1 of 7
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsSteadyWork

Windows Steady Work

There are a lot of rogue antispyware applications which are extremely dangerous, but you should be especially weary of Windows Steady Work. It belongs to the group of rogues which comprise the Fake Microsoft Security Essentials scam. Previous versions of this rogue are Windows Necessary Firewall, Windows Precautions Center, Windows Profile System and many more. This rogue is very good at pretending to be a reliable security application, because it copies the functions and design of a popular antivirus product. If you have this threat in your computer you have to get rid of Windows Steady Work immediately, because it can cause ultimate damage to your system.

Just like any other rogue Windows Steady Work has many ways to enter your system. It can be distributed via fake online malware scanners and fake codecs. You can encounter fake scanners or advertisements which urge you to use these kinds of scanners on the Internet. They all tell you that there has been suspicious activity detected in your computer and you need to download Windows Steady Work and check for further infections. More recently, this rogue has been entering computer systems worldwide via Trojan infections. Actually, the first prompt which marks the rogue’s infection is a message which says that you have been infected by Unknown Win32/Trojan, and then it delivers this message which asks you to look deeper into the matter:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.

If you follow along you end up downloading Windows Steady Work into your computer. It actually might really look like the program can protect your computer against various threats, but once Windows Steady Work is installed it starts sending you a lot of fake security messages, regarding “dangerous” spyware activity which is supposedly going in your system.

The rogue also performs a fake system scan, finding numerous viruses and errors which you “need” to fix immediately. Needless to say, that the fix cannot happen, because Windows Steady Work only wants your money for the product which does not exist. If you don’t pay for this program, it will slow down your computer processes and will not allow you to utilize your machine the way you are used. You need to remove Windows Steady Work right now if you want to avoid such consequences.

Download Spyware Removal Tool to Remove* Windows Steady Work
  • Quick & tested solution for Windows Steady Work removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Steady Work

Files associated with infection (Windows Steady Work):

%AppData%\Microsoft\[random].exe

Processes to kill (Windows Steady Work):

%AppData%\Microsoft\[random].exe

Remove registry entries (Windows Steady Work):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.