Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Wow, I had this #$%^% intrusion a few days ago and tried removing it manually…what a pain it all caused. Even cleaning out the registry did not help but I did notice in one of the keys that there was a “pending rename” which contained
“UAC(and a number)…”. No wonder it’s so hard to find, it renames itself to proliferate! The method shown above worked flawlessly and the instructions were a breeze to follow. Thanks for all your knowledge and help. I definitely will be back here if anything else crawls in my PC.
When my computer rebooted the Avenger log said
the file was not found, but it seems to have worked anyway.
There was no hardware tab in properties btw,
I have XP, should that tab be there?
Thanks a bunch!
Im having the exact same problem as described above, but UACd.sys or anything that resembles it is not fount in my plug and play drivers. What do I do?
THanks
Derek, skip step 1.
Used this to remove the trojan but when it rebooted it said there was a fatal crash and switched off again. Upon the second power up it started as per usual.
Is this normal? will it affect my computer?
What program is crashed ?
Patrik
On the restart boot after the windows xp load the screen went blue and there was a message stating fatal crash – i didn’t write the rest down. I did turn off the machine and restart and it was ok
I have just the first result on google search always redirected on windowsclick.com.
Checked the hidden drivers list and found no UACd.sys driver. No wJQs.exe file as well. That gives a pain in the neck.
OK I downloaded MBAM and it found a nice bunch of malware. Now all seems working well. Thank you.
Amazing! I’ve been trying for 2 wks to get this thing off my PC with no success….But this worked the 1st time!! Thank you!!!
Like Derek, Step one did not reveal any reference found in plug n play.
As PATRIK recommended, Step 2 was attempted & it worked.
This trojan did more than redirect, it also prevented several other programs from opening (like Spybot).
Windows One Live Care saftey scanner5 did not detect it, nor did their Mallicious Removal Tool, Symantecs scanner did not detect it nor did Panda’s or several others.
I appreciate AVENGER & PATRIK !
I’ve been having a problem with this for ages and nothing else I tried worked. Avenger fixed it straight away. Thanks so much.
Thanks a lot!!!
Greetings from the Netherlands
Thanks a lot – It saved my life.
Greetings from France
It worked well.Im so happy of this web site, Malwarebytes’ Anti-Malware and avanger.Special thanks for the author of this article.Actually I am the person(idiot) who installed that malware in my pc by myself.It came as a crack for a software.I executed that “.exe” and suddenly that file dissapeared.Software has not cracked.
I got to know that both IE7 and firefox has infected when I tried to click a link in a google result page.It opened windowsclick.com in a new page.But during that time,there were running ad-aware anniversary edition and bit defender anti virus.Both of them were monitoring real time activities.None of them detected it on the fly.But once I finished using “avanger” as mentioned here,bit defender detected it as a rootkit virus and deleted.(It didnt detect until I remove “UACd.sys” using avanger.)
Now I have uninstalled AdAware Antispyware utility which is useless.It didnt detect even I scan by it manually.Now im using Malwarebytes’ Anti-Malware which detected 5 infected files regarding this malware.I KNOW MOST OF THE MALWARES GET INSTALLED DUE TO USER’S ACTIVITIES.ALTHOUGH I KNEW THAT,THIS TIME I GOT CAUGHT FOR A FAKE SOFTWARE CRACK.THANKS A LOT FOR HELP!!!!!!!
I still can’t believe it worked. kinda still expect it to show up again 😛
But it seems this worked just fine!!
thanks alot!!
I could not find it either but went ahead and used Avenger and it worked. Found both rootkits and disabled them! 1st CLASS!!!! However, I still cannot use system restore function. I can select a date but when it goes to the next screen nothing happens on clicking next…anyone?
thanks again!
Jase
I have zero clue just where I picked up this little bugger, but it has only been since yesterday (or the day before?) that I began having issues. As soon as I started getting the redirects while trying to answer a tech question, I knew I was in trouble (I’ve been on since ’95, and the only viruses I’ve ever had were ones I turned loose on my system deliberately to \
Thank you! This was a nightmare, but this was a lifesaver!
Jase, please follow these steps. I will check your computer.
I didn’t found the UACd.sys driver but moved on with step 2, where the thing with the avenger worked (exept the wJQs.exe!?) but everything seems to be fine again..
Thanks for the instruction 🙂
If you search the registry for “UAC” you will eventually find a sub-listing of “disallowed” items, hence the reason I could not initially get MBAM.exe and SUPERAntiSpyware.exe to work. Deleting this registry entry (or renaming the file) gets you around this. I must admit, a tedious little exercise figuring out what to do, but I was quite happy to find the UAC registry entry and to personally nuke it myself!
I can’t do any of the steps. Anytime I try to go to a website to download a virus program, it says internet explorer cannot display page. any help would be appreciated
So, I’m trying to do these steps due to this very annoying infection that AdAware completely has overlooked dispite the most recent update … (I digress). Anyway, anytime I try and click the avenger link, or the MBAM link, or ANY other link for a .exe from this website, it says
I had this virus infected and my browser was redirecting to windowsclick.com. I was not able to browse anything, could not even open spybot to remove spyware. I tried so many things. Then I googled this page from another computer. I did not find driver in Hardware->device manager tab. So, I skipped step-1 as told by Patrik in comments. Downloaded Avenger and ran. when the system restarted, it crashed with a blue screen! I switched off again (forced off) and rebooted. It booted and showed a log file, showing UAC*****.sys driver deleted. wJQs.exe cannot be found. I closed the log file, and the system is as same as earlier, except for the fact that system restore points are gone!!
Thanks for the tutorial.
Rudresha
Couldn’t find the driver in step 1, and something on my comp prevented me from downloading Avenger in step 2 (404 on the download page).
However, downloaded Avenger and MBAM on a clean comp, walked them over, and they worked like a charm. Thanks so much for this, I was seriously considering a clean wipe of my comp before I got this to work.
Jeff and Adam, use another computer for downloading Avenger.
I did’t find the UACd.sys driver, so I followed step 2. After running Avenger with the Input Script and a reboot, the system keeps on rebooting. So I can’t do anything. Please help!
I downloaded both programs on a clean computer, brought them to the infected one, and ran avenger. It seemed to work fine, and I got the restart prompt. I clicked yes, and it shut down(quite slowly). When it rebooted, I got a blue screen saying the computer shut down to protect files from a virus, or something to that effect. Now when I try to boot, I get the windows loading screen, then a black screen. It doesn’t go anywhere from that screen. Is this from the Trojan, or something else?
thank you so much for the instructions. it worked great. my computer is back to normal again.