How to fix a Web-Browser that is being re-directed to windowsclick.com

At the danger of incurring the wrath of my buddy “Angry” Andy Parkes again by being too techie three blog posts in a row – we had an “interesting” problem reported by a client this morning that I thought I’d share.

Despite having a fully up-to date and working Trend Worry Free Business Securityclient in place, they’d “somehow” got themselves infected with what they thought was a virus.

We won’t investigate the events leading up to the “somehow” but instead concentrate on what effect the infection had on the laptop.

In a nutshell the problem was that Internet Explorer kept intermittently re-directing their web-browsing to the dodgy search engine web-site windowsclick(dot)com.

We advised the client we could deal with the problem, and so grabbed our AV tools and went to work. Except non of our usual toolkit did work – both Trend and Symantec didn’t find any infections during Live Scans, and every time we went to visit Windows Update, Trend or Symantec sites or run any other AV tools – nothing – the site or application simply failed to run at all. We got 404 Errors or simply no GUI appearing.

We’d normally turn to some live tools such as Bart’s PE to help kill the virus outside of an active Windows session, but in this case I was intrigued to what was happening to prevent any AV tools running.

A bit of research later and we found some reports of success using the tools provided by http://www.malwarebytes.org/to clean this threat – and so off we went and grabbed a copy of their Anti-Malware application to see what it could find.

It installed ok on the infected laptop – but then failed to run, just like the other AV tools we had tried. So I tried something different – I renamed the Anti-Malware executable file slightly. Voila! This time the software loaded and allowed me to run an update, do a malware scan, find the baddies (in this case, a Virus called Rogue.XPPoliceAntiVirus) and remove them successfully.

So – I’m unsure whether any other tools would work in the same way, but in this particular case, simply installing Malwarebytes Anti-Malwareand after installation re-naming the executable mbam.exe within C:Program FilesMalwarebytes’ Anti-Malware (in this case to mbyam.exe) worked a treat!

And another addition to the AV Toolkit – Malwarebytes’ Anti-Malware.

Comments

  • Ben2009-08-10 18:33:57

    i'm just scanning now, but this already found 7 things that none of my other scanners picked up..I LOVE YOU LOL...I shall report back when finished with the malwarebytes scan :p

  • Unknown2009-04-21 01:13:58

    Thank you, thank you, thank you!! Changing the name of the exe file worked and then found three dozen instances in a 10-minute scan. All were removed and the cpu works just fine. Gordon

  • Richard2009-03-13 19:18:12

    Matthew - appreciate you taking the time to leave feedback and glad the blog post was useful to you!

  • matthew2009-03-11 18:28:26

    Well, thankyou,.Have had this windowsclick for a few days, and was drving me mad,and my dad. Have spent hours installing different things to sort it,,and trying to get good information,,,but mostly windowsclick shite would stop me all in my tracksm,.,.So have just found your blog,,and it all worked,..I had found out about the malwarebytes,...but not how to make it install and update and scan,..finally found loads of stuff,,and deleted the windowsclick UAC files on restart,..Great,,Thankyou ))))

  • Richard2009-03-08 09:06:49

    Brandon - you're welcome, glad it was of help!

  • Brandon2009-03-08 07:14:45

    Thank you very much for posting this! Saved me from trying to backup and reformat!

  • Jeremy2009-03-02 16:49:21

    Your Client needs Comodo Internet Security. :PThough it probably is too demanding for him...

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend