Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
lavonna, try:
1. rename Avenger.exe to myapp.exe (or use any random name)
2. run Avenger in Safe mode
You guys are geniuses! Thank you so much! I’ve just spent the past 18 hours trying to remove these suckers and finally I did. Avenger didn’t do much but the Malwarebytes Antivirus download picked up 46 infected files, including trojans and adware that an 8 hour full Windows scan did not even notice. Thank you again! I can go to sleep now!
I am having trouble with the windowsclick.com redirector as well, but when I go to device manager and look at hidden devices I don’t see the driver to disable.
Any suggestions?
Thanks
Dan, skip first step or ask help at our forum.
This one is a real pain. Not only does it create a hidden HKLM\Software\UAC registry key that you can delete, it also creates hidden HKLM\System\ControlSet001\Services\UACd.sys and the same in \ControlSet002\ (found with sysinternals rootkit detector) which have permissions set so >Reg Delete won’t work. So you think you’re clear, and you are not. Ended up using a bootable CD with a Linux Registry editor to remove these and Kaspersky could then track down the offending dlls.
Thank you so much this was easy and quick.
Thank you very much for helping with this problem. I too was getting redirected to windowsclick.com and all my search results had weird appearances. I downloaded Avenger and it worked like magic. I tried thinking back to when the problem occured and it began to happen right after i updated to Internet Explorer 8. Don’t know if it had anything to do with my problem, but it began happening right after. Once again, thank you!!! I feel relieved that everything is back to normal.
You Guys are just fantastic. I was really getting racked off with this windowsclick thing. My PC is back to normal and its thanks to you. I’m just glad there are people like you working to wipe out the prats that put this stuff out there. They makee all our lives hell. Thanks again.
I do not see the file UACD.sys when I perform your instructions…what do I do!?!?!?!
Erick, you can ask help at our Spyware removal forum.
OMG!!!! U r a lifesaver! my comp runs soooo great now!!! thank you thank you thank you!!!!…. 🙂
Oh wow It works!!! lol I’ve been tryin to get rid of this thing for over a week now. Thank you very very much! =D
hi guys,
im having a bit of a problem, i installed the avenger softare and set it all up by inputting:
Drivers to delete:
UACd.sys
Files to delete:
C:\WINDOWS\system32\wJQs.exe
into the box, but when i click execute, an error appears saying:
Error:could not register clean up.
Aborting execution (error 0: the operation completed successfully.)
i have no idea what this means and would like some help on how to fix it if possible.
thanks, Josh.
Josh, if you using Windows Vista, then run Avenger as Administator. Also you can ask help at our Spyware removal forum.
no im running it ox XP, but will ask anyway. thanks.
thank you thank you thank you!!!!!!!!!!!
I had to skip step 1.
I was able to install MBAM, but I can’t run it.
I have tried to rename it, tried it in a different account, and my computer won’t get safe mode to work. Is there anything else I can try? Thanks.
Drew, ask help at our Spyware removal forum.
Actually, I reinstalled and this time renamed the folder before it was created and it worked. MBAM found the UAC and deleted it.
Thank you for the guide.
Would you have a solution for why sometimes my computer freezes but i can still move the cursor? I’ve already done the other steps. Also, im not sure if this is relative but sometimes my wireless internet does something weird and stops working but the wired not still works :S
last post i meant net* and it has only started happening since i downloaded the antimalware software
JJJason, make a new topic at our Spyware removal forum. I will check your PC. Probaly your PC still infected.
Not sure how I picked this one up, was also stopping me from playing games on my computer, they were crashing at title screens.
However as soon as I ran the Avenger script everything is working perfectly, thanks 🙂
How can we get this trojan ? Im trying to guess where I got it, but cant remember D:
Probably you have downloaded and installed a fake movie player or fake adobe flash player or …
Great! It worked perfectly! Thanks!
Question, I suspect the Trajon came through a USB key, because I got the same infection on another computer right after plugging the key.
How can I clean the key safely?
Thanks
Gilles
Hey Patrik, I was just wondering, is it possible for routers/modems to be infected by viruses. And if so, how do you get rid of them? I read in a magazine that it was possible… :O
Yes, it`s possible. To get rid of them, you need to reset modem setting to defaults using RESET button at backside. After that to configure a modem again (ask your service provider, how to).
Thank you i searched more than 6 hours for a solution for this problem and it was so easy to follow your instruction.
thank you man (K)
Thank you, Thank you, Thank you. It worked. I was going crazy with windowsclick redirecting me everytime I tried to open up a website through google. You guys are the best. Once again thanks!