Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
I followed step 2 and Avenger removed ‘UACd.sys’ but not ‘C:\WINDOWS\system32\wJQs.exe ‘. Did something go wrong?
I then tried to install MBAM, but once I double clicked it and attempted to run it, it wouldn’t open/run/work. Help?
I also tried going to the forums. I downloaded HijackThis but once I attempted to run it, nothing happened. Help again please?
Spencer, probably your computer infected with braviax trojan. Ask for help at our Spyware removal forum.
UACd.sys is not showing in device manager!!
curt, skip first step.
I did all this, but Avira Antivir still tells me that there are some UACD hidden files on my computer – which it can’t destroy :
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\modules
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\start
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\type
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\group
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\imagepath
What to do about it ?
Thanx !
I need so much help. I got UACd.sys and i read the 3 step thing to get rid of it and its not listed under plug and play drivers so i tried to skip step 1 like it said in the help blog but i cant even figure out. i think i downloaded avenger but i dont know what unzip means! how do u do that? also whator where is Input script Box?
Marie, try to repeat step 2.
None of this is working. There arent any files named UACd.sys. and i downloaded MBAM and when i click on it it doesnt even load. What do i do?!
Whitney, ask for help at our Spyware removal forum.
Shanda, unziping requires something like WinRar or the basic unzipping tool loaded on most Windows OS computers. If internet explorer is not working try using Firefox. Typically a trojan or virus will infect the primary internet browser but not a secondary one, just make sure to say do not make firefox primary browser when installing. Use a microsoft trusted link to Winrar before you download to prevent any other infection. Hope this helps and if you have any other questions let me know, I’m fighting the trojan manually trying to find other ways of fighting it. Also, it may pose as a registry file, but it wont appear there.
i had this windows click problem about a month ago i had 2 skip step 1 but followed step 2 & 3 everything worked great till recently my computer loads slow again it freezes and wont always display a web page because i kept malwarebytes from last time i did a scan it said backdoor & rootkit but malwarebytes wont remove them this time so i did step 2 again but now it wont complete a scan it starts a quick scan but when it gets to performing extra heuristics scan it freezes i have tried avg which i used to use b4 malwarebytes but that wont move them either
marissa, if Avenger does not remove UACd.sys driver (main component of UACd trojan), then probably your PC infected with a new version of the trojan. Ask for help at our Spyware removal forum.
i have asked for help at spyware removal forum but i have no replies please help
patrick when i think back i was watching a video online before and it looked like the security system came up saying i was infected everything was flashing before my eyes it wanted me to buy something which i cant remember now does this help to what might be wrong with my computer
i dont no if this helps but i got it off avg scan history c:\windows\temp\kqdsmpfxbv.eve trojan horse 2.rca and c:\windows\temp\kqdsmpfxbe.exe(204) trojan horse agent.rca
I went to Device Manger, clicked on view, show hidden drivers and looked through Non-Play and Play Drivers and I cannot find the “UACd.sys”. Whats wrong? My computer still says I am infected.
):
marissa, i have asked you at forum.
Natalie, skip first step.
The steps above didnt work for me i followed all steps. I also know for a fact that its a UACd.sys trojan
Dylan, try step 2 again. If it does not help you, then ask for help in our Spyware removal forum.
hello everyone, i am a broke college student with no money to spend on computer repairs or any sort of internet security. i have been raging war on these viruses but they keeping stoping me at every angle i go at.
i tried step one, and could not find the virus
i tried step two, and the virus brings up the \
(CONTINUED…
page cannot be displayed.
i then try to load avenger via jump drive and every time i insert the jumb drive my computer completely cuts off. I DONT KNOW WHAT ELSE TO DO, SOMEONE PLEASE HELP ME I MUST HAVE MY COMPUTER WORKING TONIGHT!
Try use CD disk to move files. Also try to download Avenger through a proxy server (look google for a free one).
Hi Patrick, I followed steps 1 and 2 and Malwarebytes found 4 items which it deleted on reboot. But whenever I open Windows my “Windows security center” pops up saying no antivirus found and then another window pops up saying download protection. However, I already have Kaspersky antivirus installed. How can I check to see if windowsclick is completely gone? Thanks!
psr, make a new topic in our Spyware removal forum. I will check your PC.
Can’t install the MBAM in safe mode & my computer won’t let me go to normal mode. When I choose normal mode it goes to the blue screen & reboots.
I skipped step 1 because i couldn’t find the driver. i downloaded avenger, followed the steps, my computer restarted. with this:
Beginning to process script file:
Rootkit scan active.
Hidden driver “H8SRTd.sys” found!
ImagePath: \systemroot\system32\drivers\H8SRTujebfkmbyy.sys
Start Type: 1 (System)
Rootkit scan completed.
Error: registry key “\Registry\Machine\System\CurrentControlSet\Services\UACd.sys” not found!
Deletion of driver “UACd.sys” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\system32\wJQs.exe” not found!
Deletion of file “C:\WINDOWS\system32\wJQs.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
it says that there was an error and the files do not exist. so is the trojan removed or not?
Laurie, ask for help in our Spyware removal forum.
Ying, read the aricle: How to remove H8SRT troajn.
I did the first step, didn’t work, so ran avenger and said it found some of the files but not others, just downloaded MBAM but then i got a message from windows saying it will not run properly. This problem started yesterday when i accidentally downloaded malware defense, and to try and fix that i got pc doctor but it seems like the problem with malware defense has been fixed but i still have this uad.sys thing. please help me 🙁