|
How to remove
windowsclick.com hijacker |
|
Description of
windowsclick.com hijacker |
|
This malware redirect your internet browser to the
website windowsclick.com. The redirection occurs randomly, it can
redirect you at the moment when your internet browser is open or
during your surfing internet, usually a new tab opened with the
windowsclick.com in address bar. |
|
|
|
Objects of windowsclick.com
hijacker |
|
This malware installs a driver starting itself before user login. After user login, the driver object hides its driver key and executable file from win32 API so it is hard to detect it by common method.
- Add a driver key under registry:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services", in most infected case, the driver key is "UACd.sys". You may see the key through regedit.exe but you cannot see the details of the key.
- Add an executable file in %SystemDirectory%, %SystemDirectory% is your system folder, usually it is C:\Windows\System32, in most infected case, the
executable file name is "wJQs.exe OR UAC%random_characters%.sys", you can't find it using Windows explorer because it is hidden from win32 API.
|
|
|
|
How to remove windowsclick.com hijacker (toatally FREE) |
|
Run TheStubware scanner, after the scan is completed, the
windowsclick.com hijacker objects can be found in this section :
- Rootkit : UACd.sys=\systemroot\system32\drivers\UAC%random_characters%.sys
If you find this item, check it and click "Fix selected" button, then you need to restart Windows.
|
|
|
|
What if I can't find this item but still have the malware ? |
|
- Open "notepad" from "Start -> Run -> notepad"
- Copy and paste the following text into the notepad and save it on your desktop or any other place you can easily find it
<RSF>
<SERVICE>UACd.sys</SERVICE>
<FILE>C:\WINDOWS\system32\drivers\wJQs.exe</FILE>
</RSF>
- Launch "TheStubware", drap and drop the text file you saved just now into "TheStubware" window
- "TheStubware" will run the removal automatically, in most case, it will prompt you to reboot Windows to finish the removal
|
|
|
|
What if I still have the malware after finishing the above instructions? |
|
Your computer may get infected by a new variant. The new variant may use different method to hide itself, but don't worry, you can run the scanner first, after the scan is done, click "View Log" button, then send your log file to me for anylasis. You can submit your log file to technical support forum or send it in email to : support@TheStubware.com. After your log file is received, you will be sent a customizing removal to remove this malware.
|
|
|
|
1 Comments |
|
|
|
Leave your comment :
|
|
|
