How to Remove a Fake Microsoft Windows Update

by Mikhail Polenin

If you get an email from a bogus "Windows Update Team" saying you need to install a critical update on your computer, this is a scam geared towards infiltrating your computer with the Trojan horse. Before it downloads and installs other Trojans into your computer, remove the fake windows update Trojan as soon as possible. It might not be long before you are infected with many other forms of malware.

Open the "Start" menu and click "Run."

Type "regedit" in the text box and click "OK."

Navigate to the following path using the left panel on the window: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Right-click the keys named "Network Checker" and "WSock32 Protocol" and click "Delete" for each one of them.

Navigate to this path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices.

Do the same thing you did in step 4 under this part of the registry.

Close the registry editor and double-click the "My Computer" icon on your desktop.

Double-click the icon of your system drive.

Find a folder called "WINDOWS" or "WinNT" and double-click it.

Delete the file under this folder called "regsvs32.exe."

Go to the "System32" folder, which is inside the folder you view now.

Delete the file called "wsock32p.exe."

Go to the "Drivers" folder inside your "System32" folder and delete a file called "nchkswt.exe."

Restart your computer.


  • check To make sure you are no longer vulnerable to the infection, install the latest Internet Explorer security updates on the real Windows update website (see "Resources").

About the Author

Mikhail Polenin has been working with computers since 1997. His experience also expands to astrophysics, masonry, electricity and general appliance repair. He's written about various different subjects regarding astrophysics and electrical circuits for various online publications. Polenin attended the New World School of the Arts and the University of Florida.

Photo Credits