Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Dan, if you using a full version of MBAM (with autoprotection), then the better to leave only one antispyware program (SpyBot or MBAM).
Thanks Patrik. I only downloaded the free MBAM, so don’t think I’m using the full version. Would the full MBAM version offer everything currently included through AVG?
Again, thanks for all your help!
MalwareBytes Anti-malware full version features scheduled scanning, scheduled updating and real time protection to ensure protection from installation or re-installation of potential threats as you surf the Internet.
AVG – antivirus program, MBAM – antispyware program.
You can use AVG + MBAM, or AVG + SpyBot.
Patrik,
I went through step number 1 and did not find dthe driver in the plug and play. I downloaded and ran avenger in step number 2. I have Malwarebytes installed on my machine but it will not start. both Malwarebytes and Spybot will not run. Is there something else i need to do before this will work?
thanks in advance,
Huy
Probably you have a new variant of UACd.sys trojan infection. Please follow these steps.
Hmmm, followed the instructions and all seems good, just the 63 malware items found on my kids’ laptop!
Thank you.
I LOVE YOU!!! THANK YOU THIS WAS CAUSING ME RIDICULOUS PROBLEMS!!!THANK YOU!
thankyou Patrik.
guys like u are the angels in the cyberspace, superheroes who save ppl like us from such demons.
thanks for all the input. I finally got it. The name change did the trick.
Absolutely the best and clearest instructions. Worked like a charm and am having no problems since.
Even tho you are asked to download these things they are so worth it and are completely spam free!
Thanks so much for posting this, the instructions were great. I had to skip step one but after running through 2 and 3 no more problems.
Many thanks!!!!
Thanks for this page. I am fixing a friends Windows XP, and found your info very helpful.
I migrated to Apple Mac a couple of years ago myself, and have never looked back. Fixing my friends Windows XP just reminds me of yet another reason I love OS X. To anyone thinking of migrating to the Macintosh platform, I highly recommend it. Cheers, Tim.
Thank you so much or sharing your knowledge.
FTR – when downloading MBAM, running it after saving it to my desktop did not work. However I deleted that downloaded file and simply chose the “run” option when downloading again and it worked out perfectly. Everything looks to be back to normal – thanks again!
Hello all, I noticed this windowsclick problem just two days ago, and already my pc has shot itself. I am using a seperate pc just to post in this forum because i can not run internet explorer – it just opens, then freezes my pc, and I have to turn it off manualy. I also noticed a viewmgr.exe startup message appearing, stating that viewmgr.exe has encountered a problem and needs to close. How can I get rid of this malware when I can not access internet explorer to download any antimalware program such as avenger???
Download Avenger to another computer, then copy it to infected PC using CD or flash disk.
just like to say thanks for all the help you have given to us all, this is a great site and if i have anymore problems this will be the first site i will visit
Thanks so much – solved my problem. I had to go to safe mode to install MBAM, but it seemed to work. I also had the initial crash before I could even log in, but a 2nd reboot worked.
I will have to now go and see how I can donate money to this site – you saved me time and money!
MBAM picked this up, but I couldn’t see that hidden driver mentioned in step 1. Instead, I’ve followed the advice here:
forum.avast.com/index.php?action=printpage;topic=44103.0
and things are definitely improving:
– can run MBAM directly without having to rename it,
– browser redirects have gone.
However, the registry key keeps coming back, so still need to deal with that.
This looks very promising so far:
forum.avast.com/index.php?action=printpage;topic=44103.0
still seeing a UAC registry key, though.
Thank you very much indeed for the help!
I tried Malwarebytes but it wouldn’t run, even when I renamed it slightly. Avenger sorted it out for me instantly. I only managed to locate the info on here as I also have a Yahoo search toolbar (which still ran ok) that was added as part of my AVG 8.5. Google was totally disabled/highjacked by windowsclick.com
Thank you once again.
This seems to be working thus far…
Here is a list of programs that it either inhibits or stops alltogether. A good way to tell if you have this =)
-PowerIso *it will say that the Virtual drive manager is not properly installed and that you should reinstall it. Upon reinstall it will continue to give you this message.
-Spybot S&D
-Malware Antimalware – you can rename the exe and get it running. But without doing these steps it may not find anything.
-Multimedia Fusion developer edition
-Internet explorer(redirects)
-EPSON programs
-quick scan etc
-System Restore – BIG PAIN IN THE butt!!
-Disk clean up(sometimes)
-Bittorrent(for me atleast)
-AVG free edition
-Steam
-portal
-half-life 2
-Empire Total War
-etc.
(because these are all run through steam)
-Windows Media Player *Your media sharing will have been turned off.
-Age of Empires III *for me atleast
-Equation Wizard *for me atleast
-VLC media player *huge delay in either program startup or video playback
Everything else on my computer worked fine while i had this virus/trojan. Just thought id put out a list…
Wow, I don’t know what did it (I’ve been trying to fix it for so long) but you guys did it! Avenger worked like a charm. Thank You.
Thank You, Thank You.
Thanks a lot! My ZoneAlarm antispyware/antivirus didn’t catch this stuff and couldn’t get rid of it. This was really helpful and worked like a charm. Only issue: something was keeping me from running the Malwarebytes program–I had to rename the setup file, then rename the executable once setup ran. I am (hopefully) clear of the windowsclick.com malware now…
I didn’t find the driver in step 1 either but ran avenger which said it deleted it.
Avenger also said that it couldnt find wJQs.exe but i later found out this was because trend micro had already quarantined it so if ur getting the same result from avenger that could be why.
Great step by step though
I downloaded avenger, and when I type C:\WINDOWS\system32\wJQs.exe or uacd.sys in Avenger, I recieve a message stating:
Error: Invalid Script. A valid script must begin with a command directive. Aborting Mission!
And i did a windows search and it isnt finding it what am i doing wrong?
Thanks
manny, please checkup inserted script or ask help at our Spyware removal forum.
THANK YOU SO MUCH!!! I FINALLY GOT THE BUGGER! I just purchased Kaspersky not to long ago and it kept saing UACD.BLA BLA BLA BUGGER 24/7 was detected, however when I clicked take action it done nothing, and this kept appearing every time I logged on.
I left Step 1 because under non-plug and play there was no UACD… so I got Avenger, however when I clicked reboot, my system froze upon restarting ( likely another virus I gotta find now) but I hit the mains, logged in again, and the message from Kaspersky was still there, yet I knew why. I went back into Avenger, copied the text again however it said its already waiting action upon reboot, do you wanna reboot now so I said yes and the celebrations start there.
I honestly cant thank you enough-the trojan was such a pain.
By the way, COULD YOU PLEASE TELL ME WHERE I AM LIKELY TO OF PICKED THIS UP, LIKE WAS IT FROM A DOWNLOAD, POP-UP ect…
U R A G O D!!!!!
Avenger executes from my desktop but it doesn’t seem to run on reboot. I don’t see anything and can’t find an avenger.txt log.
Kate, ask help at our Spyware removal forum.
Thanks for the help BUT
According to a recent MBAM quick scan I now still have a uacinit.dll located in c:\windows\system32\ (wich is invisible)and this f*cker is unremovable. At the same time Kaspersky still shows that my comp is infected by trojan.win32.TDSS.adzz so to make it short, no more redirections but still f*cked by this s*it. Sorry but having spent hours today to get rid of this because I can’t reformat without saving the whole system first, I’m exhausted. Any help??
Thanks from FRANCE