Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
If you had a Paypal link for donations I would send you $10, all I can afford as a student.
Your solution worked with a few bumps along the way.
I spent “only” about 2 hours with other fixes til I found yours.
Thanks!
Glad to help you 🙂
Patrik, can you please help me:
Ok so..i couldnt do step 1, Because I could’nt find the filed that were stated.
Step two worked well, after reboot however i got a message “Exception processing message c00000013 Paramerers 75b6bf7c 4 75 blah blah”
And i just clicked cancel.
My UACd still showed though (You see i have a Google Installer error, which is apparently a UACd.)
Im stuck on the (MBAM) i downloaded it, but it wont open. I tried downloading the other one, didn’t work. I did close all windows, even restarted and the first thing i did was double click on the setup icon. But still it wont open, it just has that timer near mouse pointer and then nothing.
Any help please?
Regards,
Mo
Mo, ask for help at our Spyware removal forum.
Thank you so much!!!!!! This is amazing!!!!
i followed the steps, and when i scanned, i keep getting the same results, and it tells me to restart. then i restart and scan again, and the same results show up again.
how do i permanently get rid of it? =
thanks in advance 🙂
If I download Avenger will it delete songs in itunes and delete word documents and pictures?
“it tells me to restart” – whats it ? MBAM or Avenger ? Make a new topic at our Spyware removal forum.
Deep, NO. Avenger will remove only malware files and drivers.
Thanks so much for this infrmation
it is really helpful nd im really greatful
THANK YOU!! This worked great! If you were here I would hug you!
I have struggled with this too. Ran Avenger and now re-running MalwareBytes, so we’ll see.
I was having the trouble with the trojan blocking the running (executing) of malwarebytes and other anti-crap software. I renamed the folders from the default during installation and went back & renamed the executible (m_bam.exe versus default of mbam.exe in the renamed MalwareBytes folder and it ran without issue.
I have the Virus but I cant find it in the Device Manager. Does UACd.sys have another name?
Joe, skip first step.
ok.
Hi, I have followed all the above instructions, and, after running the Malwarebytes scan it said to restart so it could remove the virus. Upon restart all was good, BUT THEN next morning i switch on comp and the same virus is back! it says Trojen.Agent – C:\WINDOWS\system32\uacinit.dll
what can i do?
Thanks
Thanks a lot Patrik. My computer is now working all because of you. Your the best!! 🙂
Krupa, ask for help at our Spyware removal forum.
Thanks three days of sheer confusion this is coldest trojan horse ive ever rode suggestions worked i was going nuts Malwarebytes frist progam worth paying for
Had to do second step because I don’t have the UACd.sys driver listed. Didn’t work.
I tried malwarebytes and I got the blue screen of death about 45 minutes into the scan. Avenger didn’t do anything. I use Trend Micro antivirus and it can’t find it. There’s nothing named UAC… anywhere in the registry or and device drivers. But I get problems when I try to open programs (they usually eventually open). Boxes pop up with the following three .dll’s:
UACenjcvorlfpwrbqipf.dll
UACmrfxxtjphbsufoebr.dll
UACvtiobmqhdxerjkevd.dll
I really have no idea what to do at this point. Any help is greatly appreciated.
Casey, try to repeat step 2. Also you can ask for help at our Spyware removal forum.
My computer is randonly playing ads and audio clips from the internet. How do I stop this?
Also, I have installed Malware and tried to run it. I have renamed the mbam.exe file to other names as suggested above, but it still will not run.
Help please!
Joel, if above instructions does not help you, than ask for help at our Spyware removal forum.
Thank you so much. Very good instructions and you helped people all the way. Works so well. I had a lot of malware so again thank you. 😀
Worked perfectly! Saved my work computer. Thanks for the info!
This Windowsclick virus had me angry for a couple days. I thought i would have to reformat(and dont have a disk). Found this site/help quickly and.. poof,.,. gone like the wind! Thank you sooo much for the removal software. I feel safe again.LOL
*after downloading, program wouldn’t open. I restarted the machine and everything went smooth. Thanks again!
Wow I having huge issues with this and im pretty neat with PCs, could not load malabytes or antispyware to kill the malaware, kept redirecting me to websites i did not want. Loaded avanger and followed the command even though the first stage i never had that exact file in my non plug and play list, and it worked i can now install malaware and antispyware to kill any threat
awesome job guys 100% genuine deal here, im happy
Step 1 didn’t work for me so I went on to the following steps and it seems that it worked. The only thing is that I couldn’t run MBAM after I download it. So I rebooted my machine and I did it in safe mode.
Thanks so much for your help.
Per the instruction in step 2, after I type the script to be run, before I click “execute” should I have any of the boxes checked? The “Scan for rootkits” box was checked by default. Should I leave it checked? What about the other box “Automatically disable any rootkits found”, should this be checked as well? I’m wondering if this might be why some people had problems and others didn’t after running step 2.