Windows Efficiency Console

Windows Efficiency Console Description

Type: Possibly Unwanted Program

Windows Efficiency Console is a deceptive security program that is part of the FakeVimes family of threats, a large family of rogue security programs that have been active for several years. Like most rogue security applications, Windows Efficiency Console displays fake error messages and system scans as a way to trick inexperienced PC users. Security researchers have noticed that Windows Efficiency Console is usually downloaded after the computer user is exposed to an online advertisement offering a free virus scan of their computer. This is part of a well known scam that is used to trick inexperienced computer users into paying for useless, fake security programs like Windows Efficiency Console. If Windows Efficiency Console is installed on your computer, malware analysts strongly counsel PC users to remove this fake security application immediately with the help of a real anti-virus application from a reliable software developer.

Be Aware of Fake Security Programs Such as Windows Efficiency Console

As soon as Windows Efficiency Console is installed, Windows Efficiency Console makes changes to your Web browser that allows Windows Efficiency Console to be executed every time Windows is loaded. After start up, Windows Efficiency Console displays a fake scan of the affected computer, claiming that Windows Efficiency Console found a large number of other types of threats. Since Windows Efficiency Console does not have the capacity to detect or remove threats on a computer, security analysts strongly suggest computer users to disregard the Windows Efficiency Console 'scan'.

Malware analysts have noted that Windows Efficiency Console blocks access to the victim's files and applications, often interfering with legitimate security software. When files on the affected computer are accessed, Windows Efficiency Console may block them from launching and may display a bogus error message claiming that the file or program presents a risk to the affected computer. Since Windows Efficiency Console may interfere with legitimate security software, security analysts advise taking measures to prevent Windows Efficiency Console from running automatically upon start-up. Usually, starting up in Safe Mode or using other alternate start-up methods can prevent Windows Efficiency Console from running automatically and interfering with your security software.

Among Windows Efficiency Console family members are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Technical Information

File System Details

Windows Efficiency Console creates the following file(s):
# File Name Detection Count
1 %AppData%\guard-[RANDOM CHARACTERS].exe N/A
2 %AppData%\results1.db N/A

Registry Details

Windows Efficiency Console creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\Users\User\AppData\Roaming\guard-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe "Debugger"="svchost.exe"

More Details on Windows Efficiency Console

The following messages associated with Windows Efficiency Console were found:
Error
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Error
Trojan activity detected. System integrity at risk.
Full system scan is highly recommended.
Firewall has blocked a program from accessing the Internet
C:\Program Files\Internet Explorer\iexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Firewall has blocked a program from accessing the Internet
C:Program FilesInternet Exploreriexplore.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: 127.0.0.1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.