Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • System crashes
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Fake WindowsUpdater Ransomware

Fake WindowsUpdater Ransomware is a new threat on the web that can turn your day into a nightmare if it manages to crawl onto your system. Once this dangerous ransomware is on board, it may encrypt your major personal files in a short time and demand a ransom fee in order for you to get the decryption key. As a matter of fact, it seems that just a few days after this malicious program surfaced, its Command and Control server (C&C) is already down. Of course, we cannot say for how long but if your files have been encrypted by this ransomware, this only means that even if you pay the fee, you will not get anything in return; not that you would receive the decryption key anyway. Experience and user reports show that it is quite rare that such cyber criminals keep their word when it comes to ransomware. No matter whether your files have been taken hostage or not, we recommend that you remove Fake WindowsUpdater Ransomware right away. Before we share how you can do that, let us tell you more about how this severe threat can enter your system without your knowledge and how it is supposed to work.

It is most likely that you infect your computer with a fake Windows updater file called "WindowsUpdater.exe," which is possible when you are tricked into clicking on fake system notifications on malicious websites and ones armed with Exploit Kits, for example. This could be a banner ad or a pop-up window that informs you that you urgently need a system update because your computer is at risk or something similar. This notification may have a red blinking text or update button to make sure that you pay attention to it. Apart from this it is also possible that you download this malicious executable file from a spam e-mail. This spam may, for example, appear to have come from Microsoft to inform you that you need important updates but you may also find a spam that contains an attachment claiming to be an unpaid invoice or an urgent report you need to see, such as Transaction-Report.docx.exe. As you can see, such an attached file can be deceiving since it may look like a text document or an image but it is indeed an executable file with a fake icon to fool unsuspecting users.

Once you download and run this file, you practically initiate the attack yourself. This is why it is so important to remember to always use official websites for updating any software and never to believe such banner and pop-up notifications, including questionable spam e-mails. Also, keep in mind that when you delete Fake WindowsUpdater Ransomware, it means that you have been notified of its presence and all your important files have already been encrypted. Therefore, prevention is vital against such a horrible malware attack. We suggest that you regularly save backups on a removable hard disk or to a cloud storage place. However, we need to mention that sometimes it is also possible that a ransomware is sophisticated enough to log in to your cloud account and encrypt all your files there, too.

This ransomware infection applies the most widely used AES-256 encryption algorithm to cipher your files. It affects hundreds of file extensions, which makes the damage quite devastating. All the encrypted files get a new extension that is used by several other ransomware programs in fact: ".encrypted." This malware infection does not copy itself and does not create any other files on your system. The executable file contains the ransom note as well. Once the job is done, it displays its ransom note window on your screen. This note informs you about the attack and that the unique decryption key is stored on a secret remote server and can only be received if you send 0.02 BTC, which is around 25 dollars. Although this is a rather low fee for restoring your files, do not forget that you are dealing with criminals here and they may not keep their word. On the other hand, you would also support cyber crimes by paying these crooks. Of course, we cannot stop you from risking this payment. After the transfer to the given Bitcoin wallet address you are supposed to send an e-mail to "" and you should get a reply shortly with the decryption key. We believe that it is more likely that you will soon find a free tool on the web capable of recovering your files than these criminals will send you this key. We advise you to remove Fake WindowsUpdater Ransomware if you want to use a safe computer.

Fortunately, you can easily close this ransom note window by clicking on the "X" button in the top-right corner or even by pressing Alt+F4. Once it stops running, you can locate the malicious file you downloaded and ran, and simply delete it. It is also advisable that you restart your PC after this to make sure that you start up with a clean system. In truth, by removing Fake WindowsUpdater Ransomware alone you may not make the entire system clean and secure; there could be other malware threats hiding as well. This is why it would be best to use a reliable anti-malware program to automatically hunt down all potentially harmful programs and to protect your PC from future attacks, too.

How to remove Fake WindowsUpdater Ransomware from Windows

  1. Close the ransom note window.
  2. Press Win+E.
  3. Locate the downloaded malicious executable file that could be named "WindowsUpdater.exe" and delete it.
  4. Empty your Recycle Bin and restart your system.
Download Spyware Removal Tool to Remove* Fake WindowsUpdater Ransomware
  • Quick & tested solution for Fake WindowsUpdater Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.