 |
Messages
The following messages associated with Windows Performance Manager were found:
|
Warning!
Name: taskmgr.exe Name: C:\WINDOWS\taskmgr.exe Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning. |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.