Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Thanks a ton guys !!!! You truly are angels… This little bugger kept me up all night trying to fix my laptop… Both IE and Firefox were messed up.. I had to use Opera even to look for a fix.. Folder options had disappeared from Windows explorer.. Both Malwarebytes and Spybot had stopped responding..
I followed your instructions and my comp is back to normal… In fact I was getting message about missing .dll files upon reboot forever now.. I had already given up on that.. This even took care of that… Thanks again and wishing you all a very Happy Valentines Day…
Hans and Cole, try it.
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the “Last Known Good Configuration..” option.
* Press Enter.
Patrik RULES!!!! Thank you so much for your help.
Windows not booting – I went to step 2, followed the instructions and after a reboot my laptop windows would not load. I went into safe mode which would not load either, but funny enough windows loaded normally after the laptop rebooted. I followed step 3 and I had 39 infections. All is working fine now. Hope this Helps Hans – Thanks.
I’d just like to add my thanks, too. At one point I was even considering wiping the HDD and re-installing everything!
Ok, well it is logging on most of the time now, either is safe or normal mode, but nothing happens when I double click the Mbam-setup.exe file. I ran bit defender, and it found 40 infected files. I quarantined them, and then uninstalled bit defender because it seemed to be causing some crashes. But I still cant use the internet.
Thanks for the help by the way, this trojan is really quite annoying.
Thanks a lot for the help Patrik and Dlps. I really was desperate, but all works fine now.
From Step 2 this advice was absolutely perfect. Step 1 found nothing took about 5 minutes to cure the problem. Had to use a different machine to download avenger Thanks
Thank you so so much. Zone Alarm found nothing, AdAware found nothing. Then I followed your instructions and boom! Fixed! Like several others, I too had to skip part 1. Downloaded Avenger and MBAM from another computer, wrote them to CD, and installed from the CD to the infected computer. After running the avenger scrip, the first reboot crashed — as others have mentioned — but then everything worked fine. MBAM detected 12 or so infections (UAC) and after removing them everything seems fine.
Thank you so much again!
Thank you so much guys u are lifesavers i also tried the whole of last night to fix the problem and im using bitdifender it only detected one adware.net infection but it failed to delete it after trying so many things i even downloaded malwarebyte using opera on my phone and it failed to open up until i followed step 2 onward using my phone to download avenger and it worked like charm and bitdefender started to figure out more infections thanks to malwarebyte which deleted them now my computer works fine now i dont know whether i have to use both malwarebyte and bitdefender on my system ?
Its ok.
Thank you so much to the original poster for this fix. I was up until nearly 5 am trying to clear this last night. I got up and ran step 2 and 3 and it fixed it immediately.
Much appreciation!
im in big trouble….this got me good….i had to take the download from a good computer and put onto the bad one…once i did this it prompted to reboot..i did…when it rebooted i got the same message that others have..the blue screen, so i followed patriks instructions and went to Last Known Good Configuration…when the computer rebooted it got to the screen that says windows…and thats it..so i manually rebooted the computer and now it continues to check the files on a blue screen and then trys to load and then goes back to checking the files on the blue screen…i can`t even get to my desktop or attempt to do step 3!!! what am i supposed to do know..help!
ok…so i got everything taken care of in my last entry…but even once everything is done…when i get online, which is taking close to 10 minutes then i still have almost no pictures/graphics. most times it freezes and when it doesnt freeze and i try to go to another site it just continues to run..not connecting and then freezes! i rebooted the computer but the problem is still there!
Patrik, thanks so much for the help. Saved me the hassle of a C:\ format. I appreciate it!
thanks so much! worked like a charm
Chris please boot your computer in the Safe mode and run Malwarebytes Anti-malware.
Thank you so much, i recovered my computer, good utility,
Best Regards
Thank you very much. Fortunately had a second PC to get the required pgms that were unreachable on the infected PC. I had a small problem trying to run Malwarebytes (probably because McAfee was still running.) Turned off McAfee and had to run Malwarebytes and reboot twice before the third pass quit finding items. But after it indicated clear, Firefox runs like it should. What a relief! I wasn’t looking forward to regenerating all those application installs.
Well it worked the first time, blue screened after avenger, but upon restart all seemed fine, two days later turned cpu on and windowsclick open browser4s and took over computer. I tried to use avenger a second time as described above and cunit keeps going into blue screen. Once i was able to get into safe mode, I deleted avenger a and ran antimalware found 18 items I removed tham and rebooted computer still blue screen can not boot into windows, HELP????
After several failed attempts at clearing this pain in the #@!, I found this page. I had to skip step 1 and download avenger from a different comp but once I did I was cured. Thanks!
Richard, please follow these steps.
Patrik,
How high is the security risk after having had this virus (e.g., passwords compromised, backdoors opened, etc)? Should I consider a clean install of Windows?
After removing windowsclick infection, good idea is change all passwords. You also can to check your PC more, using a free online scanners.
Oh ok, so it is safe to say this is a much more serious security risk than a mere webpage redirect. I think I’m going to clean install the OS just to be sure (not that my computer is really used for anything sensitive, but I’d prefer just not to have to worry about this). If I backup data to a separate HD, is there any chance that HD can reinfect the main drive (assuming MBAM, ZA, and AA all missed something)? Or do Trojans like these only remain a threat even after being removed because of potential changes made to the OS (and data/passwords gathered while they were present)? I guess what I am asking is whether backing up my data to a separate HD, reinitializing the main HD and reinstalling windows and all that involves, will guarantee a clean computer?
Guys, Thanx so mutchh,,,
First i did the steps and when i rebooted my Comp and it strated 2 go on again, I got the BLUESCREEN OF DEATH.
Oh my god, i was going Freaky, I tried sec time , Same, 3e Time it started normaly and i got the log of avanger…
Thanx, I really appriciate!
Patrik,
My office computer is infected with the windowsclick trojan and it will not allow me to get to the Avenger website to download it… I asked somebody I work with if the Avenger website opened for them and they said it did. Also it’s preventing me from running any sort of spyware removal program (i.e. spybot). Please save me so I don’t lose my job! 🙁
Patrik,
Thank you for all your help. Reading through all of the comments and your responses allowed me get this pesky thing off my computer.
It is really a shame that people with programming talent waste it on virus and such. This has wasted 3 days of my time working through this problem.
Thank you very much for this posting. This was very helpfu.
Thank you once again!
Yes 🙂