Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
I cant fine the UACd at device manager.
I already see hidden files
help me…
Whoever made Avenger freakin ROCKS! Thanks guys!
I am saved, for now…
Hi Patrick. Please Help..
I followed Step2, no help. I downloaded and Installed MBAM but I can’t run it. It stays there in Windows Task Manager but it never comes up on the screen. Can you help please?
Hi Patrick, I was able to run it as this “C:\Program Files\Malwarebytes’ Anti-Malware\fix-mbam.exe” /killall
It removed around 21 items. I think I’m all set, you are the man. Thanks and take care.
Well I did another MBAM scan and it says just like the last time that a file named “UACINIT.DLL” will be removed once I reboot the PC however after first reboot it remove it.
I don’t even see it in the system32 folder, I do have the ‘hide protected system files option unchecked.
Is it just an error from MBAM or should I be concerned?
Thank You Patrick.
Well, UACd wasn’t found in my drivers, but Avenger says it deleted it. However, the wJQs file wasn’t found by Avenger. I had some difficulties getting Malwarebytes to work, but finally did. Everything seems to be working properly now.
I got rid of UACd.sys trojan on August 10 with ComboFix (I renamed it Combo-Fix before I downloaded it – note the hyphen). It’s straightforward, but there’s no cancel button, so make sure you have all of your antivirus programs disabled before starting ComboFix. It took about 10-15 minutes to run the program, and it takes minimal input while it’s working. My computer was rebooted once by ComboFix. Malewarebyte’s Anti-Maleware found 4 more UACd related files afterward. Now my computer is acting normally. Thanks for all of your help.
bleepingcomputer.com/combofix/how-to-use-combofix
Patrik, please advise on which boxes should be checked (if any) when running Avenger, in step 2.
Thanks, Jeff
Hey Patrik,
I have recently used a combo of malwarebytes and superantispyware to remove alot of UAC*** files, including uacinit.dll (i think). I was thinking of running these step just as a safety precaution. Is this a bad idea????
Reading through these postings I think I have a similar problem but it seems to be very persistent.
Following step 1 I found now UAC_ file to remove
Following step 2 Installed Avenger says it deleted the driver successfully but no file existed.
Attempting step 3 I have downloaded MBAM several time with various attempts at changing the installed and exe name and location. It appears to install successfully but then will not run. No error appears.
I have run AVG which has found several problems, but correcting them did nothing. I have run Adaware with the same result.
Upon start up AVG resident shield found a handful of UAC_________ dll files, but could not remove them.
What do I do next?
Jeff, don`t make any changes. You should insert script and click Execute.
satyo, skip first step.
Zulf, you need to run Avenger with above script to remove hidden UACd.sys driver.
Knox, run MalwareBytes and perform a full scan, If the program finds uacinit.dll, then you should follow above steps (start from step 2).
Rob, try step 2 again.
Patrik, you said “don`t make any changes”, but I’m still unsure which (if any) boxes should be checked. Can you please state the proper configuration?
Should the “Scan for rootkits” box be checked: Yes or No?
Should the “Automatically disable any rootkits found” box be checked: yes or No?
“Scan for rootkits”: Yes
“Automatically disable any rootkits found”: No
I had this, windowsclick.com redirect [UACd.sys trojan], and the windows antivirus pro to deal with at the same time. Not sure if they came together or not. After about a week of combating to no avail, I found this website. I would like to offer you my first born! No, seriously though, thank you so very much. I couldn’t of done it without your help. Kisses
I have tried step one, nothing there. As for step two, I’ve run Avenger, went through the restart, and I’m not sure what happens next – I was never given a confirmation of the program actually “doing” anything. As for step three, I cannot get my machine to run the Anti Malware program. Either nothing happens when I click on it, or it opens, and I get a “program has stopped responding” error. Please help me out if possible.
Bryan, try repeat step 2 again, then run MBAM.
I had problem just installing and starting up program itself like MBAM (Malwarebytes) or AVENGER. Not sure what is plagging my system at the moment.. but one for sure is that it’s blocking executable programs. A trick if you have problem like mine.. Add extension .bat to all program that you want to install. (executable). Also you can look for UACINIT.DLL in %system%/system32.
Comment by Pat Gallant — February 19, 2009 #
Thank for your comment.My uacinit.dll it was hidden in the registry ,and do not leave me execute nothing.
For anyone ,that other steps no works and can´t runs malwarebyte or spybot,etc… Run regedit and search uacinit.dll
thanks a lot everyone
eliminate these files and similars too:
%System%\UACvhpmkrfj.dll
%System%\UACsbqqqrer.dat
%System%\UACvpucimny.dll
%System%\UACrtvmepob.dll
%System%\UAClxwbpfsx.dll
%System%\UAChyawqckt.dll
%System%\uacinit.dll
%System%\UACsvnllvia.log
%System%\drivers\UACabdvbfhe.sys
and registry entries:
key: HKLM\System\CurrentControlSet\Services\UACd
value: imagepath = \
I ran Avenger per the instructions in step 2. I deleted the UACd.sys file but did not find the wJQs.exe file and no rootkits were found. So I reran and still no wJQs.exe and no rootkits to delete. I still can’t run MBAM. I also noticed I have the b.exe file. Should I type that into Avenger to be deleted?
Yeah, I have a problem running mbam… nothing happens when I try to open it. I’ve read about this before, where the solution was to rename the .exe but in my case this did not help.
Jeff, please make a new topic at our Spyware removal forum.
Thanks a lot!!!
Greetings from France
I followed step 2 and 3. Problem solved. Thanks!!!
I too ran the Avenger pack and I stopped being redirected to random sites, but I still cant run or open malware bytes or spybot search and detroy
Steve, ask for help at our Spyware removal forum.
I have followed the steps above but whenever I try to run MBAM or any other program that scans the computer it closes the program and when I try to open it again it says “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.” I have gone through and deleted
%System%\UACvhpmkrfj.dll
%System%\UACsbqqqrer.dat
%System%\UACvpucimny.dll
%System%\UACrtvmepob.dll
%System%\UAClxwbpfsx.dll
%System%\UAChyawqckt.dll
%System%\uacinit.dll
%System%\UACsvnllvia.log
%System%\drivers\UACabdvbfhe.sys
and stuff. Also, sometimes when i reboot I get a system shutdown window that pops up telling me that something happened and the computer is shutting down in 1 min. When the timer runs out i get a black screen and the computer doesn’t shut down. Please help!