Fake WindowsUpdater Ransomware Removal Guide

Fake WindowsUpdater Ransomware is a malware infection that resembles a tornado. It seems that a few days after it was released and has done some major damage to unsuspecting computer users, its C&C server (Command and Control) already appears to be shut down. Of course, we cannot confirm that it will never hit the web again to encrypt the files of more victims. In any case, this is still considered to be a serious threat since it can damage hundreds of file extensions, which could mean the loss of thousands of important and personal files, including your photos, documents, and archives. Obviously, if the server is down, the encryption cannot be performed, so being hit by this ransomware right now could mean that you can take it as a big sign or warning to be a more cautious web surfer to try to prevent similar future attacks. We do not advise you to pay the amount these crooks demand no matter how low it may be. We believe that the easiest way for you to make sure that your files are protected is to have a backup copy regularly stored on a portable drive; well, apart from installing a professional anti-malware program that could automatically defend your system from such malicious attacks. All in all, we highly recommend that you remove Fake WindowsUpdater Ransomware immediately. Please read on our article for detailed information about this vicious ransomware and how you could save yourself from similar threats.

Usually the most likely way for you to let such a beast on board is to open a file attachment that arrives in a spam e-mail. Such an e-mail generally pretends to come from some kind of authorities or well-known, prestigious companies, such as Microsoft. The subject matter can claim to be something important like an unsettled invoice, a wrongly made booking, but it could also be a security warning from "Microsoft" that offers you a fake Windows Updater to download. This file could be called "WindowsUpdater.exe" but we have also found samples that were spreading under different names claiming to be a sort of transaction report text file. Generally, these file attachments are all malicious executable files having a fake extension and thus pretend to be an image, a video, or a document file. Most often the default icon of such a malicious file is also set to be that of an image, a video, or document to match the fake type. This can be quite confusing and deceitful as well. Most users will not realize that the real extension is also revealed and it is indeed .exe. This simply means that when you run this file to view it, you will activate this ransomware attack and by the time you are ready to delete Fake WindowsUpdater Ransomware, all your important files will have been encrypted and rendered useless.

It is also possible that you download this .exe file from malicious websites using Exploit Kits, such as Angler and RIG. But you may also be offered fake Windows updates by third-party ads, including banners and pop-ups when your computer is infected with adware or you land on shady websites promoting questionable third-party content. We believe that you need to become more cautious around your mails and in the selection of websites you use for downloading free programs and updates because this way you can actually avoid such attacks. It is also very important that you keep all your browsers and other programs, and your drivers always up-to-date. Remember that when you remove Fake WindowsUpdater Ransomware, it does not mean that you will get your files back.

This dangerous infection targets hundreds of file extensions and encrypts them with AES-256. Unfortunately, this means that you can lose all your pictures, videos, documents, archives, and third-party program files as well if you do not have a backup copy on a removable drive. This malicious program does not drop any ransom note text files but uses the main .exe file you launched to display the note as well. Your infected files get an ".encrypted" extension, which does not really help you identify this particular ransomware since it has been used by a number of other ransomware programs already. The ransom note comes up on your screen when the encryption process is over. This window does not actually lock your screen so it can easily be closed.

When the C&C server works, this note contains information about which Bitcoin address to send your ransom fee to, which is 0.02 Bitcoins (around 24 USD). You are also asked to send an e-mail to "ransomwareinc@yopmail.com" with your special computer ID and you can expect a response with the decryption key. However, you should not get your hopes up because there is really no guarantee that you will get this key. We believe that it is possible that in the near future a free file recovery tool will be released by malware hunters that you could use to restore your files. If you are not an experienced user, we do not advise you to look for such a tool on the web in order not to infect your system with rogue tools. You can always ask a friend with IT skills or a professional to do it for you, if possible at all. We advise you to remove Fake WindowsUpdater Ransomware from your system without a second thought.

It is really not that complicated to manually eliminate this dangerous threat from your PC. After you kill the ransom note, you simply need to bin the related file and that is all there is to it. Hopefully, you can remember where you usually save files from the web or you can also check default download folders to locate this malicious executable. Please use our guide below as a reference if you need assistance with this. If you would prefer decent protection for you computer, we suggest that you download and install a reliable malware removal application, such as SpyHunter. It also help you lower your vulnerability level if you keep all your programs and drivers regularly updated.

Remove Fake WindowsUpdater Ransomware from Windows

1. Exit the ransom note window by clicking on the "X" button in the top-right corner.
2. Tap Win+E to open Windows File Explorer.
3. Bin the malicious file that you downloaded from the web; it may be called "WindowsUpdater.exe"
4. Empty your Recycle Bin.
5. Reboot your PC.