uacinit.dll is a component of UACd.sys trojan/rootkit
This is an harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: uacinit
Filename: uacinit.dll
Command: %windir%\System32\uacinit.dll
Startup Type: Driver
Description: component of UACd.sys trojan (windowsclick.com hijacker)
How to remove: How to remove windowsclick.com redirect [UACd.sys trojan]
June 1st, 2009 at 4:37 pm
I can remove it, but when I restart my computer, windows will not start so I have to ‘restart with last known working configurations’, which reinstalls it. SO now I’m lost? Any way to remove it without removing needed windows components or whatever??
June 5th, 2009 at 12:30 pm
One of my clients had this problem and it was difficult to remove. First, I tried Malwarebytes and it recognized the files but couldn’t remove them. Other Antispyare programs were tried, but nothing worked to fix this problem. The obly thing that worked for me was ComboFix. After downloading it to an uninfected computer, make sure that you rename it to Combo-Fix.exe before executing it.
June 15th, 2009 at 9:49 am
I followed Bob’s advice above and used Combo-Fix.exe and it worked right away.
Thanks for the tip. This is a difficult one to remove.
June 20th, 2009 at 6:02 am
All hail ComboFix. As with Bob, Malwarebytes kept picking it up, and said it would delete on reboot, but nope, it kept coming back. I had to run ComboFix under a different filename (seems Combo-Fix.exe was getting blocked by the virus) but then we got going and now it’s history. Phew!
June 26th, 2009 at 12:32 pm
ComboFix is about the only thing I haven’t tried. This bugger is hard to get rid of. I haven’t used ComboFix because of all the warning about using it with the help of a professional. I’m ready to reinstall my OS. Should I try ComboFix first myself?
June 28th, 2009 at 9:04 pm
If removal instructions that linked above have not helped you then you can try Combofix or that is best, ask help at a Spyware removal forum.
July 2nd, 2009 at 4:02 am
I didn’t have any trouble using ComboFix. I’m by no means a ‘professional’ but got through it fine. If you’re prepared to reinstall your OS then definiately give it a crack first. It’s pretty much just a matter of following the prompts.
July 2nd, 2009 at 10:11 am
Just ran ComboFix on my wife’s laptop. Been in the biz for over 15 years (CCSP, CISSP, CCNA, MCSE, blah blah… you get the point) and honestly to remove this particular headache, it was pretty much self guided. It detected the presense of the UAC root kit right out of the gate and after a quick reboot, it removed it. I had been using an old copy of ERD 2002 to delete all the UAC files in the windows\system32 directory and Malwarebytes was deleting the SOFTWARE\UAC registry key bu I was missing the following:
c:\program files\sys
c:\windows\Installer\59ea7de.msi
c:\windows\system32\drivers\\17f90191.sys
c:\windows\system32\drivers\\UACtsdjoepappyltoi.sys
c:\windows\yoo_1244164377.exe
Word of caution: Let it do its thing! Do not do anything else while ComboFix is running, let it sit. If it appears that it is stuck or non-responsive, give it a chance to complete. Many thanks to the creator of ComboFix and very well done creator of UAC rootkit. A Gitmo waterboard for you, for your birthday this year.
July 3rd, 2009 at 4:36 am
I had the same problem with uacinit.dll. Malwarebytes’ Anti-Malware cleaned most of the things but then there was this files that couldnt be deleted after reboot. I found this forum and decided to try combofix. Worked perfectly after 2 or 3 reboots.
Thank´s for the help.
I hate virus and trojans. Mackintosh is much better on this. There´s no half of the problems that i have with windows.
Greetings
July 17th, 2009 at 5:34 am
This damn thing is a mother effer! Malwarebytes didn’t do the trick. If I can find my way back here I will give an update as to what fixed my particular problem. I am getting 3 audio clips that play together but at random times.
July 24th, 2009 at 11:04 pm
All sounds familiar, i tried EVERYTHING and was ready to format. The only thing stopping me was 8 gigs of pictures on the drive which i was trying to save, and yeah the DVD-RW was disabled. So that pretty much stuck me with fixing it. First run combofix.exe took care of the problem after a restart or 2.
July 25th, 2009 at 5:55 pm
Same here.
uacinit.dll.
MalwareBytes would run after being renamed, but didn’t fix it.
SuperAntispyware failed to run at all.
Boy this one is NASTY.
ComboFix worked after renaming it to Comb-Fix, and completely removed UACinit.dll, and 6 other files
that were related to it but stealthed
August 4th, 2009 at 11:36 pm
Man I’ve had a mother of a time with this sucker. It’s taken me 3 days to get back in business. It’s started with a Your’re In Danger message, mis-spelling intentional. Couldn’t run any of my malware / antivirus software, and a lot of other programs for that matter. I was able to get McAfee and Ad-Aware running, quarantined a ton of stuff, but couldn’t download updates and it was obvious on reboot that I still had some nasty little buddies on my box.
I read somewhere that I need malwarebytes, but couldn’t get malwarebytes to load on my system. I would click install and it would hourglass for a second and then quit. Same thing with SpybotS&D. Finally I changed the .exe to XXXX.exe on malwarebytes and got it to install and start up. It cleaned most of my system, however it could not delete UACinit.dll on reboot – – it kept appearing in future scans.
Anyways, I just ran ComboFix.exe and it appears to have worked. For those that haven’t run this program before, it takes awhile – be patient, it’s working! At least I think it was workking, and did work – only time will tell.
Let it be known that this rootkit changed all of my security settings, turned off my firewall, all sorts of crazy stuff. Go back and check all of your settings. I’ve read around that this thing can really hijack your system and that it’s tough to fully get rid of it – – hopefully this saves some other people several of the hours that I wasted on it..
August 22nd, 2009 at 5:58 pm
I worked on removing this animal for the past several days. I ended up using SuperAntispyware and ATF Cleaner. It wouldn’t run at first so I simply changed the name (similar to the combofix solution mentioned above). Here is a link to the solution:
http://www.bleepingcomputer.com/forums/topic227700.html
Solution:
Next run ATF and SAS:
From your regular user account..
Download Attribune’s ATF Cleaner and then SUPERAntiSpyware
, Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the \
August 22nd, 2009 at 6:01 pm
In addition:
I want to re-iterate that I had to change the name of the .exe SuperAntispyware executable before it would launch. Also, I brought both the Superantispyware and ATF Cleaners over to the corrupt machine on a thumb drive. Basically, I had to re-start in safe mode (F8) and then run the ATF Cleaner and then the SuperAntispyware. Before I did that though I had to figure out how to install the SuperAntispyware….that’s when I tried changing the name and it worked. I just used my own name.exe and it launched. I configured it per the instructions and then followed from there.
Good luck!
September 10th, 2009 at 1:23 am
COMBO FIX IS THE BOMB!
I’ve just finished trying to clean Personal Anti Virus off my computer and found that among the problems I encountered were ‘rootkit’ error symptoms.
1 Defragmenter wouldn’t work
2 I couldn’t install malwarebytes on my computer. It wouldn’t let me download and when I tried to install a copy off another machne…nothing happened. I ended up changing the executable name and that allowed me to run the program.
3 Malwarebytes detected uacinit.dll but couldn’t get rid of it. Combo fix did the job.
I ran Malwarebytes after cleaning with ComboFix and no further infections showed up. I checked Defragmenter and AVG and everything seems to be fine for now.
The ‘crypto’ Personal Anti Virus also stuffed up my Desktop settings…but that’s another story
Once again, BIG ups to you guys and ComboFix
February 13th, 2010 at 11:24 pm
Combofix is amazing!!!!!!!!! Fixed this problem with ease!