On the Welcome screen, click Scan & create log. UVK Scan screen will be displayed like the screenshot below:
In this section you can create a detailed log containing information about your system, all running processes, autorun entries, IE Toolbars, BHO and shell execute hooks, image hijacks, global context menus, all services and drivers, scheduled tasks, the windows uninstall list, the contents of system important folders, LSA providers blocked hosts and much more.
You can choose the areas you want to scan, and whether to verify file signatures or write the files MD5 hash by checking or un-checking the corresponding options.
However, If you choose not to verify the file signatures, UVK will check the Microsoft files based on the version resource info. This will reduce the scan time, but it doesn't ensure the authenticity of the file's publisher. We highly recommend to scan all areas and verify file signatures. After all, the complete scan will only take a few minutes.
If you leave Show file MD5 hash checked, UVK will generate the MD5 hash for all the scanned files. This will allow you to verify the authenticity of the files by submitting the MD5 hashes to VirusTotal using the Log analyzer.
If you leave Recent files checked, UVK will perform a research for recent files and write the ones that match the given criteria to the log.
The criteria is based on the file age and the search pattern. You can configure the file age in the input between Max and days.
e.g. If the Max file age is 30, UVK will write the files created within the last 30 days, and that match the given pattern.
The pattern is very easy to understand, the default is .exe|.dll|.com|.vbs|.cmd|.bat|.reg|.sys|.vbe, which makes UVK write all the executables, DLLs, vbs and cmd batch scripts, reg files and drivers found and having the selected file age to the log.
Several patterns must be separated by |. Wild cards are supported, like in AnivirusXp*|xxx_*.
Custom scans
UVK 2.4.1+ includes a new feature: Custom scans. This allows you to tell UVK to scan specific files, folders or registry entries, and write the corresponding information to the log. You can also tell UVK to submit one or more files MD5 hashes to VirusTotal, and write the results to the log.
This is very easy to do: You use Mode keywords like in the custom commands for the UVK scripts. Supported Mode keywords for the custom scans are: <Reg>, <Dir>, <File> and <VTReport>.
The <Reg> mode makes UVK export the registry entries in the keys you specify to the log. the registry entries will be exported in the same format as regedit. e.g. If you want to write the registry entries under HKCU\Software\UVK just use:
<Reg>
HKCU\Software\UVK
You can specify more than one registry key, like:
<Reg>
HKCU\Software\UVK
HKEY_CLASSES_ROOT\exefile
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
The <Dir> mode makes UVK write the contents of the folders you specify to the log. The info will be in the format: Mode | Path | Size | Description | MD5 hash | File signature. You can specify several folders, and use environment variables:
<Dir>
%Appdata%
%SystemDir%\Wbem
C:\Users
The <File> mode makes UVK write information about the files you specify to the log. Again you can specify several file paths and use environment variables. The info will be in the format: Mode | Path | Description | MD5 hash | File signature:
<File>
%SystemDir%\shell32.dll
%WinDir%\regedit.exe
The <VTReport> mode makes UVK submit the specified file's MD5 hash to VirusTotal, and write the result to the log. You can use this feature for several files, but only one file per line. Environment variables are supported. The info will be in the format: Mode | Path | VirusTotal result.
<VTReport>
%SystemDir%\shell32.dll
%WinDir%\regedit.exe
The results for the files in the example above can be something like this:
VtReport> | C:\Windows\system32\shell32.dll | VT
infection rate: 0/44 (0.0%)
<VtReport> | C:\Windows\regedit.exe | VT infection rate: 0/43 (0.0%)
The expression VT infection rate: 0/43 (0.0%) means the file has been analyzed by 43 anti-virus programs and all all of them said the fie was clean. If two programs had given a positive result, it would be VT infection rate: 2/43 (4.6%), and so on.
Note that the results from VT can take a while, depending on how overloaded the server is. VirusTotal is a very well known service, and used by millions of people, so be patient, and if it fails once, just try again.
You can combine several modes:
<Reg>
HKCU\Software\UVK
HKEY_CLASSES_ROOT\exefile
<Dir>
%Appdata%
%SystemDir%\Wbem
<File>
%SystemDir%\shell32.dll
%WinDir%\regedit.exe
<VTReport>
%SystemDir%\shell32.dll
%WinDir%\regedit.exe
Check Show Microsoft signed files in the report if you wish the report to show all the files. This will largely increase the number of lines in the log. This option is unchecked by default.
Click Browse if you wish to save the log under a different name or path. The default path is the current user's desktop and the default name is UVKlog.
When ready, click Start scan. A progress bar will show you details of the scan's progress.
When created, log will be automatically opened with the Log analyzer. You'll be able to find the log file at the location you chose for it to be created.
Click Analyze log to open the log with the Log analyzer, a text editor included with UVK and specially created to simplify searching for infected items on the log and create UVK scripts.
Click here to learn how the UVK log works.