|
To easily create an UVK
script, or the custom commands use the Log analyzer.
It inserts the mode headers in one click, allows drag an drop to
create file and folder paths, and automatically creates scripts to
perform full system maintenance and repair.
The syntax for multiline
commands is:
Mode
Command 1
Command 2
And so on...
The
Mode is the keyword of
multiline commands. It's on the top of a sequence
of lines and tells UVK to do the same action to the lines below
until the mode is changed to a different one, or the end of the
script is reached. For single line commands
you just have to enter the command tag followed by its parameters
(if the command uses parameters, of course.)
The table below shows
all available modes and commands.
Click the name for more details.
|
Mode/command |
Description |
|
<UVKCommandsScript> |
String required in the
first line of a UVK script. |
|
<Comment> |
Use this mode to write
some comments in your script. |
|
<Sleep>[seconds] |
Pauses the sript for
the given name of seconds. This is a single line mode. |
|
<Reg> |
Run
the regedit code in the lines below. |
|
<Delete> |
Move the
files and folders in the paths below to the recycle bin. |
|
<SDelete> |
Delete the
files and folders in the paths below. |
|
<ReplaceFile> |
Replace or copy one or
several files. The replaced file is moved to the recycle
bin. |
|
<SReplaceFile> |
Replace or copy one or
several files. The replaced file is definitely deleted. |
|
<Run> |
Run the executable files
in the paths below. Command
line switches are allowed. |
|
<RunWait> |
Same as
<Run>, but waits until the application closes to continue. |
|
<KillProcess> |
Kill the processes
corresponding to the paths below. |
|
<Download> |
Download files from
the internet and save them to the hard drive. |
|
<CmdScript> |
Run the cmd batch
code writen in the lines below as administrator. |
| |
|
|
<ImunizeSystem> |
Immunize/un-immunize
one or more areas of the system. See
UVK Immunization. |
| |
|
|
<FixInstallProblems> |
Repair installation
problems. This
is a single line mode. |
|
<FixWMIAndSR> |
Repair the WMI and the System restore. |
|
<FixWindowsUpdate> |
Enable and repair
Windows update.
This is a single line mode. |
|
<FixWindowsSidebar> |
Repairs Windows
sidebar. Single line mode. Parameter 1 = Keep current
settings |
|
<FixWindowsFirewall> |
Enable, repair and
reset the Windows firewall. |
|
<FixIEAndWindowsShell> |
Enable, repair and
reset the Windows firewall. |
|
<FixShortcutsUrlsProtocols> |
Fix desktop and
internet shortcuts, and protocols.
This is a single line mode. |
|
<FixUserDesktop> |
Repair the curent
user's desktop if it's not working. |
|
<FixEventSystemService> |
Repair the EventSystem
service and other associated services. |
|
<FixSubSystemsKey> |
Fix the HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems key |
| |
|
|
<EnableAutoplay> |
Enable Autoplay
feature for all drives.
This is a single line mode. |
|
<DisableAutoplay> |
Disable Autoplay
feature for all drives.
This is a single line mode. |
|
<EnableAdminAccount> |
Enable the hidden
Administrator account. |
|
<DisableAdminAccount> |
Disable the hidden
Administrator account. |
|
<ResetIEAndInternet> |
Reset IE and Internet
settings to defaults.
This is a single line mode. |
|
<ResetHostsAndDns> |
Reset hosts file and
DNS cache to defaults.
This is a single line mode. |
|
<ResetIPWinsockProxy> |
Reset the IP, winsock
and proxy settings to the defaults. |
|
<ResetSecuritySettings> |
Reset
the registry and NTFS security settings using the windows
api. |
|
<ResetPermissionsSecedit> |
Reset
the registry and NTFS security settings using secedit.exe. |
|
<ResetGroupPolicy> |
Reset the group policies in gpedit.msc
and the registry. |
|
<ResetUserShellFolders> |
Reset the group policies in gpedit.msc
and the registry. |
|
<EmptyBrowsersCache> |
Empty the cache for
all installed internet browsers. |
|
<DeleteBrowsersCookies> |
Delete the cookies for
all installed internet browsers. |
|
<CleanAllUsersTemp> |
Empty the temporary
folders for all users. |
|
<FreePhysicalMemory> |
Release physical memory used by the
applications. |
|
<DefragAndOptimize> |
Defrag and
optimize the hard drives to improve performance and boot
time. |
| |
|
|
<UpdateDirectX> |
Update the DirectX in
unattended mode. |
|
<UpdateJava> |
Update Java in
unattended mode. |
|
<UpdateFlash> |
Update the flash
player activeX and plugin in unattended mode. |
|
<InstallNetFramework> |
Install the non
installed versions of .NET Framework in unattended mode. |
| |
|
|
<MBAMScan> |
Perform an unattended Malwarebytes' AntiMalware scan.
Removed in v4.1 |
|
<SASScan> |
Perform an unattended SuperAntiSpyware scan. Removed in v4.1 |
|
<HitmanProScan> |
Perform an unattended Hitman Pro scan. Removed in v4.1 |
|
<TDSSKillerScan> |
Perform an unattended Kaspersky TDSS Killer scan. Removed in
v4.1 |
| |
|
|
<KillNonTrustedProcesses> |
Kill non trusted
processes. Stop malware activity and keep trusted processes
active. |
|
<KillNonSystemProcesses> |
Kill all non system
processes. Use to stop malware activity. |
|
<KillNonCriticalProcesses> |
Kill all non critical
processes. Use to free system resources. |
|
<StopNonMsServices> |
Stop all non Microsoft
services. Use to stop malware activity or detect conflicts. |
| |
|
|
<RegisterSystemDLLs> |
Register all Microsoft
DLLs is System32 folder |
|
<ScheduleChkDskOnReboot> |
Schedule CHKDSK to
check the system drive on next reboot. |
|
<UnlockFileExtensions> |
Unlock the file
extensions registry entries, allowing them to be changed. |
|
<FileExtension>
| All |
Fix one or several
file extensions:
.exe, .msi, .reg, .bat, .cmd and .com. |
|
<ProtectFileExtensions> |
Lock
the file extensions registry entries, preventing them from
being changed. |
|
<RunScfScan> |
Run the system
protected resources scan. |
|
<EnableUAC> |
Enable the User
account control (only Vista, Server 2008 and Windows 7). |
|
<DisableUAC> |
Disable the User
account control (only Vista, Server 2008 and Windows 7). |
|
<UnhideUserFiles> |
Unhide all user's
files and folders if they've been hidden by malware. |
|
<RebuildIconCache> |
Fix the icons if the
Windows explorer doesn't display them properly. |
|
<DeleteAllRestorePoints> |
Delete all the existing restore points. |
|
<CreateRestorePoint> |
Create a system
restore point named UVK Fix.
This is a single line mode. |
| |
|
|
<Reboot> |
Reboot the computer
after running the script. |
|
<Shutdown> |
Shutdown the computer
after running the script. |
The Mode
lines can have up to six white spaces before the mode string,
but the commands under the mode can only contain the
command string. Blank
lines are ignored.
UVK
supports all
Windows environment variables like %windir%, %systemroot%, %userprofile%,
%temp%,
%systemdrive%, %allusersprofile%, %programfiles%, %comspec% and %appdata%
(all case insensitive).
We also
added support for six
more variables to simplify writing common paths (case insensitive):
| %UVKDir% |
Path to UVK installation
folder (added 02/03/2011 on version 1.1.1.317) |
| %LocalAppData% |
Path of Local Application
Data (added 02/03/2011 on version 1.1.1.317) |
| %Desktop% |
Path of current user's
desktop. |
|
%MyDocs% |
Path of
current user's documents folder. |
|
%CommonDocs% |
Path of
common documents folder. |
| %SystemDir% |
Path of system32 folder
under %Windir%. |
These variables are
supported in all modes except <Reg>.
This may
seem complicated at first sight but it's very simple. I'll explain
in detail:
<Comment>
This mode allows you
to write comments in your script, explaining what it does and how it
works. The lines under the <Comment> Mode will be ignored by UVK and
you can use this mode anywhere in the script. Example:
<Comment>
This script will defragment the
system drive and clear the hosts file.
Note that this can take long time,
depending on several factors.
<RunWait>
%comspec% /c echo 127.0.0.1
localhost>%systemdir%\drivers\etc\hosts
%SystemDir%\defrag.exe %SystemDrive%
/v
Back to the list
<Sleep>[seconds]
This mode allows to
pause the script for a given number of seconds. The number of
seconds must be right after the mode string. Example:
<Comment>
The command below will pause the
script for five seconds:
<Sleep>5
Back to the list
<Reg>
Let's say
you want to set the registry value QuickEdit under the key
HKEY_CURRENT_USER\Console to 1
and delete the key HKEY_CURRENT_USER\Software\SoftName. You
should then type or paste:
<Reg>
[HKEY_CURRENT_USER\Console]
"QuickEdit"=dword:00000001
[-HKEY_CURRENT_USER\Software\SoftName]
You will
note that it's the same format regedit uses to export registry
entries. That's the idea!
You can
export keys from another computer using regedit and then use UVK to import them to
the infected pc.
To
delete a registry key use use a "-" before the key's name. e.g.:
[-HKEY...]
To
delete a registry value use "=-" after the value's name. e.g.: "ValueName"=-
Back to the list
<Delete>
and <SDelete> <Delete> is used
to delete files and folders and it's very
simple: You only have to insert lines with the paths of the files or
folders you want to delete under the mode line. You can use multiple paths
under the same mode line, but only one
path per line. The deleted files will be moved to the recycle bin,
for possible recovery.
<SDelete>
is similar to <Delete>,
except the files and folders will be definitely deleted, instead of
moved to the recycle bin. <SDelete>
can sometimes be more effective, but doesn't allow to recover the
deleted files.
When deleting files, don't forget to enter the extension.
If the files or folders cannot be deleted immediately, they will be
blocked, and scheduled to be deleted on the next reboot.
Example:
<Delete>
%desktop%\File name.exe
%ProgramFiles%\Folder Name
<SDelete>
%appdata%\FolderName
C:\Folder Name\FileName.txt
In this mode you
don't have to use double quotes for paths with spaces.
Back to the list
<ReplaceFile>
and <SReplaceFile>
These modes can be used
to replace a file with another file. If the file is locked, it will
be replaced on reboot. The first given file doesn't have to exist,
meaning these commands can also be used to copy files.
The difference
between these two modes is that <ReplaceFile>
moves the file to be replaced to the recycle bin before replacing
it, while <SReplaceFile>
deletes the file definitely.
Why the two modes?
Because you will never be able to replace system files like
shell32.dll or kernel32.dll with <ReplaceFile>.
But with <SReplaceFile>,
you don't even have to reboot to replace them, thanks to a special
technique which I won't explain here to avoid hackers to use it.
Usage :
<ReplaceFile>
Path of the file to be replaced (destination
file) | Path
of the file to replace with (source file).
Example:
<SReplaceFile>
%SystemDir%\urlmon.dll | %SystemDir%\dllcache\urlmon.dll
Back to the list
<Run> and <RunWait>
Either
one of these two modes executes files. The difference is that <RunWait>
executes an application and waits until it closes to step to next
command. <Run> executes the file and continues immediately.
You can use the one that best fits the action you want to perform.
Parameters with spaces need to be enclosed in quotation marks.
Exemple:
<Run>
%comspec% /c copy /y
%systemdir%\FileName.dll "%Desktop%"
%desktop%\My program.exe "My params"
<Runwait>
%windir%\regedit
Back to the list
<KillProcess>
With this mode you can
kill one or several processes based on the process executable path.
Since
Windows doesn't have a native tool to do this job, this mode will be
very useful to kill processes with the same name as system files
like csrss.exe, svchost.exe or winlogon.exe, etc.
e.g. If you killed a
trojan's process which
parent executable is %appdata%\svchost.exe using the command
%comspec% /c taskkill /f /im svchost.exe your computer would
shutdown immediately because you also killed system critical
processes svchost.exe.
The commands in the
example below will kill the process %appdata%\svchost.exe and
restart Windows explorer:
<KillProcess>
%windir%\explorer.exe
%appdata%\svchost.exe
<Run>
%systemroot%\explorer.exe
With this mode you don't need
to enclose
paths in double quotes even when they have white
spaces.
If there are several
processes with the same path, they all will be killed.
Back to the list
<Download>
This mode can be very
useful if your browser is infected and you can't download an
antivirus or anti-spyware program, or if you want to automatically
download and run a file in a specific part of a script.
The syntax for this mode
is:
Url of the file to download | Path to
save the file on the hard disk.
As you can see in the
example below, the url is separated from the destination path by " |
". This separator is very important and it must always be a vertical
bar (|) with only one space on each side:
<Download>
http://www.carifred.com/uvk/UVKSetup.exe
| %MyDocs%\UVKSetup.exe
http://www.carifred.com/uvk/UVKPortable.exe | %Desktop%\UVK.exe
<Run>
%MyDocs%\UVKSetup.exe
Back to the list
<RegisterSystemDLLs>
Register all system dlls is a unique
UVK feature that can solve many problems related to the Windows
explorer, Windows update, missing services, installation problems,
runtime errors, missing windows features, system working too slow
and many other problems.
This is a standalone command. No other
lines are required. Example:
<Comment>
This script will register all system dll's
<RegisterSystemDLLs>
Back to the list
<CmdScript>
This mode allows you to integrate one
or several cmd batch scripts on the UVK script code. UVK will run
the script with administrator privileges. Example:
<Comment>
This script will
empty the temp folders and defragment the hard drives.
<CmdScript>
@echo off
rd /s /q "%temp%"
rd /s /q "%windir%\temp"
if not exist "%temp%" md "%temp%"
if not exist "%windir%\temp" md "%windir%\temp"
for %%i in (C D E F G H I J K L M N O P Q R S T U V) do if exist "%%i:\System
Volume Information" defrag %%i: /v
exit
Back to the list
<ImunizeSystem>
Immunizes or
un-immunizes one or more areas. For more information see UVK Immunization.
The syntax for this
command is <ImunizeSystem>[Area number 1]|[Area
number 2]|[Area
number n]|AllUsers.
Using this command
without parameters will make UVK un-immunize any
previously immunized areas.
The area numbers
must be separated by a vertical bar (|).
Available areas
and corresponding numbers are:
0 - Autorun
entries.
1 - Startup and tasks folders.
2 - Winlogon entries.
3 - RunOnce entries.
4 - RunServices entries.
5 -
RunServicesOnce entries.
6 - Group policies.
7 - Lsa
providers.
8 - Hosts file.
9 - Image Hijacks.
10 - Driver
files.
11 - SubSystems key.
12 - Browser helper objects.
13
- Url search hooks.
14 - Main IE entries.
15 - IE toolbars and
search.
16 - Internet settings.
17 - Explorer registry
entries.
18 - Shell execute hooks.
19 - Desktop registry
entries.
20 - Start menu.
Using
AllUsers at the end of the command will make UVK set the
immunization for all the local users. This feature is only available
for the users who bought a UVK branding key.
Examples:
The example below
will immunize the Autorun entries, Winlogon entries,
IE toolbars and
search and the Start menu areas:
<ImunizeSystem>0|2|15|20
The example below
will immunize the recommended areas for all users:
<ImunizeSystem>0|1|2|4|6|7|8|9|11|12|13|14|15|16|18|19|AllUsers
The example below
will un-immunize any previously immunized areas:
<ImunizeSystem>
Any previously
immunized areas not specified in the new command will be
automatically un-immunized:
Back to the list
<UnlockFileExtensions>
Grants access to the
registry keys corresponding to the following file extensions: .exe, .reg, .msi, .bat, .cmd, .com
and .vbs.
This can be useful if
you have locked the file extensions with the command <ProtectFileExtensions>.
Example:
<UnlockFileExtensions>
Back to the list
<FileExtension>
Fixes one or several
file extensions. Supported extensions are: .exe, .reg, .msi, .bat,
.cmd, .com and .vbs.
Usage:
<FileExtension> | Extension
Extension
is the file extension to fix, including the dot. If you use All
instead of a file extension, then all seven file extensions will be fixed.
Examples:
<FileExtension> |
.msi
<FileExtension> |
All
Back to the list
<ProtectFileExtensions>
Protects the
following file extensions from being changed: .exe, .reg, .msi, .bat,
.cmd, .com and .vbs.
This can be an
important step on the malware protection techniques, considering the
number of modern malware that affect these file extensions.
Example:
<ProtectFileExtensions>
Back to the list
<FixInstallProblems>
This command fixes
the most common problems related to software
installation. It repairs Windows installer, the %appdata%
environment variable, empties and repairs the temporary folders.
Example:
<Comment>
This script will fix installation problems.
<FixInstallProblems>
Back to the list
<EnableAutoplay>
This command enables Windows autoplay function for all drives.
Example:
<Comment>
This script will enable autoplay for CD/DVD and
USB drives.
<EnableAutoplay>
Back to the list
<DisableAutoplay>
This command disables Windows autoplay function for all drives.
Example:
<Comment>
This script will disable autoplay for all drives.
<DisableAutoplay>
Back to the list
<FixWindowsUpdate>
This command repairs and enables
Windows Update. It can be used anywhere in the script. Example:
<FixWindowsUpdate>
Back to the list
<ResetHostsAndDns>
This command resets
hosts file to its defaults and flushes DNS. It can be used anywhere
in the script. Example:
<ResetHostsAndDns>
Back to the list
<FixWindowsSidebar>
This command fixes
the windows sidebar. Using 1 right after the command will keep the
current Windows sidebar settings (the gadgets on the desktop, their
positions, etc). If you don't want to keep these settings, just
delete the 1. This will increase the success probabilities of the
fix. Examples:
<Comment>
This script will fix the Windows sidebar and keep
the current settings:
<FixWindowsSidebar>1
======= // =======
<Comment>
This script will fix the Windows sidebar and
delete the current settings:
<FixWindowsSidebar>
Back to the list
<FixWindowsFirewall>
This command fixes,
enables and resets the windows firewall to the defaults. Example:
<Comment>
This script will reset and fix fix the Windows
firewall:
<FixWindowsFirewall>
Back to the list
<FixIEAndWindowsShell>
This command will
repair possible Windows shell hijacks and register the files needed
for it to work properly. Example:
<Comment>
This script will repair the Windows shell:
<FixIEAndWindowsShell>
Back to the list
<FixWMIAndSR>
Sometimes the WMI is
corrupted, which also prevents the system restore from working. This
command will fix both the WMI core and the system restore service. Example:
<Comment>
This script will
repair the WMI and the system restore:
<FixWMIAndSR>
Back to the list
<ResetIEAndInternet>
This command resets Internet explorer
settings and Windows internet settings to their defaults, meaning
these settings will be set as if you had just created a new user.
Example:
<ResetIEAndInternet>
Back to the list
<FixShortcutsUrlsProtocols>
This command repairs the desktop and
internet shortcuts file extensions and associations, and also
restores the registry keys for the internet protocols to their
defaults. Example:
<FixShortcutsUrlsProtocols>
Back to the list
<DeleteAllRestorePoints>
This command deletes all existing
system restore points. Example:
<DeleteAllRestorePoints>
Back to the list
<CreateRestorePoint>
This command creates a restore point
named UVK Fix. Creating a restore point before running
the commands is already part of UVK's interface, but this command
gives the option to create a restore point in a specific part of the
script or after executing all the commands. Example:
<CreateRestorePoint>
Back to the list
<EmptyBrowsersCache>
This command empties the cache for
all the installed internet browsers. Supported browsers are: Internet
Explorer, Mozilla Firefox, Google Chrome, Opera and Safari.
Example:
<EmptyBrowsersCache>
Back to the list
<DeleteBrowsersCookies>
This command deletes the cookies for
all the installed internet browsers. Supported browsers are: Internet
Explorer, Mozilla Firefox, Google Chrome, Opera and Safari.
Example:
<DeleteBrowsersCookies>
Back to the list
<ResetSecuritySettings>
This command resets the registry and
ntfs security settings to their defaults using the Windows Api
functions. Use it when you have issues related to file or registry
access.
Example:
<ResetSecuritySettings>
Back to the list
<ResetPermissionsSecedit>
This command resets the registry and
ntfs security settings to their defaults using secedit.exe. Use it when you have
permissions problems when installing updates or other software.
Example:
<ResetPermissionsSecedit>
Back to the list
<ResetGroupPolicy>
This command resets the local group
policies to their defaults.
The fix will take effect not only for the policies configured with
gpedit.msc, but for the ones configured directly in the registry.
Example:
<ResetGroupPolicy>
Back to the list
<ResetUserShellFolders>
This command will reset the registry
entries for the User Shell Folders key (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders).
Example:
<ResetUserShellFolders>
Back to the list
<ResetIPWinsockProxy>
This command resets the local IP,
Winsock and proxy settings to the defaults.
Example:
<ResetIPWinsockProxy>
Back to the list
<EnableAdminAccount>
This command will enable the hidden
admin account.
Example:
<EnableAdminAccount>
Back to the list
<DisableAdminAccount>
This command will disable the hidden
admin account.
Example:
<DisableAdminAccount>
Back to the list
<RebuildIconCache>
This command will recreate the icon
cache database. Use it when the icons aren't displaying properly in
the Windows explorer.
Example:
<RebuildIconCache>
Back to the list
<EnableUAC>
This command will enable the user
account control. This option is only valid for Vista or newer
Windows versions.
Example:
<EnableUAC>
Back to the list
<DisableUAC>
This command will disable the user
account control. This option is only valid for Vista or newer
Windows versions.
Example:
<DisableUAC>
Back to the list
<FixUserDesktop>
This command will
enable the corrent user's desktop, the icons displaying and the
context menu.
Example:
<FixUserDesktop>
Back to the list
<FixEventSystemService>
Use this command if you can no longer
login to your account, or when you log in, the system account is
used instead of yours. Note: This fix is not available on Xp.
Example:
<FixEventSystemService>
Back to the list
<FixSubSystemsKey>
Some malware hijack the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
registry key. This fix will repair it.
Example:
<FixSubSystemsKey>
Back to the list
<UnhideUserFiles>
This command will unhide the user's
files and folders. Use it if malware has hidden them. system files
and folders like
the AppData, Recent, or the Start menu folders, and the desktop.ini,
thumbs.db, index.dat or user.dat* files, etc. won't be unhidden.
Example:
<UnhideUserFiles>
Back to the list
<UpdateDirectX>
This command updates the DirectX in
unattended mode. Example:
<UpdateDirectX>
Back to the list
<UpdateJava>
This command updates Java in
unattended mode. Example:
<UpdateJava>
Back to the list
<UpdateFlash>
This command updates the Flash player
plugin and activeX in unattended mode. Example:
<UpdateFlash>
Back to the list
<InstallNetFramework>
This command installs the non
installed versions of .NET Framework in unattended mode. Example:
<InstallNetFramework>
Back to the list
<MBAMScan>
This command will perform an
unattended Malwarebytes' AntiMalware scan.
To select the scan type, add a digit
from 1 to 3 after the command (optional):
1 = Quick scan; 2 = Normal scan
(default); 3 = Complete scan
Example (will make a complete scan):
<MBAMScan>3
The infected items found in the scan
will be automatically deleted.
Back to the list
<SASScan>
This command will perform an
unattended Super AntiSpyware scan.
To select the scan type, add a digit
from 1 to 3 after the command (optional):
1 = Quick scan (default); 2 =
Critical point scan; 3 = Complete scan
Example (will make a critical point
scan):
<SASScan>2
The infected items found in the scan
will be automatically deleted.
Back to the list
<HitmanProScan>
This command will perform an
unattended Hitman Pro scan.
To select the scan type, add 1
or 2 after the command (optional):
1 = Quick scan; 2 = Complete scan
(default)
Example (will make a quick scan):
<HitmanProScan>1
The infected items found in the scan
will be automatically deleted, except Chrome and Firefox cookies.
Back to the list
<TDSSKillerScan>
This command will perform an
unattended TDSS Killer scan. Example:
<TDSSKillerScan>
The infected items found in the scan
will be automatically deleted.
Back to the list
<CleanAllUsersTemp>
This command will empty the temporary
folders for all users. This command was created only for maintenance
and it won't delete the files in use nor running executable files.
If you wish to delete all temporary files, check
Empty temporary folders
checkbox before running the command or script. Example:
<CleanAllUsersTemp>
Back to the list
<FreePhysicalMemory>
This command will release memory used
by the applications by emptying their working set. Usually this
doesn't affect performance, but users should use this feature only
if they are running out of memory. Example:
<FreePhysicalMemory>
Back to the list
<DefragAndOptimize>
This command will add some registry
tweaks to reduce the boot time, defragment all the hard drives to
improve performance and process the idle tasks to reduce the boot
time.
Please note that the boot
optimization can not be stopped and will only take effect after
rebooting the computer at least twice. Also, defragmenting the hard
drives can take a long time depending on how fragmented they are,
their size and the system speed. Example:
<DefragAndOptimize>
Back to the list
<KillNonTrustedProcesses>
If you use this command,
UVK will verify
the digital signatures of the
processes to kill.
If the signer is part of an internal trusted
signers list, the process will not be killed.
The list includes some
trusted publishers like Microsoft, Google, Mozilla, Opera, Hewlett
Packard, Acer, etc.
Example:
<KillNonTrustedProcesses>
Back to the list
<KillNonSystemProcesses>
This command will kill all non system
processes. Use it to stop the malware activity and free system
resources. The processes will be filtered by path. Ignored processes
are:
 [System
Process]
System
%Windir%\System32\svchost.exe
%Windir%\System32\lsass.exe
%Windir%\System32\winlogon.exe
%Windir%\System32\csrss.exe
%Windir%\System32\smss.exe
%Windir%\System32\wininit.exe
%Windir%\System32\services.exe
%Windir%\System32\lsm.exe
%Windir%\explorer.exe
%Windir%\System32\SearchIndexer.exe
%Windir%\System32\dwm.exe
%Windir%\System32\spoolsv.exe
%Windir%\System32\taskhost.exe
%Windir%\System32\wbem\unsecapp.exe
%Windir%\System32\wbem\wmiprvse.exe
%Windir%\hh.exe
%Windir%\System32\audiodg.exe
UVK process
Example:
<KillNonSystemProcesses>
Back to the list
<KillNonCriticalProcesses>
This command will kill all non
critical processes. Use it to stop the malware activity and free
system resources if you think that system files can be infected. The
processes will be filtered by path. Ignored processes are:
[System
Process]
System
%Windir%\System32\svchost.exe
%Windir%\System32\lsass.exe
%Windir%\System32\winlogon.exe
%Windir%\System32\csrss.exe
%Windir%\System32\smss.exe
%Windir%\System32\wininit.exe
%Windir%\System32\services.exe
%Windir%\System32\lsm.exe
%Windir%\explorer.exe
will be restarted.
UVK process
Example:
<KillNonCriticalProcesses>
Back to the list
<StopNonMsServices>
This command will try to stop all non
Microsoft running services. Example:
<StopNonMsServices>
Back to the list
<ScheduleChkDskOnReboot>
This command will schedule the system
drive to be checked on next reboot. Example:
<ScheduleChkDskOnReboot>
Back to the list
<RunScfScan>
This command will run the system
protected resources scan (sfc.exe /scannow). Example:
<RunScfScan>
Back to the list
<Reboot>
This command will tell UVK to reboot
the computer after running the current script. This command doesn't
have to be the last command in the script. Example:
<KillNonSystemProcesses>
<Reboot>
<DefragAndOptimize>
The commands above will kill all non
system processes, defragment and optimize the hard drives, and
then
reboot the computer.
Back to the list
<Shutdown>
This command is similar to
<Reboot>,
except it will shutdown the computer instead of restarting it. Example:
<Shutdown>
Back to the list
Create scripts for full system
maintenance and repair
You can combine the
commands described above to create UVK scripts to automate a full
system maintenance or repair, or both. Example of a repair script:
<Comment>
This script will perform a full system repair.
<KillNonSystemProcesses>
<StopNonMsServices>
<ScheduleChkDskOnReboot>
<RunSfcScan>
<UnlockFileExtensions>
<FileExtension> | All
<ProtectFileExtensions>
<RegisterSystemDLLs>
<FixInstallProblems>
<EnableAutoplay>
<FixWindowsUpdate>
<ResetHostsAndDns>
<FixWindowsSidebar>1
<ResetIEAndInternet>
<FixShortcutsUrlsProtocols>
<ResetGroupPolicy>
<EnableUAC>
<FixUserDesktop>
<RebuildIconCache>
<IEStartPages> | Start Page | Google
<CreateRestorePoint>
<Reboot>
Example of a
maintenance script:
<Comment>
This script will perform a full system maintenance.
<UpdateDirectX>
<UpdateJava>
<UpdateFlash>
<InstallNetFramework>
<EmptyBrowsersCache>
<CleanAllUsersTemp>
<DefragAndOptimize>
<Shutdown>
You can also combine
the two scripts above to make a repair and maintenance script.
Back to the list
Using the custom modes and commands
All modes and commands listed above can be
combined together in the same UVK script or set of commands.
When using a multi line mode you
should write all the commands that correspond to that mode under the mode line before changing to a different mode.
You can
use the same mode several times in the same script.
Back to the list |
