Windows Steady Work is another of the fake-Microsoft Security Essentials infections that change names constantly to avoid detection.
Particular breed of rogues is famous for changing names many times during the week and after several days it will be renamed again. Because of this, Windows Steady Work has to rely on dirty tricks to make users believe that it is a reputable antivirus. To do so, it tries to misuse Microsoft Security Essentials by creating an alert similar to MSE. This alert will state, that MSE detected an infection and can not remove it by itself. If the user clicks on such message, the fake Microsoft Security Essentials will try to “search” for solution and will offer to download one of the rogues, namely Windows Steady Work.
After Windows Steady Work is installed, you can not close its window easily. It will force you to run system scans, which are faked. This rogue will list various outdated parasites that sound dangerous enough like Backdoor.Win32.Rbot or similar. All this is done to force you into buying full version of Windows Steady Work.
After Windows Steady Work is installed, you can not close its window easily. It will force you to run system scans, which are faked. This rogue will list various outdated parasites that sound dangerous enough like Backdoor.Win32.Rbot or similar. All this is done to force you into buying full version of Windows Steady Work.
In no case you should pay for Windows Steady Work. It is a scam and it has no real detection engine. Even worse, their payment pages collect and store your credit card details and its makers have nothing to loose. So they will surely misuse that data and use the card information multiple times. If you paid for Windows Steady Work, consider contacting your bank for credit card change.
Kill malicious Processes from Task Manager:
- <random>.exe
Location of the infection:
- %UserProfile%\Application Data\Microsoft\[random].exe
Registry Entries to be removed. (Take a backup of registry, before editing it)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Windows Steady Work, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend malware and spyware removal applications.
After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.
0 comments:
Post a Comment