Friday, June 17, 2011

Windows Steady Work Removal Guide

Windows Steady Work Removal Guide
Windows Steady Work is a program that is used to cheat the money of people by showing error message in the computer such as the computer has been infected by malwares. Windows Steady Work adds a registry entries to make itself to start automatically when Windows boot. After that, Windows Steady Work will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the computer has been infected by malwares which can only be removed by the full version of Windows Steady Work. Thus, the user is urged to purchase it. Do not believe any report given by Windows Steady Work even the warning look so real. In fact, Windows Steady Work cannot detect and remove any error or malware on computer.

Windows Steady Work can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by Windows Steady Work must be cleared by using Windows Registry Editor.

Windows Steady Work is an useless application that comes from the creators of the Fake Microsoft Security Essentials program. Windows Steady Work has a cleverly designed interface that trys to gain trust from computer users by mimicking the colors and look of the Windows operating systems. Windows Steady Work will attempt to lure the computer users to purchase a full version of the program after it says it has found many issues on the computer and they must be repaired by registering or buying Windows Steady Work. The full edition of Windows Steady Work will not resolve any issues.

Windows Steady Work should be removed immediately!


Windows Steady Work Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'

Remove Folders and Files
%AppData%\Microsoft\[random].exe

No comments:

Post a Comment