Windows Steady Work is a type of Trojan that is part of the Fake Microsoft Security Essentials Trojan Family. It generates false messages regarding the security of your system, pretending to scan your computer and then displaying a fake infection on your computer under the name of Trojan.Horse.Win32.PAV.64.a.
Next, the Trojan will prompt the user that the only way to get rid of this infection is by downloading and installing Windows Steady Work. Once you press OK after being prompted, Windows Steady Work will automatically be downloaded and installed on your system. After the installation your computer will reboot.
After your system reboots you will notice that you are not able to access your regular desktop screen. Instead you are presented with a Windows Steady Work window, suggesting that you must scan your system for potential threats. By agreeing to do so, Windows Steady Work will start what appears to be a system scan. However, this is merely a forgery in order to scare you into thinking that your computer is infected by other viruses. However, the threat is Windows Steady Work itself.
Now, after the fake scan is completed, you will be noticed that the only way to get rid of the viruses that reside in your computer is by purchasing the full version of Windows Steady Work. Do not give away your credit card information as this is simply a trick.
*Note that the only way to be able to access your normal desktop screen you will need to go through the fake scan process.
Windows Steady Work Removal Guide
**Note that you might not be able to access the internet from your infected machine. In this case you will have to download the files elsewhere and then transfer them on your computer via CD/DVD, USB flash drive or any other portable devices.
- In order to start the disinfection you will need to kill any processes related with Windows Steady Work. For that you will need to use RKill. Run RKill and let it scan your system. The process might take a while and you must remember to ignore any messages suggesting that RKill is a threat to your system. That’s merely the Trojan doing its thing. After RKill finishes scanning, do NOT restart your computer.
- Now you will have to restore the Windows Registry Shell value. If not, next time you will reboot our computer you will not be able to access your desktop screen again. Run Shell.reg and let it merge the data.
- Next step is Malwarebytes’ Anti-Malware (MBAM). Install MBAM on the infected system and make sure that during the installation process the buttons labeled Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware are checked. After the installation restart your system if MBAM prompts you to do so
- After reboot MBAM should start automatically. Navigate to the Scanner Tab in the MBAM main window, and make sure that the “Perform Full Scan” button is checked then click on the Scan button.
- MBAM will start scanning your computer for threats. Be patient. After the scanning is complete press OK in the message box. A new window will appear presenting all the threats that were found on your system. Make sure they are all checked and then press the Remove Selected button. After MBAM finishes disinfecting your system you will be prompted to restart your system. Pease do so.
If you have followed these steps precisely, your computer should now be clean.