windowsclick.com redirect (UACd.sys.trojan) removal - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: windowsclick.com redirect (UACd.sys.trojan) removal

  1. #11
    Junior Member
    Join Date
    Mar 2009
    Posts
    1

    Thanks

    Just wanted to say a big thank you to NukEvil and others for clear, precise, simple no-nonsense instructions on how to get rid of windowsclick trojan. Process worked a treat! Thanks!

  2. #12
    Junior Member
    Join Date
    Mar 2009
    Location
    New Castle, Delaware
    Posts
    5
    Hi all, I do helpdesk on State Applications, and work as a liason and am not a techie person. My State pays State emps and contractors to do that kind of stuff.

    This is my home PC that is having the problem with Windowsclick, a very old 40 gig Gateway that used to run like a charm.

    I have this malware and I stayed up really really late last night trying to get rid of it, safe mode did not work, 4 different malwares including spybot and malbytes (sp??). I finally gave up. Did find some viruses and trojans that got past my AVGfree.

    Someone posted about downloading to another Computer and e-mailing the anti-malware.

    If I download the malware from my laptop, is it OK to download it to my external HD? Reconnect the external HD to the infected machine and run it from there?

    Thanks for any help, my wall paper is getting lighter and lighter...

  3. #13
    Member
    Join Date
    Apr 2004
    Posts
    69
    Seems that Google has indexed this thread..

    Anyways, remelian, I assume you've read this thread? If so, did you try the Recovery Console method, or renaming the anti-malware program?

    Windowsclick is rather easy to remove after you've found an easy way to remove it.

  4. #14
    Junior Member
    Join Date
    Mar 2009
    Location
    New Castle, Delaware
    Posts
    5
    I tried renaming 2 of the anti malwares. That did not allow them to work either.

    This is running XP 2002, so finding any disc is going to be a challenge, buried somewhere in this room...I bought this right before Gateway gave up their brick and Mortar stores. It has served me well, Fire dog guys were suprised how fast it booted when I added memory last year...So I would like to keep it running and NOT depend on my Viao with Vista I really hate Vista. My Viao stuff and my EEEP stuff will not work.

    yes I found you all through Google.

    I am getting ready to download to my Viao, one of the techies at work warned me that since my external HD has been hooked up to my Gateway, it could be infected too. I have a 40 gig external HD for my EEEP (it has like 12 gig, so if I want my music camping it has to be on an external HD) so I can download the set up through my Viao into my mini external HD, I hope.

  5. #15
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Disable System Restore, dump AVG and install Avira AntiVir instead.

    Install Ccleaner (www.ccleaner.com) and manually delete as many
    contents of temp folders as you can on that PC.

    Update everything: SpyBot, MalwareBytes, AntiVir.

    Then run 'em again.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #16
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    If you are going to connect the external drive, make sure when you go to copy stuff that you do not open it by clicking the drive's icon, instead open my computer and click the Folder button above the addresse bar

    and on folders bar open the drive that way.

    and when accessing the copied files on the infected machine do the same..

  7. #17
    Junior Member
    Join Date
    Mar 2009
    Location
    New Castle, Delaware
    Posts
    5
    Avira sees it (well I can see the file as it cascades through) but does not trap it.
    I think I have now the Cleanest registry in the State of DE...(private computer)...
    Avira keeps trapping the same 2 things, one is a root kit.

    t34b4g5, I did not know there was another way to get to the flash or external HD. There are no icons for the H drive (external) and G drive (flash) on my desk top. So I guess that is a good thing.

    My work computer let me download the setups for malbytes and and something with the icon of a lion(???) onto my flash drive and let me change the names and the extension, but when I changed the extension, it did not recognize it. My brain is foggy with lack of sleep and all this technical stuff.

    I did find my restore disc last night at the bottom of the software drawer, so if all fails, I will back all my music, and do a full disc restore. the rest is pretty well backed up or easy enough to re-down load, with the exception of my DVD Santa and ca couple of other paid with only one key things...most of what I have is free ware. I ahve not ahd to do that in years and years and never on this really reliable Gateway...teaches me NOT to be where I really should not be...

  8. #18
    Junior Member
    Join Date
    Mar 2009
    Location
    New Castle, Delaware
    Posts
    5
    I ran Combofix and within seconds it ID'd a bunch of UACd files.
    I completed the run, did what it said to do.
    I rebooted.
    Then went back into the internet. Nope windowsclick is still redirrecting.
    I ran Avira, it picked up a root kit. I got rid of that (quarantined)
    Then I re-ran Combofix, hard drive was clean.
    I downloaded the root kit tool from Avira, that came up clean.
    Went back into the internet, and got redirected again...methinks that it might be something in my external HD...I guess I need to wipe it clean since I cannot figure out how to get Combo fix to look at it.

    I left for work running a full scan with Avira, I have my external HD and my flash drive being scanned in the full scan.

    I defraged the C drive last night and where I had 24.7% free space on my C drive, I now have 37.8% free space, so I had a lot of junk that was removed. Malwarebytes removed one of my paid for antiviruses as a "rogue".

    I have had this gateway since 2001, found files I installed back to there. It has seen Verizon internet and now Comcast, as well as a local ISP before I made the plung to Verizon. So this computer is like an old friend. Like an old friend, I hate when someone is sick...

    I am going to dump all the files on the External HD and reload from the C Drive. I had EVERYTHING backed up including the hidden files. I also have a brand new 500 gig External, I may just try backing up into that and seeing what happens after a full scan.

  9. #19
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Remelian try following this guide and let me know if it helps.

    Quote Originally Posted by t34b4g5 View Post
    I recently had to fix a friends computer that was doing the same thing..

    here's the way that i was able to fix it.


    try going to my computer.
    Click the folder button and make sure view hidden files/folders is turned on and check your drives for "resycled" and "autorun.inf" files/folder
    They will appear in the root directory..

    If they are there then go to a command prompt and change the attrib settings to the "resycled" folder and the “autorun.inf” file

    attrib -r -s -h

    then while still in the command prompt just use the del command on both.

    then do a search for autorun.inf on your drives and after the scan just right click on each one and open with notepad or wordpad and check each one, and if any happen to have "boot.com" before a string of jumbled letters numbers then delete.
    the "boot.com hides in the “recycled” folder and when the “autorun.inf” files is loaded it loads the “boot.com” file and your browser will continually get redirected.

    restart computer and then go to my computer and click folder and check to make sure there both gone..

    this thing was not only not letting me access the computers drives it also decided that it would re-direct the browser to www{X}copy-book{X}com {Note don't click site got active malware} all the time a little and i did the above and it should solve the issue.


    Also
    Start Windows in safe mode, then click Start -> Run. Type in regedit and click okay.

    Now at the top of the registry editor,
    click Edit -> Find.
    Type boot.com and click Find Next. Every time it finds a new boot.com, press the delete key and then enter. It should find a dozen or so copies.

    Now, plug in any external drives or flash drives you have used with this computer.
    Open
    My Computer. Click Tools -> Folder Options -> View and select "Show Hidden Files and Folders" and click okay.

    For each drive, open it and delete the “recycled” folder and “autorun.inf”. Back up each “autorun.inf” before deleting them off external drives, because they might be important.

    Restart the computer and the problem should be gone.

    Any removable usb drives you've plugged into that computer will also be infected with the virus, so make sure you clean them out too (note if you clean your comp, then plug-in the usb drives it'll re-install itself)
    any computers you've plugged that usb drive into are also infected

    a summary of what this thing does - its installed itself as a windows driver with a random dll file name, you'll have to track down ALL instances of it and eradicate it completely. Booting in safe-mode will assist, the drivers wont show up in control panel or admin tools either as its hidden

    other things you will need to remove this damn virus
    malware-bytes anti malware
    SmitFruadFix Scan
    hijack this
    gmer

    this thread should help you: http://www.bleepingcomputer.com/forums/topic191577.html

    if you download and install the latest version of those programs they should work fine without and update, the virus re-directs the update URL's as well. You will find its system-wide not browser specific!
    I think that you have a variant..

  10. #20
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hmmm, are you able to run an online scan tool?

    www.pandasecurity.com/activescan

    Post the log here ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. A Detailed Malware Removal Guide
    By CyberB0b in forum The Security Tutorials Forum
    Replies: 20
    Last Post: August 15th, 2008, 11:07 AM
  2. GP Folder Redirect problem
    By cheyenne1212 in forum Microsoft Security Discussions
    Replies: 9
    Last Post: July 24th, 2007, 03:30 PM
  3. Malware Removal
    By alakhiyar in forum The Security Tutorials Forum
    Replies: 1
    Last Post: December 17th, 2006, 10:31 AM
  4. Spyware and Virii removal, the tools and the works
    By Kamikaze Badger in forum The Security Tutorials Forum
    Replies: 5
    Last Post: August 18th, 2004, 10:01 PM
  5. MY trojan removal guide
    By khakisrule in forum The Security Tutorials Forum
    Replies: 7
    Last Post: July 10th, 2002, 02:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides