Windows Efficiency Kit is not what you may have thought. No matter what it claims, it's just a dangerous virus that seeks to make people purchase its useless license. In order to push people into that, it displays fake system scanners and then shows forged scan results that typically announce about tens of different viruses. If you also started to receive Windows Efficiency Kit's alerts, you should ignore them because they report only about invented viruses and nonexistent computer's problems. Clearly, this program seeks the only thing – to create a need of its licensed version. Instead of buying it, you should simply check your computer with reliable anti-spyware and see what it detects.
How can Windows Efficiency Kit infect my computer?
Windows Efficiency Kit is spread by trojan horse, which can infiltrate computer via security vulnerabilities found. In order to prevent its infiltration, you should always make sure that your machine is protected by a reliable anti-spyware. Otherwise, this trojan can easily enter your computer and then download Windows Efficiency Kit's files on it. After that, malware starts its work every time user reboots his/hers computer and shows such notifications:
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: XXXXXXXXXXX
Trojan activity detected. System integrity at risk. Full system scan is highly recommended.
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Please, ignore these warnings because they are completely fake. In reality, they seek the only thing – to convince you that your computer was affected by viruses and that you can fix it with a help of paid Windows Efficiency Kit's version. It's not true. If you think that your machine was affected, you should follow this guide:
How to remove Windows Efficiency Kit?
The clearest sign, saying that Windows Efficiency Kit is inside your computer, is continuous notifications about viruses. In this case, your should waste no time and scan your machine with one of these anti-spyware programs:Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware.
If you can't launch any of them, use these instructions:
1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode.
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes and remove its files.
The latest parasite names used by FakeVimes:
Windows Efficiency Kit manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "GuardSoftware" = "%AppData%guard-toiy.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell"="C:\Users\User\AppData\Roaming\guard-fvtb.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger"="svchost.exe