Windows Efficiency Accelerator is another rogue program surfacing nowadays. We classified it as a fake security program. It claims to be anti-sypware program, but in reality it is nothing but Fakevimes. It is similar to its cousin Windows Performance Adviser. It get spread via email attachment, video file, image file, via other Trojan Viruses and malicious website. Once it is penetrated to your computer, it scares you with fake security warning stating that your computer is infected with spyware and only Windows Efficiency Accelerator can help you to remove it after you download the trial version. As soon as Windows Efficiency Accelerator trial version downloaded it modifies your computer registry and installs executable files on your machine. It even add window processes which could be dangerous. After installing it pretend to scan your computer and tells your PC is seriously infected and leads you to believe your computer has security holes and it is not protected. This infection, Windows Efficiency Accelerator, will bombarded with error messages. It peruse you to buy its Full Version which is paid version of its affiliate program, so ignore those alerts as it is not scan of your PC and it just wants to still your money. Most of rogue Anti-Spyware like Windows Efficiency Accelerator are nearly impossible to remove manually by just deleting registry and exe file as it creates clone file and those are hidden. To fix your pc yourself and remove infection program like Windows Efficiency Accelerator simply follow these steps.
Windows Efficiency Accelerator Screen Shot :
How to remove Windows Efficiency Accelerator Steps :
Step 1:Print out these instructions as you will need to shutdown the computer in next step.
Step 2:Now power down the Windows Efficiency Accelerator infected computer. And wait for 30 Seconds before you turn on
Step 3:Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU as shown below.
Step 4:In the WINDOWS ADVANCED OPTIONS MENU, go down to the SAFE MODE WITH NETWORKING using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode. Safe Mode will cause the display and desktop icons to appear changed. This is normal. No need to Panic as it is due to Windows Efficiency Accelerator.
Step 5:This, Windows Efficiency Accelerator, infection may change computer windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer. We will first need to fix this as we will need to download malware removal utilities. They are safe and very reputed in Computer Industry. Now hold down the WINDOWS key and then press the R key.
Step 6:The RUN dialog box will appear. Type iexplore.exe In the RUN dialog and click OK button.
Step 7:You will see Internet Explorer. On the top navigation click TOOLS then under the sub-menu of TOOLS choose INTERNET OPTIONS as shown below.
Step 8: Now find the CONNECTIONS tab within the INTERNET OPTIONS dialog box and click on it. Then click the LAN SETTINGS button.
Step 9:If there is a check-mark in the box named “Use a proxy server for your LAN”, under the PROXY SERVER section, then uncheck the box. If there is not a check mark located in the box then you can skip this step and move on to next step.
Step 10:Now hit the OK button to close the LOCAL AREA NETWORK dialog box. Then press the OK button to close the INTERNET OPTIONS dialog box.
Step 11Now we must end all the processes that belong to Windows Efficiency Accelerator so that it does not interfere with your ability clear your computer. Inspector-[random char].exe and Protector-[ random char].exe are the processed that needs to be stopped. To do this we need to download Rkill, developed by Bleepingcomputer to help stop the computer process of Windows Efficiency Accelerator. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box.
Step 12Now type “iexplore.exe http://www.fixpcyourself.com/rkill.com” and hit the OK button.
Step 13:Save the Rkill.exe on your desktop. Double-click the Rkill icon and run Rkill.exe. You will see a black MS DOS dialog box. Now it will kill all the processes of Windows Efficiency Accelerator. It will take several minute before a Notepad file containing log information on what Rkill found will open. You may review it and close notepad file.
Step 14:Now you are ready to removal all the infection related to Windows Efficiency Accelerator. For the you need to Malwarebytes. Malwarebytes is a very popular malware and spyware removal application. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box. Type “iexplore.exe http://www.fixpcyourself.com/mbam.exe” and hit the OK button.
Step 15:Save the mbam.exe on your desktop. Double-click the Malwarebytes icon and run mbam.exe. Now the SELECT SETUP LANGUAGE dialog box will appear. Select your preferred language and hit press OK button.
Step 16:The Malwarebytes SETUP WIZARD will show blow screen Hit the NEXT button to continue.
Step 17:Now the LICENSE AGREEMENT screen will appear as shown. Accept the agreement and hit NEXT button.
Step 18:Now the Information screen will appear. Click on next button and continue following the steps.
Step 19:SELECT DESTINATION LOCATION screen will appear now. You can choose the location where Malwarebytes can be install. We recommend to choose the default location as shown then click NEXT button.
Step 20:Now the SELECT START MENU FOLDER screen will appear. Let the default as it is and click NEXT button.
Step 21:Now the SELECT ADDITIONAL TASKS screen will appear. If you want a Desktop Icon or Quick Launch icon then check appropriate boxes.
Step 22:READY TO INSTALL screen will come next. Hit the INSTALL button to install Malwarebytes.
Step 23:In this step let the UPDATE and LAUNCH checked as it is to update the application with latest malware definition to capture all the malwares then click FINISH button.
Step 24:Once update is done then Scanner screen will launch. Make sure to select PERFORM FULL SCAN is selected to clean up Windows Efficiency Accelerator infection. Click on SCAN button to start the scan.
Step 25:Now choose the local drives that you want to scan from the dialog box and click SCAN button.
Step 26:Be patient as the scan will take several minutes before it cleans up Windows Efficiency Accelerator infection. Once the scan is finished, a message box saying the scan is complete will appear. Click OK button to close the box then click SHOW RESULTS button.
Step 27:From results dialog box choose REMOVE SELECTED button to remove all the infections found. Malwarebytes will also delete all of the files and registry keys affected by Windows Efficiency Accelerator and add them to the quarantine.
Step 28:Malwarebytes may required you to reboot the PC to complete the removal of Windows Efficiency Accelerator. After completion reboot your computer Malwarebytes will be relaunched, please follow the instructions on the screen and continue the removal process. Once everything is clean out a log will be open created by Malwarebytes. Please reviewed it and closed it. Now your computer should be free of Windows Efficiency Accelerator. Enjoy.
Technical Details of Windows Efficiency Accelerator files :
You need to delete following Windows Efficiency Accelerator files:
%AppData%Protector-[ Random 4 char].exe
%AppData%Inspector-[Random 4 char].exe
Also please delete Windows Efficiency Accelerator registry file:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegistryTools’ = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableTaskMgr’ = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings “ID” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegedit’= 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
Windows Efficiency Accelerator Symptoms:
Slower PC performance and instability of the PC.
Infection Alert Messages.
Changed or new icons on desktop.