Windows Efficiency Analyzer
Windows Efficiency Analyzer is another rogue security application that was originated from the large family of malicious software. Windows Efficiency Analyzer is distributed by fake online virus scanner and usually get helped by a Trojan to drop itself on target computer. It will find security and software vulnerabilities that it can exploit to be able to infect a system. Once the Trojan has contracted a computer, it will modify its Internet browser and redirect all search results to unsolicited malicious web sites where a copy of Windows Efficiency Analyzer virus is waiting to be downloaded. If the rogue application was successfully installed, victims may encounter excessive pop-up alerts that are falsified and cause by Windows Efficiency Analyzer infection.
While the bogus program still resides on the computer, it will continuously attempt to convince user that computer is infected and a licensed copy of Windows Efficiency Analyzer is needed. There is a possibility that victims may fall into this trick just to end PC’s annoying activities. It is not recommended to obtain the rogue program. The best solution is to download a legitimate anti-malware application and do a complete scan of the infected computer. The rest of the procedure can be found on this page.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Windows Efficiency Analyzer Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Efficiency Analyzer”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Efficiency Analyzer Virus.
4. Registry entries created by Windows Efficiency Analyzer must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Efficiency Analyzer start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random).exe
7. Click Apply and restart Windows.
Windows Efficiency Analyzer Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent execution of any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.
Technical Details and Additional Information:
A bunch of fake alert messages will be issued in order to entice users to obtain the Windows Efficiency Analyzer registration key. Some of these are:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
Malicious Files Added by Windows Efficiency Analyzer:
%UserProfile%\Application Data\Microsoft\(random).exe
Windows Efficiency Analyzer Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Efficiency Analyzer payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Windows Efficiency Analyzer.