How to remove windowsclick infection




Tagged Under : , , ,

Version: 39.2
Revision: 46 Build 154

How to remove windowsclick infection

Introduction: this malware had infected my machine and I didn’t notice it. But, when I was surfing Google website with Firefox, the links had redirected my current website to a nasty website that served fake anti-virus.

Right, lets get to work and get this out of your system before it is too late!

1.] Download these software with “Firefox” and save it to your C:/ drive.

Important: please look at ComboFix procedure if everything else fails.
After the repair, please follow this guide, again, for a complete scan and removal.

Notes: if you’re using Firefox as your main – browser, you’ll need to right – click and open a new tab. If you don’t, the actual malware will redirect you to a new link.
————————-
Avira Free Edition: http://www.avira.com/en/pages/index.php
Mirror: http://filehippo.com/download_antivir/

ComboFix: http://www.combofix.org/
Mirror: http://subs.geekstogo.com/ComboFix.exe
Mirror: http://www.forospyware.com/sUBs/ComboFix.exe
Mirror: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

SpywareTerminator: http://spywareterminator.com

CCleaner: http://filehippo.com/download_ccleaner/
————————–

Part One: remove Trojan.Agent.RL and RKIT/TDss.eyj.xxx
————————–
2.] Install SpywareTerminator and Avira.
3.] Update their database.

Notes: if you encounter an error with SpywareTerminator Shield, please ignore it and use the scanner…

4.] Do a “Quick Scan” (Fast Spyware Scan) with SpywareTerminator.
5.] Remove all infected files and this file: CmdLineExt03.dll
6.] Exit Spywareterminator and click on Avira Anti-Virus. The application is located on your window’s taskbar (red umbrella icon).
7.] Double click on the application and select: Local Protection >> Scanner >> Rootkit Search
8.] Select all available drive and run the scan…

Notes: if the application asked you for permission, just select “Quarantine” and continue.

Similar Infected file…
————————–
c:\windows\system32\uacrvkuvdgg.dll
c:\windows\system32\drivers\uaccseutoro.sys
————————–

9.] When Avira finished removing the following “backdoor-rootkit” infection, just click no and cancel the reboot operation…

10.] Right click on Avira and disable “AntiVir Guard”.

Advice: press Crtl + Alt + Del to bring up the process menu. After that, just select the second tab and look this processes: Avguard.exe. But, don’t worry about the errors…its only for ComboFix procedure…

Notes: leave your internet connection as “Enable” for ComboFix.exe
————————–

Part Two: remove UACcseutoro.sys and acovcnt.exe
————————–
11.] Make a folder in your C:/ drive.
12.] Drag your ComboFix into that folder and rename it as: FixCombo.exe.

Notes: if it doesn’t work, please use this method for execution!
————————–
Right click on the actual link and click: “Save Link As”. After that, you’ll need to rename the file into one of these names. However, if that doesn’t work, just make it up…

Renamed files: tool.exe | Fixfile.exe | toolb.exe | FixCombi.exe | FixCombo.exe

13.] Execute the application.
14.] ComboFix will warn you if you haven’t disable Avira. But, click Ok if you already disable Avira’s Shield.
15.] The scanner will trigger another box which contains a list of infected files. The list will look like this…
Notes: I’ve put two different list. This is because, the malware can change its name with random characters. But, they can be detected by combofix without any problems…

c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\UACcseutoro.sys
c:\windows\system32\UACalwoglkx.dll
c:\windows\system32\UACbdkqyjia.log
c:\windows\system32\UACktlsummn.log
c:\windows\system32\UACndsuqqrv.log
c:\windows\system32\UACplaqlmxs.dat
c:\windows\system32\UACrvkuvdgg.dll
c:\windows\system32\UACtfiwcpqk.dll
c:\windows\system32\UACwkmlpjat.dll
——————————————————————-
c:\windows\system32\drivers\UACtnfmndkx.sys
c:\windows\system32\tmp67.tmp
c:\windows\system32\UACblevabwi.log
c:\windows\system32\UACefnatakr.dll
c:\windows\system32\UACfsaprdmv.dll
c:\windows\system32\UACkjfmxcxi.dll
c:\windows\system32\UAClwnqcbve.dat
c:\windows\system32\UACnfwquyvx.log
c:\windows\system32\UACrjghjnnw.log
c:\windows\system32\UACsdntxukq.dll
c:\windows\temp\uac52f0.tmp

17.] After the scan, it will ask you to reboot your computer.
All you need to do is click the “Ok” button or hit the “Enter” key (on your keyboard).

18.] At the next reboot, just don’t touch anything and let it remove these pest!
The files which will be remove are shown on combofix…
————————–
c:\documents and settings\Userfolder\Application Data\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\AutoUpdateWin31.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\UACcseutoro.sys
c:\windows\system32\UACalwoglkx.dll
c:\windows\system32\UACbdkqyjia.log
c:\windows\system32\UACktlsummn.log
c:\windows\system32\UACndsuqqrv.log
c:\windows\system32\UACplaqlmxs.dat
c:\windows\system32\UACrvkuvdgg.dll
c:\windows\system32\drivers\UACtnfmndkx.sys
c:\windows\system32\tmp67.tmp
c:\windows\temp\uac52f0.tmp
c:\windows\system32\UACblevabwi.log
c:\windows\system32\UACefnatakr.dll
c:\windows\system32\UACfsaprdmv.dll
c:\windows\system32\UACkjfmxcxi.dll
c:\windows\system32\UAClwnqcbve.dat
c:\windows\system32\UACnfwquyvx.log
c:\windows\system32\UACrjghjnnw.log
c:\windows\system32\UACsdntxukq.dll
c:\windows\system32\UACtfiwcpqk.dll
c:\windows\system32\UACwkmlpjat.dll
K:\Autorun.inf
————————–

19.] When everything is cleared and dusted, you’ll need to wait for a while.
This is because; the application is generating a ‘Log.txt’ file about ComboFix removal process.

20.] Install CCleaner and clear your Internet Explorer + Firefox temporary files and internet system cache.

Part Three: remove ComboFix.exe from your computer
————————–
21.] Click Start >> Run >> Type: Combofix /u
22.] Click Ok or press “Enter” on your keyboard
23.] Disable your System Restore and re-enable it…

Click Start >> Control Panel >> System >> System Restore

24.] Exit “System Properties” and go to “Microsoft.com” for new updates to block these threats from killing your computer…

Alternative method to remove “windowsclick” if your PC is seriously infected…
————————–
1.] Insert your Windows XP disk into your CD-ROM drive.
2.] Wait for it to load and press: ‘R’ to boot into the recovery console.
3.] When the console is ready, press 1 if you only have one “Windows XP” installation on the harddrive, After that, just hit “Enter” (without the quotes).
4.] Type in the “Administrator’s” password and hit “Enter” (without the quotes).
5.] Now, you’ll need to type this command: listsvc and press “Enter” on your keyboard.
6.] Look for a svc called: UACD.sys / UACd.sys
7.] Press “ESC” to stop listing and go back to ‘cmd’ prompt.
8.] Now, all you need to do is type this: “disable UACd.sys” (without quotes).
9.] Exit recovery console – don’t forget to take your XP CD out and reboot the computer.
10.] Go back to stage “ONE” and remove this idiot virus!

Copyrighted By Lair360

Posted by admin in Virus Removal | No Comments | Read more