Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Tony, just checked the link to Avenger, it`s good for me. Use another computer for downloading antispyware programs.
Hi Patrik-
For some reason when I used internet exlporer (the most recent version) I was not able to open the link. …however I used Netscape and it worked. THANK YOU VERY much Patrik. I was on the phone with Microsoft for 3 hours today…they still didn’t figure it out. I used this program and it took 3 minutes….thank You !
If anybody wants to get in contact with these trojan bastards, here is the whois for windowsclick.com:
Elliott Cameron
15180 Western Springs
Reno, NV 89521
+1 775-851-7682
I spent 2 weeks trying to get rid of this damn trojan. If I’d started here first, it would’ve taken 3 minutes. What a lifesaver!
Yeah! Norton wanted $99 to fix this, even though I pay for their AV software. I only had to do step 2, but had to download the avenger file to a thumb drive. Then Spyware Doctor found the threat, which Norton and Spyware did not find before, so I didnt have to do step 3.
Thanks, I can quit obsessing over this niusance!
Hi,
Awesome guide followed first 2 steps without a problem, intsalle mbam but it will not run :(. Any ideas
Al, please follow these steps.
OMG!!! you all so awesome i love you guys so much. no more irritating windowclick annoyance for me. i couldn’t follow step 1 cause i couldn’t find it, but step 2 and 3 work a charm. WOOHOO IM HAPPY *does happy dance*
What AJ said! I’m dancing too, and done obsessing. It’s a wonderful thing you do, Patrik. Thanks soooooo much.
great guide, thanks +
I was having the same problems on my daughter’s machine and it took me a while to figure out what the problem actually was, but once I did, your advice worked perfectly.
The redirects were annoying, buy even worsee was not being able to run any software to find out what the heck was going on! That was driving me NUTS!!
Thanks for this. It saved me a complete re-format, which I was getting very close to doing!
I have been to several sites claiming they have a ‘fix’ for this Trojan, but all were useless. I couldn’t open the programs they wanted me to use, as it was blocked by the virus, therefore spent hours researching and trying, researching and trying….
Using the method above, upon the first reboot it sent the computer into a loop of rebooting and trying to fix the C:\… but I restored to previous settings, it scanned, loaded… and the damn trojan was deleted! Am running Malware now (which wouldn’t load before) and finding all sorts of nasty things.
Thank you thank you thank you.
I have the windowsclick problem in Internet Explorer and Firefox..I ended up uninstalling firefox and using Safari [which was already installed]. I had MalawareBytes already installed too, just now it doesn’t open and I don\’t know what I’m supposed to rename anyway..I downloaded avenger and everything went fine until the reboot, my computer was off for a second, and then it started up again but got stuck on the \
my post got cut off for some reason. Heres the rest:
Windows XP Media Center Edition screen with the loading bar for a couple of minutes,a nd then the screen would go back again, start up and get stuck on the XP screen again in a circle for 20 minutes..the same thing happened the next 2 times I tried after resetting the power with the surge protector. The third time I pressed F8 continuously and selected the last known good configuration and it worked but nothing has changed and avenger is still on the desktop with no logs or anything..I don’t know what to do 🙁
It wont load the site to get avenger off of. I cal load the malware but it wont open up when I try to open it. Please help
Roya, please follow these steps.
Adam, try rename avenger.exe to myapp.exe and run it again.
followed instructions from this site in downloading malwarbytes and changing the name of the setup file and the exe file. worked great!
channelprosmb.com/blog/entry/1468/Web-Browser-is-being-re-directed-to-windowsclick.com/
You guys are awesome…. worked just like discribed. Thanks a million.
I downloaded the avenger program, and i pasted the script in the text box. it did nt let me delete the drivers. i am still having trouble.
Thanks for your advice. This was very annoying and couldn’t remove from my computer. Great site
In the past week I have encountered three computers that had the UACd.SYS loading. All three also had Antivirus 360 loading. AV360 is easy to stomp & using Avenger & Malwarebytes, I got rid of the UACd. I also cleaned the registry info showing “disallowed” sites. I made sure that all the UAC*.* files in the system32 folder were gone. Now that the machine behaves itself & all seems to run fine, I fine another problem. The UACxxxx.dll that was deleted is showing up in Norton 2009 as “Packed.Generic.200” everytime I reboot. The file isn’t there anymore. I have re-run Avenger & it cannot find it. All views are enabled in explorer & I cannot find it. I can boot to Wininternals & still can’t find it. Is Norton just crazy or is it still there somewhere? I have reformatted two of the machines to get rid of it but I really need to figure out how to fully resolve the issue.
I have been cleaning viruses for over 20 years.
This bug is kicking my butt!
Any Ideas?
Ed, please follow these steps.
thanks so much for this! extremely helpful
Worked great! Thanks
Dear Patrik,
thank you so much for your help. All the processes worked really well. Your website is extremely helpful, indeed.
where do would I rename it at. I am confuse on where I would put the myapp.exe at. It wont let me even access the swandog website for avenger.
Patrik,
You are my hero and I owe you a huge favor. I ran thru the steps and my PC is my own again.
THANK YOU!!!
Patrik, this was a lifesaver. Everything worked great – the instructions were so helpful and using my computer is fun again. Thank you so much for working on the side of good and not evil 🙂
Patrik, when I tried to run Avenger I got an Error code – Could not register clean up . Aborting excution! Is there something I can do to resolve this> Thanks