Wednesday, March 2, 2011

Windows Efficiency Manager - NOT SAFE!!!

I was contacted by a client this morning that told me that they had a new software “Windows Efficiency Manager”  - well what a nice name, sounds useful doesn’t?  This is a rogue anti-spyware program that is part of the Fake Microsoft Security Essentials infection.

Yesterday, I was contacted by a client that had suddenly been knocked off the internet.  I had not seen the computer in some time so i checked to see if his AVG was up to date.  I found it shut off and in it’s place was the icon for Microsoft Security Essentials, a real program that does work nicely, offered by Microsoft.  However, after a little research I have found that this client actually was infected!  Here is what I learned and how to resolve the problem yourself.    Don’t worry this stuff can be intimidating, just contact Simply Seniors Computer Tutors for help 321-431-3866. 

What this infection does:

Windows Efficiency Manager is a fake rogue anti-spyware program that is part of the Fake Microsoft Security Essentials infection. When this infection is installed on your computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on your computer. This alert will state:

Microsoft Security Essentials Alert
Potential Threat Details

Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that a particular file is infected with Trojan.Horse.Win32.PAV.64.a. It will then prompt you to install Windows Efficiency Manager to remove the virus. The text of this prompt is:

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

When you press OK, the infection will download and install Windows Efficiency Manager and reboot your computer.

When your computer reboots you will be presented with the Windows Efficiency Manager screen before your normal Windows desktop is shown. It then prompts you to scan your computer, which will state that your computer is infected with numerous infections. In order to get to your normal Windows desktop, you will need to close the Windows Efficiency Manager program when it has finished its fake scan. As you can see this program is a scam as it is ransoming the proper operation of your computer until you purchase it. It goes without saying that you should not purchase this program for any reason.

While the program is running it will also display fake security alerts that are further used to scare you into thinking that your computer has a serious problem. Some of these alerts include:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning!
Name:
firefox.exe
Name: c:\program files\firefox\firefox.exe
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Just like the fake scan results, these alerts are also fake and are only being used to scare you into purchasing the program. Therefore, please ignore them.

As you can see, Windows Efficiency Manager was created to scare you into thinking your computer has a severe security problem so that you will then purchase this program. For no reason should you purchase Windows Efficiency Manager, and if you already have, you should contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove this infection, and any related malware, please use the removal guide below.

Threat Classification:

Array

Tools Needed for this fix:

This informwas brought to you by Grinler on Wed, 02 Mar 2011

Hope you find this helpful!

Thanks for reading – Simply Seniors Computer Tutors are on the web at www.ComputerTutorHelp.Us!!!

Don’t forget our Friday Classes at the Wickham park Senior Center, Melbourne, FL

registration is required: 321-431-3866

No comments:

Post a Comment