Threat Database Rogue Anti-Spyware Program Windows Efficiency Accelerator

Windows Efficiency Accelerator

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: April 25, 2012
Last Seen: November 19, 2019
OS(es) Affected: Windows

Windows Efficiency Accelerator Image

Windows Efficiency Accelerator is advertised as a reliable security application. However, ESG security analysts classify Windows Efficiency Accelerator as a malware infection; to be specific, malware infections like Windows Efficiency Accelerator are known as rogue security programs. Windows Efficiency Accelerator belongs to the FakeVimes family of rogue anti-virus applications. This malware family has been infecting computers since 2009, and Windows Efficiency Accelerator is only one of dozens of rogue anti-virus programs belonging to this family of malware.

Windows Efficiency Accelerator in particular belongs to a group of FakeVimes rogue anti-virus programs, released in 2012. There are various clones of Windows Efficiency Accelerator in this batch of FakeVimes fake anti-viruses, including such fake security programs as Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. These tend to be bundled along with the Sirefef or ZeroAccess rootkit, making them more difficult to remove than a typical FakeVimes infection. If you suspect that your computer system is infected with Windows Efficiency Accelerator or with one of its many clones, ESG security analysts strongly recommend making sure to scan your computer system with a reliable anti-virus program with anti-rootkit capabilities.

How Criminals Profit from Infecting Your Computer with Windows Efficiency Accelerator

Most rogue anti-virus program scams involve convincing the victims that they must purchase a bogus anti-virus program. To do this, Windows Efficiency Accelerator will spam the victim with alarming, misleading error messages, as well as causing a variety of other symptoms on the infected computer system. These error messages will alert the victim that a number of different Trojans and viruses are attacking their computer system and that only a licensed version of Windows Efficiency Accelerator can fix this problem. To take this lie one step further, Windows Efficiency Accelerator also runs a bogus scan of the victim's hard drive, claiming to have found a large number of different Trojans.

Trying to fix these imaginary problems with Windows Efficiency Accelerator simply results in additional error messages claiming that you will need to "upgrade" Windows Efficiency Accelerator. However, since Windows Efficiency Accelerator has no real anti-virus capabilities, paying for this bogus security program is definitely not a good idea. In order to fool Windows Efficiency Accelerator into thinking that you have paid for it, ESG malware researchers have provided the registration code 0W000-000B0-00T00-E0020. Entering this registration code will stop Windows Efficiency Accelerator from displaying many of its most annoying fake security alerts. However, it is important to remember that this will not remove Windows Efficiency Accelerator, but simply stop its annoying error messages until an anti-virus program is used to remove Windows Efficiency Accelerator completely.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Efficiency Accelerator

Windows Efficiency Accelerator Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Efficiency Accelerator may create the following file(s):
# File Name MD5 Detections
1. Protector-pyqj.exe c6d040541e5c3a378359698d07e3680b 3
2. Protector-aydv.exe 0f9c4d58461ef0983e3399ea489c1987 1
3. %AppData%\NPSWF32.dll
4. %AppData%\Protector-[RANDOM CHARACTERS].exe
5. %AppData%\result.db
6. %CommonStartMenu%\Programs\Windows Efficiency Accelerator.lnk
7. %Desktop%\Windows Efficiency Accelerator.lnk

Registry Details

Windows Efficiency Accelerator may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

Messages

The following messages associated with Windows Efficiency Accelerator were found:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.
Warning
Firewall has blocked a program from accessing the Internet
C:\program files\internet explorer\iexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:Windowssystem32dllcachewmploc.dll
C:Windowssystem32dllcachewmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.

Trending

Most Viewed

Loading...