Redirect to windowsclick.com site is a result of UACd.sys trojan activity. The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, UACd.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to windowsclick.com and other non related sites.
Use the following instructions to remove UACd.sys trojan.
Step 1: Disable UACd.sys trojan driver.
- Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
- Click Properties.
- Click Hardware Tab.
- Click Device Manager.
- In the top menu, click View and click Show Hidden Drivers.
- Scroll down to non Plug and Play drivers.
- Click + at left.
- In the list of drivers right click UACd.sys.
- Click Disable.
- Click YES for confirm.
- Close all windows and reboot your computer.
Step 2: Delete UACd.sys trojan driver and malware files.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
UACd.sysFiles to delete:
C:\WINDOWS\system32\wJQs.exeThen click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 3: Remove UACd.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
UACd.sys trojan creates the following files.
%System%\uacinit.dll
%System%\drivers\UAC[RANDOM CHARACTERS].sys
%System%\UAC[RANDOM CHARACTERS].dll
%System%\UAC[RANDOM CHARACTERS].log
%System%\UAC[RANDOM CHARACTERS].dat
%Temp%\tmp[RANDOM NUMBERS].tmp
If you need help with the instructions, then post your questions in our Spyware Removal forum.
DUDE!!!
You are a genious!!!!
Greetings from Montreal!
Thanks Very Much Patrick!
The avenger trick stops this one in its tracks as allows Malwarebytes and my Kasperskp to remove it!
I shall mention that this UACd.sys trojan caused the following problem so as to help fellow sufferers, (maybe google will pick it up):
When trying to access a USB Stick I constantly got the following error
The maximum number of secrets that may be stored in a single system has been exceeded
I was searching for fixes to this problem specifically, until I noticed wierd UAC reg entries and a Uacinit.dll file in a file called AVENGER (this was previously undeleteable)on the C:\\ drive prior to even even reading the above and before downloading the Avenger program!!! Wierd (hopefully not a ploy) but true.
This trojan (for me) came with the lovely WinPC Defender malware program which somehow got onto my system.
NASTY! but you have saved me reinstalling xp and many many more hours stressing.
THANK YOU
Oh and here’s a relevant post on virus list…
http://www.viruslist.com/en/weblog?weblogid=208187548
This is the kaspersky definition of the trojan I had:
Trojan-Downloader.Win32.Fraudload
All sorted…Thanks again.
Used your information to get rid of windowsclick problem and it worked GREAT and was VERY EASY !!!
Thanks for your help
Okay, so I didn’t have either of the files in step 1.
I downloaded avenger, and when I type C:\WINDOWS\system32\wJQs.exe or uacd.sys in Avenger, I recieve a message stating:
Error: Invalid Script. A valid script must begin with a command directive. Aborting Mission!
*sigh* I’m so sick of this silly trojan! Please help me… Thank-You So much!
THANK-YOU!!!
I tried following the steps you’ve posted and it wasn’t working for me… I almost completely restored my computer. But, something was telling that I wasn’t doing something right because so many people have had success… Okay, I’m rambling, sorry. Long story short, I didn’t realise that you have to type Folders to delete: or post another command in front of what you want to delete. So, I copy and pasted the data you have here and now my computer is working WODNERFULLY and I don’t have to deal with that annoyances of windowsclick.com or the headache of having to reinstall everything after a computer restore. THANK-YOU, THANK-YOU, THANK-YOU!
God Bless!
♥ Rebecca
Whew, I came very close to reformatting. I tried several other cleaners and wasted cash on the highly recommended ‘Spyware Doctor’, but to no avail.
I didn’t have the file in step one. So from step 2, I downloaded avenger and Malwarebytes onto a memory stick on a different machine and renamed them. I copied the files to my desktop installed, run them and hey presto! Got the buggers!
You have been a great help. Thank You!
YAY!!!!! thankx ALOT, i was struggling trying to remove this shit from my computer… i dont know how i got this fucking virus but im glad its gone. Again, thanks a ton. For those people who are reading these messages and thinking that this will just further mess up your computer, forget that, download and install the software above, run the script and say bye bye to those pesky redirect viruses. anyways godbless the interweb and fuck the programmers who write these damn viruses..
Thanks for your great advice. Your site is brilliant. Followed the instructions and it worked perfectly. (Mbam hadn’t installed properly when using advice from other sites.) Suggestions on this site helped me – I downloaded the setup file to a new folder called abc and renamed it abce.exe. The virus has now been completely removed. Do you recommend malwarebytes full version as an all-purpose virus checker?
Malwarebytes full version is very good antispyware program, but anyway you should use also good antivirus.
I would like to thank you for this information. I followed your Avenger recommended steps and it worked like a charm.
I suspect the source of infection came from a website linked in a Yahoo! News story. Wouldn’t be the first time a hyperlinked site on there has downloaded something on a computer.
Thanks guys, info here is really usefull
my antivirus wasnt working properly till i followed your advice
Thanks again
OMG thank u guys sooo much. I HATE viruses lol. Peace and love
Patrik,
I bow to you, sir. I cannot thank you enough. I am so grateful. As had so many others, I had tried everything I knew for two weeks with no success, but I followed your intructions shown above, and like several other users experienced, the driver- UACd.sys trojan driver- did not show in the first step, but the rest of it worked beautifully. Thankfully, it was on a friend’s pc, not mine, and all of his malware protection was very out of date. Thanks, again. The world needs more people like you. I have a question. I only learned of Malwarebytes while researching/trying to get rid of this virus. I have been using Trend and have realized it is very weak. I notice software and free scanner programs mentioned on your site. Would you mind telling me which systems you recommend- specifically, as your site lists several of many of the same type products. And are rootkit finders/killers, and all the new-to-me products I only became aware of researching the removal of windowsclick necessary? Or am I safe enough just running malwarebytes and whatever? As you can tell, I am not very advanced and am begging for your guidance. I want to be protected, but it seems like we can take our defenses to an unnecessary/overkill level. Please let me know your thoughts. Thanks again, very much.
Rick, read the topic.
Before coming here, I ran symantec antivirus adn ad-aware in safe mode, and deleted all history, cookies, etc. on both Fire Fox and IE. It seemed to fix the problem for Fire fox, the redirect stopped being an issue. But IE still didn’t work. I ran Hijackthis but it found nothing (at least not that I could tell). Then I came here, and skipped step one since it wasn’t visible. Avenger and MBAM found and deleted the UAC trojan.
After working on this for 4 hours today, it’s nice to feel relief once again (I don\’t know how some of you who posted here went for weeks with this trojan). Thanks Patrick.
I was sooo close to giving up on this one and reformatting!!
Even tho UACd.sys wasn’t visible in device manager, the fix worked!!!
THANKS!!!
Thanks a lot guys, this one was a real pain in the *%ss.. It even affected my Avira Profesional Rootkit. Your solution worked like a charm.
Again many many thanks!
Client got this trojan. He was panicking all over the place !
Glad I didn’t immidiatly formatted the pc. Now the problem was over in like half an hour 😀
Good tut ! Nice job, Patrick !! ^_^
Greetings from the Netherlands
Thanks a lot for the guide!! It worked flawlessly. After following the instructions of the useless technical service of ESET-Nod32 and wasting over a day scanning my PC, in just fifteen minutes I got rid of the annoying “windowsclick” trojan.
Thanks again!!!!!!!!
Thank you Patrik,
This annoyance has made its way to Australia. I tried step 1, but it didn’t show up in the Non Plug and Play drivers. So I tried Step 2 and the virus disappeared immediately. Incredible! All hail Avenger.
You did more than save my computer, you saved my business. It took 5 solid days, numerous malware programs, reg editors etc etc, nothing worked, no anitvirus programs, Nothing!! avenger worked a treat. Thank you so much for your help. THANK YOU !!!!!!!
Thanks a lot, your website saved my computer and my sanity, and probably me from murdering someone.
Thank you VERY MUCH.. the instructions on this website take care of this Virus/Ad/Google rapist perfectly..
I actually had to find this page and email all the links to myself so I could download them onto the infected PC..
Thanks Again, you’ve done a great service for humanity
I’d had this windowsclick for a few months…it was driving me mad, computer kept freezing when i logged on. Not knowing much about computers and being at my wits end i tried your suggestion. It has worked a treat, i had to skip step one as well. but it worked beautifully. MASSIVE THANK YOU
Okay, I am baffled – can anyone explain why I have this trojan (yes, I honestly have it) but the file UACd.sys which is supposed to exist under NON PLUG & PLAY DRIVERS does not? Even a search comes up with zero results. Has it renamed itself?
Biff, skip 1 step.
Worked perfectly – Thanks
Thanks to Patrik and so many others – I was finally able to remove the windowsclick trojan after several tries and retries. Like so many others, step 1 didn’t find the driver, and my advice to others is to read through all the comments before you dive in – you may save yourself some time.
I do have one question – I now have AVG, Spybot S&D, and MBAM all loaded on my PC – will this cause system conflicts? I paid for AVG and was in the process of working back and forth through several e-mails with their technical staff – then Googled “windowsclick” at work and found this site and decided to proceed with the advice here. Also, I had not been able to run Spybot in recent months, even after deleting and reinstalling – but after running the processes here successfully, was able to launch Spybot again!
Thanks!
Thank you so much!!! Without your help, I could have been in trouble since it was my work computer that was infected.
Thank you so much for going to the trouble of putting together such a detailed and EFFECTIVE solution to this trojan!!! It saved me a ton of headaches!