Windows Efficiency Manager
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 16 |
| First Seen: | March 2, 2011 |
| Last Seen: | May 2, 2024 |
| OS(es) Affected: | Windows |
Are you getting warnings from a program called Windows Efficiency Manager, claiming that the state of your computer's security is dire? If so, don't believe it for a second – Windows Efficiency Manager is just a new name for an existing computer infection that pretends to be security software. Windows Efficiency Manager uses scare tactics to manipulate users of infected computers into paying for a scam.
Table of Contents
Symptoms of Windows Efficiency Manager Infection
Because Windows Efficiency Manager is nothing new (with the exception of Windows Efficiency Manager's name), the symptoms that Windows Efficiency Manager causes are nothing new. What you will notice first is that when you start Windows, before you even see the desktop, you see what looks like a user interface for Windows Efficiency Manager. This fake interface shows up, and you can't click past it, and Windows Efficiency Manager will pretend to run a scan of your computer. In order to make itself seem legitimate, the scanning interface includes the Windows name and logo, along with various icons representing different security functions. The interface will always show that your computer's security is very poor, and Windows Efficiency Manager will always give you lists of results after Windows Efficiency Manager's fake scans. The list of results may even include the names of real viruses, in order to scare you, but none of these is on your computer.
After the bogus scan completes, you will have the choice to remove all of the supposed "threats", but if you click through the prompts, you will find that Windows Efficiency Manager tells you that Windows Efficiency Manager can't remove the threats unless you pay to activate Windows Efficiency Manager's software. Ultimately, you will be directed to a website to add your credit card information for payment. However, because Windows Efficiency Manager is not real security software, there are no licenses or activations to be had. If you give your credit card details to the criminals at the heels of this malware, you will not get anything for your money, and you certainly will not get the malware to change into anything useful.
When you finally are able to get past the phony home screen that Windows Efficiency Manager displays, and you get to the desktop, you still are not in the clear. Windows Efficiency Manager will continue to prevent you from using your PC normally. Windows Efficiency Manager will display pop-up warnings, which say the same few things over and over about your computer's security and the safety of your information. In fact, the content of the messages that Windows Efficiency Manager generates is exactly the same as that in the alerts generated by every other rogue security application in Windows Efficiency Manager's family. So you will see an alert that says that lsass.exe caused a problem while the system was starting up, an alert that clams that Firefox is a keylogger, and an alert that there has been an attempt to change your system registry. Obviously, nothing in the alerts has anything to do with what's going on with your computer, but Windows Efficiency Manager hopes to use them to scare you into paying money for the malware. You will repeatedly see clickable options in the alerts that urge you to run scans, or activate your software, or remove the threat – and all of these prompts will ultimately lead you to the payment site, again.
If you have Windows Efficiency Manager infecting your PC, you may also find that when you try to start other programs, Windows Efficiency Manager prevents them from opening, usually with alert messages claiming that your other programs are malicious and dangerous. Windows Efficiency Manager may also cause your web browser to redirect you to malicious sites when you try to go online, and in some cases, Windows Efficiency Manager can completely disable all Internet access.
How Windows Efficiency Manager Gets into a Computer
Like the other members of Windows Efficiency Manager's malware family, Windows Efficiency Manager infects computers using what is called the fake Microsoft Security Essentials Alert Malware. The Trojan may be hidden in any downloaded file, but it is especially common in files from pirating sites, and in fake video codecs and program updates downloaded on third-party websites. Once Windows Efficiency Manager is on your computer, the fake Microsoft Security Essentials Alert Malware causes alerts to appear from the system tray, and these alerts look as if they have come from Microsoft Security Essentials. First, it will display an alert saying that Windows has detected an Unknown Win32/Trojan, and Windows Efficiency Manager will tell you it needs to perform a scan. When Windows Efficiency Manager runs this phony scan, the fake Microsoft Security EssentialsAlerts Malware will tell you Windows Efficiency Manager has found an infection called Trojan.Horse.Win32.PAV.64.a, and Windows Efficiency Manager will prompt you to accept a download of a program that can remove the threat. If you agree to that download, that's when Windows Efficiency Manager is downloaded and installed. Windows Efficiency Manager will set itself up to start when Windows starts, and then cause a reboot of your computer. When the reboot finishes, Windows Efficiency Manager will be active.
Windows Efficiency Manager History and Mutations
Windows Efficiency Manager is only one member of a family of fake security programs, and this family has been growing and causing significant numbers of infections for several months. All of the malware related to Windows Efficiency Manager is extremely similar, and although a new member is added to the family every day, the differences between these rogue security applications are extremely trivial. Windows Efficiency Manager, along with all of the other infections related to Windows Efficiency Manager, supports a Russian scam, designed to defraud PC users. The name "Windows Efficiency Manager" just happens to be a name that began to be used around late February and early March, 2011.
SpyHunter Detects & Remove Windows Efficiency Manager
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | b3d65ef30bf63dd05487667335d1681620fda7429f83f3ae74d88295dda26a30.exe | 5190c0f3d4c10fd825d0ab272a3cba8f | 3 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.