Threat Database Rogue Anti-Spyware Program Windows Efficiency Analyzer

Windows Efficiency Analyzer

By CagedTech in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: June 6, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Efficiency Analyzer Image

Windows Efficiency Analyzer is not as efficient as its name might lead you to believe. Windows Efficiency Analyzer is a fake security program that uses the words "Windows" and "Efficiency" to take away suspicions of it being a scam. Online scams involving rogueware campaigns is the preferred method for cybercriminals to get Internet users to give up their money willingly. Windows Efficiency Analyzer is not the only known rogue anti-spyware program on the Web; some other well-known fake applications are XP Security 2011, Windows 7 Recovery, Vista Security 2011, Windows Vista Recovery, and XP Anti-Virus 2011.

One of the many avenues a naive Internet user may come across a link to download Windows Efficiency Analyzer is from bogus websites alleging to provide an online virus scanner and bundled in freeware found in file-sharing networks. Also, what increases Windows Efficiency Analyzer's level of toxicity is that it uses Trojans to survive in computers. Some Trojans have rootkit-like capabilities which allow Trojan files to hide deep in the computer system and to gain admin privileges to be able to perform all kinds of malicious functions.

Once installed, Windows Efficiency Analyzer will appear to want to help Internet users when it runs a system scan and lists all the dangerous files it alleges to have detected in a machine, but Windows Efficiency Analyzer only wants to frighten Internet users and take them straight to the purchase page to make a payment for the licensed version of the fraudulent program. What you should do is invest in a reputable anti-malware program that has an advanced and smart removal engine to remove nasty rogue anti-spyware programs like Windows Efficiency Analyzer.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove Windows Efficiency Analyzer

File System Details

Windows Efficiency Analyzer may create the following file(s):
# File Name MD5 Detections
1. scmaqh.exe 1ef03bfa98f8b7b2ea63c5e96c345db6 1
2. %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Details

Windows Efficiency Analyzer may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Messages

The following messages associated with Windows Efficiency Analyzer were found:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Trending

Most Viewed

Loading...