1 of 5
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:

Windows Work Checker

Windows Work Checker is a rogue antispyware product, which belongs to the huge family of the Fake Microsoft Security Essentials. It pretends to be a legitimate computer safeguard product in order to convince the user that it can be used in fixing various computer errors. Windows Work Checker is a direct clone of Windows Necessary Firewall, Windows Troubles Solver, Windows Efficiency Analyzer and many other rogues. It means that it has a set of functions identical to the ones of its predecessors.

The rogue can be installed in the system in various ways, because Windows Efficiency Analyzer has many methods of distribution behind its sleeve. The most common one is a Trojan infection, when the user gets infected unawares while browsing the internet. The infection which downloads automatically might be hiding behind a search result link, because some of the cyber criminals use popular search trends in order to increase traffic to the site which distributes Windows Work Checker. When the infection makes the first steps into the system, the user is informed about it by a prompt which tells him of an Unknown Trojan residing in the computer. For further information on the threat the user them is urged to perform a quick scan and then download and install Windows Work Checker.

Once Windows Work Checker is downloaded and installed, it performs a fake system scan, and gives a poor overall security rating to the system. Then it offers the user to fix the errors it has “found”, but if the user attempts to do so, Windows Work Checker does not fix anything. The program’s purchase page appears instead, and the rogue offers a lifetime protection against computer threats. However, with the credit card number and CVV2 code leaked the criminals behind Windows Work Checker will be able to hack into the user’s bank account anytime, and before long the user will be robbed to the very last cent.

On top of that, the rogue slows down your computer’s performance so at first, the user must ignore the scan results and the fake security messages received from Windows Work Checker. The messages can be as follows:

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot

Ignoring the messages is only half of the job, because the user must also remove Windows Work Checker from his system along with all of its components. Investing in a reliable antimalware tool is a good idea when one needs to get rid of rogues. Whatever way the user might prefer to deal with the infection, the most important thing is to erase Windows Work Checker for good.

Download Spyware Removal Tool to Remove* Windows Work Checker
  • Quick & tested solution for Windows Work Checker removal.
  • 100% Free Scan for Windows

How to manually remove Windows Work Checker

Files associated with Windows Work Checker infection:


Windows Work Checker processes to kill:


Remove Windows Work Checker registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.