DRS Georgia

UAC (at least the new one) can be quite the PITA! If you have it more than likely Mbam won’t run and Gmer may not as well. Make sure to kill explorer.exe in task manager.

Here’s the first indication:

Removal steps:
0: Run full Gmer scan
1: Highlight all .text entries, right click, select restore code
This one actually had ~100 entries but I grabbed the screenshot after cleaning most of them
2: disable UAC process
3: Reboot
4: NOW KILL EXPLORER
5: run full Gmer scan again
6: Now you can delete the UACD.sys in the reg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys
This was my case. Check all control sets.

7: Now run Mbam

You may see


Ignore it – (hit OK)


Disable the service ( you won’t be able to get to them all)

Reboot

Run Gmer agin. You will get something like: NOW KILL EXPLORER!

Now you can delete the UACD.sys in the reg

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys

This was my case. Check all control sets.

Now run Malwarebytes Anti-Malware


WARNING: This may not work in every case, due to the fact that UAC is one of the faster evolving infections. This guide is a good starting point. Make sure that you find as much as you can on the infection.