Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
Please check this forum page… it says even if system is cleaned your machine cannot be regarded as secure after this type of infection. The only safe thing to do is reformat! (which will be fun with a 400gig hd and a load of software…)
Can anyone confirm that this solution makes your system as safe as previous to the infection?
If your having trouble starting exe’s – rename them, this little bugger looks for spybot, malwarebytes exe etc and stops them working.
Also I had a fully updated version of Kaspersky 2009 on Xp sp3, lavasoft adaware & spybot S&D running, none of them found or prevented the infection which makes me feel like shuving my large desktop PC right up Kasperskys A£$@…
Has anyone else been infected whilst using ‘paid’ & updated virus protection software?
rgds
FORUM PAGE MENTIONED ABOVE:
malwareremoval.com/forum/viewtopic.php?f=11&t=39353
I did everything as followed just not step one because there was nothing in my driver as explained. I ran MBAM once more after infections were removed and it is virus free. Thanks for the help in removing this bad trojan. One problem, my internet connection wont work now. I am using another computer. Any help?
For Everyone unable to access the internet via a 2nd PC or experiencing blue screens I have been able to disable the UACd.sys driver another way, this then allows Malware Bytes to run.
Boot to your XP installation CD and choose Repair using Recovery Console.
The command LISTSVC should show a list of services, including the hidden UACd.sys.
The command DISABLE UACd.sys will disable it.
A reboot will then restart the PC without loading this driver. It is listed as a boot driver and this is probably the cause of blue screens after avenger deletes it.
Unfortunately this only works on XP
Also noted Avenger has a driver disable instead of driver delete functionality, may help with BSOD as well
Yvonne, please follow these steps.
Hi,
YOU are GREAT. You save many many hours Work with your excellent Ideas and turorialls. I am not really a newby, but i have trouble more then 1 Week long with “Windowsclick.com” and, more unlikekely DNS Changer at same Time. Thank You for Help.
obelisk219
Thanks a bunch for this article. The Avenger worked as it is said in the article, except the log said it did not find the C:\WINDOWS\system32\wJQs.exe
windowsclick.com doesn’t hijack my browsing anymore.
thanks
Brilliant, as many others I was considering a full wipe and reinstall!! Had to skip step 1 as no UACD drivers visible. Downloaded all the required progs on a clean comp, ran on mine and worked first time. Thanks a lot :o)
Same with Rich! I didn’t see any drivers with Step 1, so skipped it, and everything ran very smoothly! I can’t even begin to tell you how grateful I am!
System restore is now fully functional! Mozilla has no more problem opening anymore (no longer crashing)! Internet explorer is no longer being redirected to windowsclick.com! Everything is running very smoothly, in fact, the best it’s been in a very long time.
Before I followed your advice Patrik, I noticed how you gave advice to others who were having problems, and I can tell you really care and are very knowledgable about this subject. Your comments were really what encouraged me to try and fix this problem.
Thank you soo much! Oh, and one quick question: now that I have fixed everything, do I still need the Avenger and MBAM programs?
Esther, remove Avenger, but you can to leave Malwarebytes Anti-malware and scan your computer with the program on a regular basis.
What a relief! Thanks for the posting. I followed steps 2 and 3 and it seems to have fixed the problem.
I did deviate a bit: (1) I used another computer to download the programs and transferred them over using a USB drive. (2) I did not check for updates for mbam. (3) I renamed mbam.exe before I ran it. Thanks again!
This sounds like what I’m dealing with but there’s no VACd.sys in non plug and play drivers. Neither do I get 7.7.7.0 on screen. Can’t download Avenger from anywhere I’ve found. It’s blocked. Already downloaded Malwarebytes from your site, but it won’t run. Do I need to go buy software on disc to solve this? What do you recommend?
I started at step 2. I thought it may have been my newly installed router but it was the windowsclick.com. My two laptops were able to get online but not my desktop. My browser kept rerouting to windowsclick.com whenever I tryed to connect to a web site. I used my laptop to download the corrective programs and they WORKED! THANKS SO MUCH! This COULD have taken 4ever.
Thank you very much for posting this and saving my system. I am very very grateful.
Ken, looks like your computer infected with wdmaud.sys trojan. Read the article How to remove Google searches redirect virus 7.7.7.0. If you can`t download Avenger, then you can remove c:\windows\system32\wdmaud.sys manually.
Thanks for posting the solution! Like several others I didnt have the UACd.sys driver mentioned in step 1. Step 2 ran as said. Step 3 ahem, found a few more infections (around 40 yikes) and promptly swatted them 🙂
Thanks so much for this. This just saved me and my co-workers so much time. Just bookmarked this site for future use.
You Know how i got to this page without the redirect?
Google Chrome! My Saver!!
x)
I’m not getting a 7.7.7 redirect message. I’m getting waiting for: windowsclick.com or bitdefender.com or stopzilla.com or couponmountain.com, then spam websites with any Google search relating to anti-virus or malware. The thing let me download pandasecurity.com, but it didn’t work. It also let me download “BOClean” from Comodo.com, which also didn’t work after download. (Who do you trust?) My system32 file includes a file called wdmaud, but no wdmaud.sys file. What next?
Ken, you have tried the instructions (above) ? If yes, then follow these steps.
Patrik,
I’d love to download Hijackthis, but virus blocks access to any such download. I just get Explorer cannot display this screen message.
THANK YOU!!!
Ken, can you use another computer for downloading antispyware software ?
Brilliant! With a lot of patience (only Avenger was able to run on the system, copied from another pc and started from a usb stick) I managed to get rid of this nasty thing.
THANKS A LOT!!!
Marc
Whatever you’re selling, I’m buying! I was on the phone with Microsoft support for two days trying to get rid of this. I found your site through Dogpile (couldn’t use Google)and truthfully, I was nervous about using it, wondering if it was a scam — particularly after Avenger wouldn’t open, and my Dell computer deleted it from an e-mail as dangerous. I opened it with a zipdrive and went through the process, skipping step 1 because no UACd drivers showed up. Again, I’m thrilled!
um, what do i do if step 2 and 3 is not working (like most everyone else, step 1 wont work for me because i can not find the driver)
ie. the link in step 2 will not pop up – shows a failing site. When i tried the link on another computer (w/o the windowsclick virus that is), it worked. Step 3 also did not allow the pop up. By the way, I have enabled pop-up so I don’t know wat’s wrong…
On step 2 where you say to download avenger “here” when I click on the link it doesnt open anything up. please help! thank you!
Hi,
On Step where you advise to click ‘here’ to download avenger..it is a dead link on my computer. any advice?
Patrik, Fantastic ‘how to’ guide, many thanks for the instructions – followed them exactly & it worked perfectly – computer is now finally back to normal!
Phil