UACd.sys Trogan / Winpc Virus Removal
(Originally Posted May 28, 2009)
Having run into this virus 4 or 5 times in the last 2 weeks at work, I figured I would post a how-to on how to remove. I have only seen this virus on XP machines, and to my knowledge, it only affects them. Let me know if it affect other machines and OSs as well.
*Note: This is the simplest way to remove this virus that Ive used. It does however take a level of skill. This is not recommended for beginners and requires an advanced set of technical skills.*
Symptoms:
- Programs like Spybot, Malwarebytes, Superantispyware, Windows Defender, etc. wont run or install. Youll double click, it looks like its trying to open, but nothing ever happens.
- Every time you try to search something on Google and click on the link of a result, itll redirect you to a site with the URL of www.windowsclick.com or something similar.
- Your computer will be slow and will freeze.
Removal:
Instead of playing around and trying to get programs to work and to remove it, use this trick instead.
1. First youll need a copy of a Windows XP CD.
2. Boot your computer to the XP CD. Let it boot to a blue screen and itll ask you if you want to repair your computer by pressing R. Press R on the keyboard.
3. Itll ask you what Windows installation you want to log onto, select the appropriate one. (Most likely 1.)
4. If it asks for an Administrator password, enter it in. If you dont know the password, chances are its blank so just press enter. If that still doesnt work, youll have to change or remove your administrator password.
5. Youll see a black window and if you are successfully logged in, you should see C:\Windows in white text.
Whats written in black is what is already there. Whats in red are the commands you have to enter.
C:\Windows cd system32
C:\Windows\system32 dir
(Now youll see a long list of a bunch of files. Scroll down to the U s. If you are indeed infected with the UACd.sys Trojan, you should see files named UAC*random characters*.dll. Write down on a piece of paper all of the files that begin with UAC including uacinit.dll. Make sure you right them down exactly as they are. Now you can scroll to the bottom and youll be back at the C:\Windows\system32″ prompt. Back to the commands.)
C:\Windows\system32 del UAC*random characters*.fileextension (If the file is named UACdsferskwufy.dll thats what you type in.)
If its successful, itll just go to a new line with C:\Windows\system32″
Repeat the del process with the rest of the files that you wrote down. Once you have deleted all of them. Run the dir command again and scroll to the Us and see if there are any UAC files left. If you have done everything correctly, there shouldnt be.
Once that is done, youll be back at a C:\Windows\system32″ prompt. Follow these commands.
C:\Windows\system32 cd drivers
C:\Windows\system32\drivers dir
Browse through the list till you come to UACd.sys Write this down so you dont forget it. Now browse to the end of the list and youll be back at the prompt.
C:\Windows\system32\drivers del UACd.sys
If its successful, itll go to a new line. You can then restart your computer by holding the power button or typing in exit. (Make sure to remove the CD so it doesnt boot to it again.)
Let it boot into Windows.
Once you are back into Windows, download Avenger.
Extract the file and run the Avenger program.
In the white text box, enter in this and run it.
Drivers to delete:
UACd.sys
Files to delete:
C:\WINDOWS\system32\wJQs.exe
It may ask to reboot, let it reboot your computer.
Now run the usual spyware/virus removal tools to take care of the rest. If you need any additional help, feel free to leave a comment below.
Having run into this virus 4 or 5 times in the last 2 weeks at work, I figured I would post a how-to on how to remove. I have only seen this virus on XP machines, and to my knowledge, it only affects them. Let me know if it affect other machines and OSs as well.
*Note: This is the simplest way to remove this virus that Ive used. It does however take a level of skill. This is not recommended for beginners and requires an advanced set of technical skills.*
Symptoms:
- Programs like Spybot, Malwarebytes, Superantispyware, Windows Defender, etc. wont run or install. Youll double click, it looks like its trying to open, but nothing ever happens.
- Every time you try to search something on Google and click on the link of a result, itll redirect you to a site with the URL of www.windowsclick.com or something similar.
- Your computer will be slow and will freeze.
Removal:
Instead of playing around and trying to get programs to work and to remove it, use this trick instead.
1. First youll need a copy of a Windows XP CD.
2. Boot your computer to the XP CD. Let it boot to a blue screen and itll ask you if you want to repair your computer by pressing R. Press R on the keyboard.
3. Itll ask you what Windows installation you want to log onto, select the appropriate one. (Most likely 1.)
4. If it asks for an Administrator password, enter it in. If you dont know the password, chances are its blank so just press enter. If that still doesnt work, youll have to change or remove your administrator password.
5. Youll see a black window and if you are successfully logged in, you should see C:\Windows in white text.
Whats written in black is what is already there. Whats in red are the commands you have to enter.
C:\Windows cd system32
C:\Windows\system32 dir
(Now youll see a long list of a bunch of files. Scroll down to the U s. If you are indeed infected with the UACd.sys Trojan, you should see files named UAC*random characters*.dll. Write down on a piece of paper all of the files that begin with UAC including uacinit.dll. Make sure you right them down exactly as they are. Now you can scroll to the bottom and youll be back at the C:\Windows\system32″ prompt. Back to the commands.)
C:\Windows\system32 del UAC*random characters*.fileextension (If the file is named UACdsferskwufy.dll thats what you type in.)
If its successful, itll just go to a new line with C:\Windows\system32″
Repeat the del process with the rest of the files that you wrote down. Once you have deleted all of them. Run the dir command again and scroll to the Us and see if there are any UAC files left. If you have done everything correctly, there shouldnt be.
Once that is done, youll be back at a C:\Windows\system32″ prompt. Follow these commands.
C:\Windows\system32 cd drivers
C:\Windows\system32\drivers dir
Browse through the list till you come to UACd.sys Write this down so you dont forget it. Now browse to the end of the list and youll be back at the prompt.
C:\Windows\system32\drivers del UACd.sys
If its successful, itll go to a new line. You can then restart your computer by holding the power button or typing in exit. (Make sure to remove the CD so it doesnt boot to it again.)
Let it boot into Windows.
Once you are back into Windows, download Avenger.
Extract the file and run the Avenger program.
In the white text box, enter in this and run it.
Drivers to delete:
UACd.sys
Files to delete:
C:\WINDOWS\system32\wJQs.exe
It may ask to reboot, let it reboot your computer.
Now run the usual spyware/virus removal tools to take care of the rest. If you need any additional help, feel free to leave a comment below.
Post Comment
Please Login to Post a Comment.
Ratings
Rating is available to Members only.
Please login or register to vote.
Please login or register to vote.
No Ratings have been Posted.