Web-Browser is being re-directed to windowsclick.com

At the danger of incurring the wrath of my buddy “Angry” Andy Parkes again by being too techie three blog posts in a row – we had an “interesting” problem reported by a client this morning that I thought I’d share.

Despite having a fully up-to date and working Trend Worry Free Business Security client in place, they’d “somehow” got themselves infected with what they thought was a virus.

We won’t investigate the events leading up to the “somehow” but instead concentrate on what effect the infection had on the laptop.

In a nutshell the problem was that Internet Explorer kept intermittently re-directing their web-browsing to the dodgy search engine web-site windowsclick(dot)com.

We advised the client we could deal with the problem, and so grabbed our AV tools and went to work. Except non of our usual toolkit did work – both Trend and Symantec didn’t find any infections during Live Scans, and every time we went to visit Windows Update, Trend or Symantec sites or run any other AV tools – nothing – the site or application simply failed to run at all. We got 404 Errors or simply no GUI appearing.

We’d normally turn to some live tools such as Bart’s PE to help kill the virus outside of an active Windows session, but in this case I was intrigued to what was happening to prevent any AV tools running.

A bit of research later and we found some reports of success using the tools provided by http://www.malwarebytes.org/ to clean this threat – and so off we went and grabbed a copy of their Anti-Malware application to see what it could find.

It installed ok on the infected laptop – but then failed to run, just like the other AV tools we had tried. So I tried something different – I renamed the Anti-Malware executable file slightly. Voila! This time the software loaded and allowed me to run an update, do a malware scan, find the baddies (in this case, a Virus called Rogue.XPPoliceAntiVirus) and remove them successfully.

So – I’m unsure whether any other tools would work in the same way, but in this particular case, simply installing Malwarebytes Anti-Malware and after installation re-naming the executable mbam.exe within C:\Program Files\Malwarebytes’ Anti-Malware (in this case to mbyam.exe) worked a treat!

And another addition to the AV Toolkit here at Netlink ITMalwarebytes’ Anti-Malware.

Advertisements

7 Responses to “Web-Browser is being re-directed to windowsclick.com”


  1. 1 Jeremy March 2, 2009 at 4:49 pm

    Your Client needs Comodo Internet Security. :PThough it probably is too demanding for him…

  2. 2 Brandon March 8, 2009 at 7:14 am

    Thank you very much for posting this! Saved me from trying to backup and reformat!

  3. 3 Richard March 8, 2009 at 9:06 am

    Brandon – you\’re welcome, glad it was of help!

  4. 4 matthew March 11, 2009 at 6:28 pm

    Well, thankyou,.Have had this windowsclick for a few days, and was drving me mad,and my dad. Have spent hours installing different things to sort it,,and trying to get good information,,,but mostly windowsclick shite would stop me all in my tracksm,.,.So have just found your blog,,and it all worked,..I had found out about the malwarebytes,…but not how to make it install and update and scan,..finally found loads of stuff,,and deleted the windowsclick UAC files on restart,..Great,,Thankyou ))))

  5. 5 Richard March 13, 2009 at 7:18 pm

    Matthew – appreciate you taking the time to leave feedback and glad the blog post was useful to you!

  6. 6 Unknown April 21, 2009 at 1:13 am

    Thank you, thank you, thank you!! Changing the name of the exe file worked and then found three dozen instances in a 10-minute scan. All were removed and the cpu works just fine. Gordon

  7. 7 Ben August 10, 2009 at 6:33 pm

    i\’m just scanning now, but this already found 7 things that none of my other scanners picked up..I LOVE YOU LOL…I shall report back when finished with the malwarebytes scan :p


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Archives

Tubblog on Twitter

LinkedIn

Enter your email address to subscribe to Tubblog and receive notifications of new posts by email.

Join 48 other followers

Microsoft Small Business Specialist Logo
Computer Weekly Blog Awards 2010 Logo
MSP Mentor 250 Logo
SMB 150 List Logo
International Association of Microsoft Channel Partners Logo
MyFreeCopyright.com Registered & Protected

%d bloggers like this: