Threat Database Rogue Anti-Spyware Program Windows Efficiency Console

Windows Efficiency Console

Threat Scorecard

Ranking: 7,887
Threat Level: 10 % (Normal)
Infected Computers: 1,235
First Seen: December 18, 2013
Last Seen: September 8, 2023
OS(es) Affected: Windows

Windows Efficiency Console is a deceptive security program that is part of the FakeVimes family of threats, a large family of rogue security programs that have been active for several years. Like most rogue security applications, Windows Efficiency Console displays fake error messages and system scans as a way to trick inexperienced PC users. Security researchers have noticed that Windows Efficiency Console is usually downloaded after the computer user is exposed to an online advertisement offering a free virus scan of their computer. This is part of a well known scam that is used to trick inexperienced computer users into paying for useless, fake security programs like Windows Efficiency Console. If Windows Efficiency Console is installed on your computer, malware analysts strongly counsel PC users to remove this fake security application immediately with the help of a real anti-virus application from a reliable software developer.

Be Aware of Fake Security Programs Such as Windows Efficiency Console

As soon as Windows Efficiency Console is installed, Windows Efficiency Console makes changes to your Web browser that allows Windows Efficiency Console to be executed every time Windows is loaded. After start up, Windows Efficiency Console displays a fake scan of the affected computer, claiming that Windows Efficiency Console found a large number of other types of threats. Since Windows Efficiency Console does not have the capacity to detect or remove threats on a computer, security analysts strongly suggest computer users to disregard the Windows Efficiency Console 'scan'.

Malware analysts have noted that Windows Efficiency Console blocks access to the victim's files and applications, often interfering with legitimate security software. When files on the affected computer are accessed, Windows Efficiency Console may block them from launching and may display a bogus error message claiming that the file or program presents a risk to the affected computer. Since Windows Efficiency Console may interfere with legitimate security software, security analysts advise taking measures to prevent Windows Efficiency Console from running automatically upon start-up. Usually, starting up in Safe Mode or using other alternate start-up methods can prevent Windows Efficiency Console from running automatically and interfering with your security software.

Among Windows Efficiency Console family members are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

File System Details

Windows Efficiency Console may create the following file(s):
# File Name Detections
1. %AppData%\guard-[RANDOM CHARACTERS].exe
2. %AppData%\results1.db

Registry Details

Windows Efficiency Console may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\User\AppData\Roaming\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe "Debugger"="svchost.exe"

URLs

Windows Efficiency Console may call the following URLs:

brandclick.com

Messages

The following messages associated with Windows Efficiency Console were found:

Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Error
Trojan activity detected. System integrity at risk.
Full system scan is highly recommended.
Firewall has blocked a program from accessing the Internet
C:Program FilesInternet Exploreriexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Firewall has blocked a program from accessing the Internet
C:\Program Files\Internet Explorer\iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: 127.0.0.1

Trending

Most Viewed

Loading...