Remove Wup.exe

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Source of claim SH can remove it.


Wup.exe is a malware file that can be found in some Windows computers and that launches a rogue process of the same name. The Wup.exe process is known for using up very high amounts of system resources, causing severe slow-downs and performance issues.

The file responsible for launching this malicious process is typically located in the C:\Users\USERNAME\AppData\Local\Temp\wup\ or the C:\Users\USERNAME\AppData\Local\Temp\csrss\wup\xarch\ folders. 

Most users who have encountered the wup.exe process on their Windows computers complain that their systems have become extremely sluggish as a result of this process. The process seems to be using upwards of 70% of the computer’s CPU, and it’s also very taxing on the GPU and RAM. This fact, alone, is enough of a reason to want to quit the wup.exe process and delete the file it originates from. However, the issue doesn’t end here – wup.exe is obviously a malicious process/program, and it may be capable of executing additional harmful actions on your computer, which is why deleting it ASAP should be a top priority for you.

Wup.exe in Windows 10

Wup.exe in Windows 10 is a malicious process that will use up most of your computer’s CPU, RAM, and GPU, which could lead to slowed-down performance among other issues. Wup.exe in Windows 10 needs to be stopped and its related data – deleted.

The easiest way to find out if wup.exe is in your Windows 10 computer is to press Ctrl + Shift + Esc and select the Processes tab in the Task Manager window. If wup.exe is in your Windows 10 system, it should be shown in the list of processes. It could help to find it if you sort the list by the amount of CPU or RAM that the processes are using, so you’d see the ones that are consuming the biggest amounts of resources grouped together.

You could attempt to end wup.exe directly from there, but this is likely not going to be enough to rid you of the malware that’s behind this rogue process. It’s likely that you’ve recently had a malicious program installed on your computer without realizing it, and you will probably need to remove this program first, before permanently stopping the harmful process.


Wup is the name of a rogue process and a malware file that targets Windows systems. Wup, as a whole, is categorized as a Trojan Horse virus that uses the system’s resources to mine cryptocurrencies that are then transferred to the creators of the virus.

Experts seem to unanimously agree that wup.exe should be categorized as a Trojan-type of threat. More specifically, a cryptocurrency-mining Trojan – a type of harmful software that silently leeches off of your system’s resources, using them for cryptocurrency generation. Obviously, none of the currency that gets generated is given to the user/victim – all of the generated money goes directly into the hackers’ virtual wallets while the user is left to deal with a severely slowed-down computer that is nearly unusable.

The Wup virus

The Wup virus doesn’t seem to be designed to cause system damage, but rather to exploit the computer’s resources for mining cryptocurrency. That said, the Wup virus could still be the cause of damage to your computer due to its excessive CPU, and GPU use.

It’s possible however that, in order to avoid getting spotted right away, Wup may activate its cryptocurrency-mining process only when the computer is idle (in other words, when it’s turned on but not being used). In such cases, it may take much longer (weeks, even months) for the user to notice that there’s something wrong with their computer. During that time, the excessive CPU, RAM, and GPU usage could greatly wear out the hardware components of the computer, thus reducing their overall lifespan. Still, if wup uses the computer’s GPU for an extended period of time, this will cause the CPU’s temperature to rise dramatically, which, in turn, would cause the fan to spin much faster to cool down the CPU. This faster spinning will most likely continue even when the wup.exe process stops. Therefore, if you notice that your computer’s fan has been acting oddly as of late, spinning unusually fast and being very loud every time you start using the machine, you should probably investigate this irregularity as it may be a sign that the Wup virus is in your system.

What is Wup?

Wup is a rogue piece of software that launches the wup.exe process, which uses your computer for cryptocurrency-mining, draining its resources in the process. Wup can be very taxing on your hardware and lead to reduced CPU and GPU lifespan.

If you have any suspicion that the Wup Trojan is in your computer or if you’ve already noticed it in the Task Manager’s Processes tab, you should make it your priority to delete the virus sooner rather than later.

If you are nearly unable to use your computer at the moment, don’t worry about completing the Wup removal steps we will show you in a minute – once you put your computer in Safe Mode, the wup.exe process should no longer be able to start on its own and so you should have all your computer’s CPU and RAM at your disposal while performing the removal steps. 


Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Source of claim SH can remove it.

Remove wup.exe

To remove wup.exe, you must first get rid of any recently installed program that could be related to it and then clean the system from remaining rogue data, processes, and settings.

  1. First, go into the Uninstall a Program window, look for sketchy programs, and uninstall anything you deem undesirable/suspicious.
  2. Next, search the Processes tab of the Task Manager for processes related to wup, and stop them.
  3. Open the Hosts file, the Task Scheduler, and the Startup items list and clean them from any wup entries.
  4. Search the System Registry for wup items, such items to remove wup.exe.

If you need additional details about these removal steps, you will find them in the next lines.

Detailed removal instructions for wup.exe

Step 1

Click the Start Menu icon in the bottom-left, type Programs and Features, and press the Enter key. Search the list of programs installed on your PC for anything that looks suspicious, especially if it has been recently installed without your knowledge. If you find such a program there, right-click it, select Uninstall, and complete the steps in the uninstaller. If there’s an option that, if enabled, would keep some data from the unwanted program on your computer, disable that option.


Step 2


*Source of claim SH can remove it.

Navigate to either of the following two folders (whichever one is present on your PC) and delete the wup.exe file that should be located there.

  • C:\Users\USERNAME\AppData\Local\Temp\wup\
  • C:\Users\USERNAME\AppData\Local\Temp\csrss\wup\xarch\

Step 3

Type Task Manager in the Start Menu, open the Task Manager app that shows up and click Processes. Now look for the wup.exe process in there, right-click it when you find it, and then select Open File Location. Now right-click the process again, select End Process, and then go back to the File Location folder that opened and delete that folder. Then check once more if the wup.exe process is in the Task Manager and if it has been re-launched, end it again.

Also, look for other questionable processes in the Task Manager that could be related to the Trojan. Processes with strange names and excessive use of CPU and virtual memory are potential suspects. If you think that a certain process could be a threat, do the following to determine whether that’s the case:

Search for the process’ name on the Internet and see if there are any search results from cyber-security forums and sites where there’s information about the process. If the process is truly a threat, this should help you confirm it.

Also, go to the File Location and scan each file that’s there using our free scanner available below. If any of the files turn out to be malicious, this would mean that the process is also a threat.


If you find out that the suspected process is a threat, end it as you did with wup.exe and also delete its folder.


Step 4

In this step, you must try to prevent the Wup Trojan from starting the wup.exe process again. Deleting the file location folder should have ensured that the rogue process doesn’t get restarted, but we also recommend booting the computer into Safe Mode to add an additional obstacle that would prevent the virus from re-launching its process(es).

Step 5

Type each of the following lines in the Start Menu, hit Enter to go to the respective item, and follow the instructions we’ve shown for it below:

  • Msconfig – When you open this, you will be taken to the System Configuration settings. In that window, select Startup, then uncheck from the Startup list anything that looks connected to the Wup Trojan as well as anything that is unfamiliar to you or that is with an unknown manufacturer. After that, click OK.
  • Task Scheduler – When you start the Task Scheduler, click the Task Scheduler Library from the top-left and then look at the items in the central panel. If among them, you see a task labelled wup or anything similar, right-click it, and select delete. Also do the same with any other unfamiliar and suspicious tasks you may notice there.
  • notepad %windir%/system32/Drivers/etc/hosts – Once the Hosts notepad file appears on your screen, scroll down to where the two “Localhost” lines are, and see if below them there are any IP addresses. If you find IPs there, send them to us using the comments section below, and we will soon let you know in a reply under your comment if those IPs are rogue and whether you need to remove them from the Hosts file.

How to remove wup.exe from Windows 10?

To remove wup.exe from Windows 10, aside from uninstalling potentially unwanted programs and eliminating the rogue process and its files, you must also clean the Registry. Deleting any rogue items from the Registry is essential in order to remove wup.exe from Windows 10

Note, however, that this must be done with caution – there are many essential settings stored in the System Registry, and deleting an item that’s not from the virus can oftentimes result in harm to the system, among other problems. Therefore, while completing this final step from our guide, don’t hesitate to ask questions in the comments if you are unsure about anything.

Now, the first thing you ought to do is type regedit.exe in the Start Menu and then open the app that carries the same name. Before the app starts, you will be required to provide Admin permission to launch it – click Yes to give your permission. Next, when a window labeled Registry Editor appears on the screen, press together the Ctrl + F keys, and this will open a small search bar. Type wup in that search bar and begin the search. If a wup item is found, delete it, and search again for the next one. 


Keep doing this until you’ve managed to delete all Registry items related to the Wup Trojan, and then navigate to the directories shown below (by expanding the folders in the left panel of the Registry Editor):

  • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
  • HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main

Each of those directories must be searched for sub-folders (called keys) that have suspicious and unusual names. Commonly, a rogue item in either of those locations would have a randomly-generated name that looks like this “309urjd309tj3e0ir09tgj039d32rjd093j0e”, so if you see anything similar, tell us in the comments about it, and we will tell you if it’s a threat and if you need to delete it.

If the wup.exe process is still running

If this process keeps running on your system even after you’ve completed everything shown in the guide, it’s likely that the Trojan behind it has entrenched itself too deep within your system and manual removal may not be feasible. In such cases, we recommend that our users employ the help of a reliable security tool that can perform a deep scan of the system and find all rogue settings and data related to the virus, and then delete them. The tool mentioned in the guide has been tested against threats of the Trojan Horse variety, and it can quickly identify what needs to be removed and then remove it in no time. We recommend giving it a try if you are still struggling with the removal of wup.exe.


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


  • Hi,This is gk gautam , there had a wup.exe file runinng in background in my new laptop taking the 75% of CPU usage then i ended the task after 5 min it started again itself and then i did to set my laptop on safe mode booting and restarted, after that it does not signing in, finger sensor not taking,saying pin in incorrect,even by any of the ways.
    suggest me solution if u can!

  • hey guys..i had this problem..I used spy hunter to remove but it reinstalled constantly..I finally stopped it partially by going to the resource monitor in performance section of windows task manager. In resource monitor, right click on wup.exe and click suspend process.. It will suspend the virus and won’t let it hog onto your processor. This has to be repeated every time you restart your computer. This is nothing permanent, but a temporary relief..Hope this helps!

    • Your a genius,It’s not permanent(as u said) but its not that time-taking to do it too 🙂 .Thanks,i was finding the solution for many days,when i tried to end the process directly in the processes section in task manager,it just said that access is denied,now i terminated other virus too(e.g cloudnet.exe)


  • After Reading Forder Name Again I Think Is Csrss Is Safe? And I Searched It On Google And Say If That File Wasn’t In System 32 Then Its Virus I Deteled That File But It’s Coming Back Then I Notice Its Icon Change Every Time When That Back That’s Mean It’s Can’t Replace The Wrong File To Right File

    (I Did That To wup.exe I Made A Text File And Named It wup.exe But Right File Coming Back)

    I Add New Text File Named It csrss.exe And I Deleted wup.exe Again Now It’s Not Back

Leave a Comment

We are here to help! Use SpyHunter to remove malware in under 15 minutes.

Not Your OS? Download for Windows® and Mac®.

* See Free Trial offer details and alternative Free offer here.

** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

Spyware Helpdesk 1