March 30th, 2009, 12:39 PM
yes I could run online scans. I have now been virus free for about 2 days. I dumped almost all my backup files on my external except for a few that I cannot easily replace since they were not stored anywhere but my H drive, and ran independent scans on each of those areas. Evidently something was hiding in my H drive, re"infecting" my Gateway.
All of the scans (when H drive was disconnected) came up clean, as in all zeros...BUT when I hooked back up my H drive, the windowsclick came back even thought the C drive came up clean. The H drive would fireup even when not engaged (the light would brighten and I could hear it "thinking").
July 8th, 2009, 09:30 AM
Just registered specifically to say thanks for the info. I used billybobbubba's method and went with combofix first. Worked like a charm. I'd say try that first, then the manual method as you have nothing to lose.
July 23rd, 2009, 04:16 PM
registered to say thanks to NukEvil - I tried the other methods, but the file did not show up in my hidden drivers list and whenever I tried to run combo fix, my computer would just shut down - even after renaming the exe. NukEvils method did the trick - I was able to run Malwarebytes after disabling the uac file and Avira found all the infected dll files and removed them. THANKS NukEvil.
August 20th, 2009, 11:41 AM
windowsclick.com redirect (UACd.sys.trojan) removal
A quick scan with Malwarebytes and a full scan with an updated Norton both come up clean. Google works (ie, no more redirecting).
Now the fun partÖ
1. Was I infected with something that steals passwords or enables another use to control my computer such as a backdoor trojan?
2. Is my computer now clean? Can I use it for online banking? Or is it permanently compromised (until I reformat)?
3. Is it prudent to reformat?
4. In the process of cleaning, I tried a system restore at one point, though it was blocked from working. Iíve read that the trojan can be backed-up by system restore. Should I turn off system restore, thereby deleting all saved versions to ensure the Trojan isnít saved, and then turn it back on again?
5. The original operating system is on my E: drive, I believe portioned away from the rest. Could that have been infected?
August 20th, 2009, 11:51 AM
Well its very hard to say ...
You will never be truly clean until you format...
Just make sure you have some soft of firewall / AV running.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
September 11th, 2009, 10:58 PM
Had a Vista system with this same "condition", full of UAC<xxxxxxxxx>dll files which AVG picked up and killed off, but it wouldn't touch or couldn't find the main driver (as per design of the trojan and the nature of a rootkit).
As suggested I tried ComboFix.exe but it wouldn't run. Nor would MalwareBytes AntiMalware, AdAware, HijackThis or anything else useful in killing it off. Internet Explorer ran though.
It wasn't until I renamed ComboFix.exe to something more random than just Combo-Fix.exe that it could actually do anything.
1 reboot later and all looked well. Got MBAM to do a full scan overnight and that found nothing. CPU use dropped from min. 55% to min. 0%.
All sorted! (6 hours trying, though!)
October 14th, 2009, 11:41 AM
I had to register to make this post. Thank you so much to Big T on the first page. Avenger + MalwareBytes seems to have solved the issue. I feel so much better because I thought I had messed up a work computer. We're not supposed to use that computer for crap, and I made a stupid, unthoughtful, and lazy mistake when I was using it.
Anyways, thanks so much for your post and if anyone else has the same problem (can't get antispyware to load, UPC crap, etc) this thing definitely works. Thanks so much guys!
By CyberB0b in forum The Security Tutorials Forum
Last Post: August 15th, 2008, 11:07 AM
By cheyenne1212 in forum Microsoft Security Discussions
Last Post: July 24th, 2007, 03:30 PM
By alakhiyar in forum The Security Tutorials Forum
Last Post: December 17th, 2006, 10:31 AM
By Kamikaze Badger in forum The Security Tutorials Forum
Last Post: August 18th, 2004, 10:01 PM
By khakisrule in forum The Security Tutorials Forum
Last Post: July 10th, 2002, 02:34 PM