Sunday, June 5, 2011

Remove Windows Efficiency Analyzer proved fraudware

The probability of matching detections reported by Windows Efficiency Analyzer with actual threats of your computer system tends to zero. If it is realized, that would be an odd concurrence. 
In any case, the program does not look for viruses using any of the common methods for computer threats exposure, neither any novel technique related has been observed. Instead of wasting time into computer research, dreadful messages are delivered to user on behalf of  the misleading program. Now you would yourself arrive at a conclusion that the program is misleading, for its messages notifying of a range of threats are not associated with any act of observation on the computer system.
Windows Efficiency Analyzer removal is recommended, even though you  are now well aware of its malicious intent to dupe you. Ignoring the software is much harder than to get rid of Windows Efficiency Analyzer, but the extermination of the malware is quite complicated  compared to legitimate programs.
However, there is a method available here and based on free scan that will require no effort but several clicks of user to eventually dispose of the malware and ensure overall system disinfection.

Windows Efficiency Analyzer snapshot:


Windows Efficiency Analyzer Uninstaller:


Manual removal guide:
Delete inected files:
%UserProfile%\Application Data\Microsoft\.exe
Delete infected registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

No comments: