Remove Malware Virus > Ransomware > Fake WindowsUpdater Ransomware : Tutorial guide to delete ransomware and decrypt files

Fake WindowsUpdater Ransomware : Tutorial guide to delete ransomware and decrypt files

April 10, 2017

Ransomware

, , , ,

 

Have you ever been offered to download Transation-Report.doc.exe or WindowsUpdater.exe?Is your System files encrypted by Fake WindowsUpdater Ransomware and unable to access them? Searching for the best and effective tutorial guide to decrypt all encrypted files? If so, you are landed at the right place. Before getting decryption procedure, you have to know that actually what is Fake WindowsUpdater Ransomware and how it enters into your PC. Keep reading this post and get the answer of your all queries.

Delete Fake WindowsUpdater Ransomware

Facts Worth To Know About Fake WindowsUpdater Ransomware

Fake WindowsUpdater Ransomware is one of the newly discovered ransomware that seems to be created by Indonesian based malware developer named as FathurFreakz. It is based on the  open  source ransomware project that uses an interesting feature of displaying a fake or untrusted Windows Update screen that pretends that your Windows OS is installing a new update. But actually, in the background of the desktop, it is silently encrypting victim’s files without any notice. The sole intention behind the creators of this ransomware is top extort money from innocent user.

Fake WindowsUpdater Ransomware pretends itself as a essential Windows Update

The con artists of Fake WindowsUpdater Ransomware hide it’s notorious activities by pretending program is vital update for Windows. In order to add the  legitimacy, file properties states that it is from the legitimate Microsoft so it is called critical update. If you trusted and executed it on your PC, it will execute and extract other embedded  program known as WindowsUpdate.exe which displays the fake Windows Update Screen. This fake update screen overlays the all active Windows and block you to switch to open any other programs or applications. This screen also includes a percentage counter that secretly increases the number of ransomware.

Dissemination Tactics Used By Fake WindowsUpdater Ransomware

  1. Opening and downloading of any suspicious attachments or emails that sent from unknown persons.
  2. Downloading any cost free application from the untrusted sources.
  3. Playing online games.
  4. Sharing file over P2P network, using infected devices.
  5. Visiting any suspicious links including torrent files, hacked or porn sites etc.

Encryption Process of Fake WindowsUpdater Ransomware

Like other traditional ransomware, it also starts encryption process after intruding into the PC  successfully. First of all, it scans the drives for finding files that contain the targeted file extensions. After finding related file types, it encrypts them by using strong AES-128 encryption algorithm. On the completion of encryption process, it will display a ransom note on your desktop screen in a form of Grey colored table. The ransom message shown by this ransomware are as follows :

 

To get the unique decryption key, it asks victim to pay huge amount of ransom money. But you should not pay any money because there is no any guarantee provided by expert to deliver the decryption key even paying off the ransom money. Rather than making deal with cyber hackers you should delete Fake WindowsUpdater Ransomware from your PC to get files back.

Watch Video How To Delete Fake WindowsUpdater Ransomware! Tutorial

Free Scan your Windows PC to detect Fake WindowsUpdater Ransomware

rmv-notice

Remove Fake WindowsUpdater Ransomware From Your PC

Step 1: Remove Fake WindowsUpdater Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.

F8-keyboard

  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.

daver

  • Once the Command Prompt appears then type rstrui.exe and press Enter

picture6

  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove Fake WindowsUpdater Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

F8-keyboard

  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

msconfig01

  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To Fake WindowsUpdater Ransomware

  • Press Alt+Ctrl+Del buttons together.

ctrl+alt+del

  • It will open the Task manager on your screen.
  • Go to Process Tab and find Fake WindowsUpdater Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove Fake WindowsUpdater Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.

Win+R

  • Type “regedit” and click OK button.

Type-regedit-to-open-registry

  • Find and remove Fake WindowsUpdater Ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the Fake WindowsUpdater Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Fake WindowsUpdater Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

freescan1

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

footer-1

Related Posts

Skip to toolbar