Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Jeff, try to download Avenger to another PC and after that copy it to your computer.
hi there,
forget my last post!
IT WORKED!!!!! THANK YOU VERY VERY MUCH!!!!!
YOU ARE A LIFESAVER!!!!!!
the problem i had running avenger execute was that spyware doctor was running so it would block aveneger from working,
i had no blue screen poblem or anything
THANK YOU VERY MUCH!!!!
You sir are my hero, I had to email the zip files from an uninfected computer since the trojan redirected away from those sites but it seems to have worked. Just wanted to thank you
I had problem just installing and starting up program itself like MBAM (Malwarebytes) or AVENGER. Not sure what is plagging my system at the moment.. but one for sure is that it’s blocking executable programs. A trick if you have problem like mine.. Add extension .bat to all program that you want to install. (executable). Also you can look for UACINIT.DLL in %system%/system32.
When I do a google or yahoo search I get the windowsclick.com redirect. I tried the steps above but I don’t see the UACd.sys under the non plug and play list.
Any help?
Brad, please follow these steps.
Thanks a lot !!!!! great tips on how to remove this f*%cker! Did cost me a few hours but I’m glad I don’t have to reinstall the whole pc !!
Thanks again!
I can’t thank you enough! This worked like a charm after everything else I tried only removed bits and pieces. Clear instructions, and easy to use and follow.
I have this problem – but both steps are causing trouble.
With step one, like many people here my computer simply wont restart till i do a “last successful start” – question: Does that undo the avenger delete anyway?
With step 2: and this is probably my bigger problem, the MBAM program simply will not work. I downloaded it on another computer and installed it on the infected one, and i have followed a number of links on this site to trojans that may stop the problem, but they all need you to use MBAM which doesnt work. I’ve tried three of them, and they all cause the same problem with avenger mentioned at one.
My friend suggested using AVG, which i did, and it found a lot of problems and quarantined them, but it hasnt fixed this windows click.
ANy suggestions on getting MBAM to work? I am not all that technically minded with this stuff.
Heath, you should use Avenger for remove UACd trojan before run MBAM.
Patrik, from my own experience, and those of so many on this site, we thank you for making a better and healthier world by reducing nausea, ulcers, upset stomach, hair-yanking, screech-inducing, and the several and the other human reactions to this infestation. Thanks!
Hey again patrik, thanks heaps for all your help on here, its much appreciated.
The trouble i have though is that i can’t run avenger – it runs and all but the computer wont start back up – so like you’ve suggested i hit F8 and run last known good start, which gets the computer working again, but it appears that avenger hasnt been successful, and i dont get the avenger log that other refer to here.
Heath, please follow these steps.
I skipped step one as i could not locate the file. I followed step 2 and it worked ..it cleaned the file. This virus had taken over the google, yahoo toolbar and was opening webpages that i had not selected. thanks
Patrik, you absolutely rock! I thought my life online was over, but I followed your suggestions, and all is well again. The only thing I might add to the instructions is that it might be a good idea for everyone to change all passwords after running the fixes, just to be on the safe side. Many, many thanks for posting your solution!
Thanks for pointing me to the driver stuff. I got this alongside msantispyware2009 when I was breaking my own rule incautiously browsing as an admin. (Firefox really needs an automatic update service….) I broke msas2009 badly enough that I could resolve anti-malware site names but something was still apparently changing Google search results to do windowsclick.com redirects.
I found I didn’t have a UACd.sys driver in device manager.
Booting the box off UBCD4win (my first time with that … looks quite handy) I found:
– I didn’t have a wJQs.exe file in system32.
– I had plenty of UACxxxx files — .sys, .log, .dat and .tmp — just where you said.
– One of them was uacinit.dll which looks like a legit file. But the date gave it away.
I found that my Windows started OK with all of these just removed. MBAM came up clean after that.
Thanks very much.
T
Step 2 worked great! Do I need to do Step 3 as a preventative measure or is it a needed step to remove the Trojan?
Just wanted to say thanks. I found this and tried it and so far so good.
Thankyou so much – this has been giving me the shits all day – my anti-rootkit found it but could not seem to remove it. Much appreciated
Thank you so much patrik! This worked perfectly. Think I picked up this sneaky little bugger when I was on deviantart.com on Friday.
Patrik,
You have outdone yourself my friend, I couldnt figure out exactly what was going on I tried SmitFraudfx, Superantispyware, and atf cleaner without much resolve.
I realized why the new hardware icon kept poping up, because of the torjan file masked as a driver. But the system files revealed nothing.
Avenger link and the text you provied worked wonders. The Torjan was then recognized by AVG and I do not have the problem anymore.
Can’t thank you enough Pat!
Spent all day trying to fix my computer then I found these instructions and they worked! I can’t thank you enough!
I just tried this and it seems to have worked. I think the Malwarebytes program also removed some other form of malware that was causing internet explorer (and Viewpoint) errors?
THANK YOU SO MUCH!!
Just in running the Avenger script got rid of this pesky Windowsclick bug.
I will certainly keep this site for future reference.
Thank you!
Thanks for you time in this matter,the “windowsclick” issue as driving me mad,but with your help and friends time and computer all is fine once more!
Cheers mate, perfect! : )
Finally – instructions that work!
What an annoying virus.
I’m not sure what I’ve done wrong here, but somehow I’ve made my problem worse. I think I got rid of the windowsclick issue, but now our internet connection just does not move. Eventhough the windowsclick thing was annoying, at least my computer was usable. I downloaded and ran Avenger, but could not install the malware program. I have other spyware programs, would they be doing the same thing? Are my two other spyware programs interfering somehow? My virus protection comes up with the following viruses that it says it cannot quarantine: Trojan.Brisv.A!inf, TrojanHorse, Trojan.Wimad, Packed.Generic.200, and Hacktool.Rootkit. Any other advice? I’m about to spend $300 for Geeksquad… Thanks!
i belive this worked 😀
but along with the above symptoms like the redirections, my computer would randomly freeze (i could move the mouse, but nothing responded to it)
does anyone know if the freezing is a result of windowsclick, like did anyone get the same freezes and fix it with the above?
its annoying having to save documents every 10 seconds becuase im worried of another freeze 🙁
Kimberly and John, please follow these steps.