Remove Windows Efficiency Reservoir
. Removal instructions
Windows Efficiency Reservoir is a fake anti-spyware program that blocks legitimate antivirus products and displays fake security alerts to scare you into thinking that you are infected. It enters a computer with the help of Trojans and other malware that come from fake online virus scanners. It has to be manually installed but sometines just visiting a website is enough to get infected. Scammers create many fake and malicious websites, usually fake online scanners and video websites to distribute malicious software. Once a Trojan is installed, it will download and install Windows Efficiency Reservoir scareware on the computer. Once installed, the rogue anti-spyware program displays fake security alerts and false scan results usually about various malware infections that actually do not even exist. Then it asks to pay for a full version of the program to remove the found ‘infections’. Don’t purchase it! Instead, please use the removal guide below to remove Windows Efficiency Reservoir from your computer as soon as possible.
While Windows Efficiency Reservoir is running, it will displays fake security warnings and fake notifications from Windows task bar. They are all basically the same. What is more, the rogue program will impersonate Windows Security Center and state that your computer is not protected. The fake security center looks just like the legitimate one except that it promotes rogue program. Some of the fake security alerts:
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
As you can see, Windows Efficiency Reservoir is a virus and must be removed upon detection. Please read the removal guide below and remove this virus using recommended remove tool. In some cases, this fake anti-spyware program comes with TDSS Trojan. Usually, it blocks legitimate anti-virus software, so at first you will have to remove this infection and then proceed with the rest of this removal guide. Also note that it may block security related websites, if you can’t download malware removal tool then reboot your computer in safe mode with networking.
Windows Efficiency Reservoir snapshot:
Automatic Windows Efficiency Reservoir removal:
(2012-04-06 03:24:57)
(2012-04-06 03:24:57)
(2012-04-06 03:24:57)
Windows Efficiency Reservoir manual removal:
Kill processes:
Protector-[rnd].exe
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegedit” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run “Inspector”
HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings “net” = “2012-3-11_2?
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings “UID” = “origkboryd”
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe
how to remove registry entries
Delete files:
%AppData%\NPSWF32.dll %AppData%\Windows Efficiency Reservoir.exe %AppData%\result.db %CommonStartMenu%\Windows Efficiency Reservoir.lnk %Desktop%\Windows Efficiency Reservoir.lnk
how to remove harmful files
Information updated: 2012-04-06 06:23:36