UVK Help: Custom commands

This page will show you how to use custom commands in the Run Script section.

 

 

This section provides an easy to learn scripting feature, which allows you to access all UVK features from a simple script.

UVK scripts use a very dynamic language that supports many simple commands that run the UVK fixes, download files from the internet, delete files and folders, create and terminate processes and much more.

UVK scripts also support code in other scripting languages, such as AutoIt, VBScript, cmd batch and regedit code.

The UVK scripting language also supports several automation functions which allow to automate applications by sending mouse clicks and keystrokes to the application  window and controls.

Finally, UVK scripts can parse the logs created in the Scan and create log section. You just need to copy the desired lines from the UVK log to your new UVK script, and the corresponding registry entries and files will be deleted when the script is run. Just like HijackThis or OTL does.

To easily create a UVK script, use the Log analyzer. It inserts the custom commands and modes in one click, allows drag an drop to create file and folder paths, automatically creates maintenance and repair scripts, helps you to read the UVK log and create scripts that automate applications.

The Log analyzer also displays tooltips each time you insert a command or keyword, which help you to create the script code.

UVK scripts support two types of statements. Multiline commands (also called modes), and single line commands.

The syntax for multiline commands is:

<Mode keyword>

Command 1
Command 2
And so on...

The Mode is the keyword of multiline commands. It's on the top of a sequence of lines and tells UVK to do the same action to the lines below until the mode is changed to a different one, or the end of the script is reached. Examples of mode keywords are <Reg>, <Delete>, <RunWait>, and <UpdateSoftware>.

For instance, if the mode is <Reg>, then the lines just below contain regedit code to merge; if the mode is <RunWait> then the lines below contain commands to execute; if the mode is <AutoItScript> then the lines below contain AutoIt code to execute.

A command is a statement that uses only one line.

 

The table below shows all available modes and commands. Click the name for more details.

Mode/command/function Description
<UVKCommandsScript> String required in the first line of a UVK script.
<Comment> Use this mode to write some comments in your script.
<Sleep>[seconds] Pauses the sript for the given name of seconds.
<Beep>[times] Plays a sound the given number of times times in a specific part of the script.
<Reg> Run the regedit code in the lines below.
<Delete> Move the files and folders in the paths below to the recycle bin.
<SDelete> Delete the files and folders in the paths below.
<ReplaceFile> Replace or copy one or several files. The replaced file is moved to the recycle bin.
<SReplaceFile> Replace or copy one or several files. The replaced file is definitely deleted.
<Run> Run the executable files in the paths below. Command line switches are allowed.
<RunWait> Same as <Run>, but waits until the application closes to continue.
<KillProcess> Kill the processes corresponding to the paths below.
<Download> Download files from the internet and save them to the hard drive.
<UpdateSoftware> Automatically update your set of tools using UVK custom commands.
 
<CmdScript> Run the cmd batch code writen in the lines below as administrator.
<AutoItScript> Run the AutoIt code writen in the lines below as administrator.
<VBScript> Run the VBScript code writen in the lines below as administrator.
 
<ImunizeSystem> Immunize/un-immunize one or more areas. See also UVK Immunization.
   
<BackupRegistry> Perform a registry backup in a specific part of the script.
<RestoreRegistry> Restore the Windows registry from a previous backup.
   
<FixInstallProblems> Repair installation problems.
<FixWMIAndSR> Repair the WMI and the System restore.
<FixWindowsUpdate> Enable and repair Windows update.
<FixWindowsSidebar> Repair the Windows sidebar and its gadgets.
<FixWindowsFirewall> Enable, repair and reset the Windows firewall.
<FixIEAndWindowsShell> Repair Internet explorer and the Windows shell.
<FixShortcutsUrlsProtocols> Fix the desktop and internet shortcuts, and protocols.
<FixUserDesktop> Repair the curent user's desktop if it's not working.
<FixEventSystemService> Repair the EventSystem service and other associated services.
<FixSubSystemsKey> Fix HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems key
<FixGroupAccess> Add "Local service" and "Network service" members to the Administrators group.
<FixIE10History> Fix Internet Explorer 10 history if it is no longer working.
<FixAppsNotResponding> Increase the time windows waits before marking the applications as "Not responding".
<FixBrowserShortcuts> Repair Internet browser shortcuts that have been hacked by malware or adware.
<FixWinStoreApps> Re-register the Windows store and repair the Metro apps. Only for Windows 8 or higher.
   
<EnableAutoplay> Enable Autoplay feature for all drives.
<DisableAutoplay> Disable Autoplay feature for all drives.
<EnableAdminAccount> Enable the hidden Administrator account.
<DisableAdminAccount> Disable the hidden Administrator account.
   
<ResetIEAndInternet> Reset IE and Internet settings to defaults.
<ResetHostsAndDns> Reset hosts file and DNS cache to defaults.
<ResetIPWinsockProxy> Reset the IP, winsock and proxy settings to the defaults.
<ResetSecuritySettings> Reset the registry and NTFS security settings using the windows api.
<ResetGroupPolicy> Reset the group policies in gpedit.msc and the registry.
<ResetUserShellFolders> Reset the group policies in gpedit.msc and the registry.
<ResetNumLockOn> Reset the NumLock state ON at Winlogon for all users.
   
<ResetChrome> Reset Google chrome's preferences and extensions.
<ResetFirefox> Reset Firefox's preferences and extensions.
   
<EmptyBrowsersCache> Empty the cache for all installed internet browsers.
<DeleteBrowsersCookies> Delete the cookies for all installed internet browsers.
<CleanAllUsersTemp> Empty the temporary folders for all users.
<ClearIEHistory> lear the Internet Explorer's history for the current user.
<ClearEventLogs> Clear the Windows event logs.
<ClearErrorReports> Clear all existing error reports.
<FreePhysicalMemory> Release physical memory used by the applications.
<DefragAndOptimize> Defrag and optimize the hard drives to improve performance and boot time.
   
<CleanupRegistry> Cleanup the registry and invalid shortcuts the same way the System booster does.
<CleanupJunkFiles> Cleanup the junk files the same way the System booster does.
   
 <MBAMScan> Update Malwarebytes AntiMalware and start a threat scan.
 <SASScan> Update Super AntiSpyware and start a scan.
 <TDSSKillerScan> Update Kaspersky TDSSKiller and start a scan.
 <AswMBRScan> Update Avast! AswMBR and start a scan.
 <AdwCleanerScan> Update AdwCleaner and start a scan.
 <AvastBCScan> Update Avast! Browser cleanup and run the application.
   
 <UnzipFile> Unzip one or several zip files to the specified folders.
   
<UpdateDirectX> Update the DirectX in unattended mode.
<UpdateJava> Update Java in unattended mode.
<UpdateFlash> Update the flash player activeX and plugin in unattended mode.
<InstallNetFramework> Install the non installed versions of .NET Framework in unattended mode.
<InstallVC++> Install all versions of Visual C++ runtime in unattended mode.
<InstallWin8Gadgets> Download the 8GadgetPack from addgadgets.com and silently install it.
   
<KillNonTrustedProcesses> Kill non trusted processes. Stop malware activity and keep trusted processes.
<KillNonSystemProcesses> Kill all non system processes. Use to stop malware activity.
<KillNonCriticalProcesses> Kill all non critical processes. Use to free system resources.
<StopNonMsServices> Stop all non Microsoft services. Use to stop malware activity or detect conflicts.
   
<RegisterSystemDLLs> Register all Microsoft DLLs in the System32 folder
<ScheduleChkDskOnReboot> Schedule the disk checker to check the system drive on next reboot.
<UnlockFileExtensions> Unlock the file extensions registry entries, allowing them to be changed.
<FileExtension> | All Fix one or several file extensions: .exe, .msi, .reg, .bat, .cmd and .com.
<ProtectFileExtensions> Lock the file extensions registry entries, preventing them from being changed.
<RunScfScan> Run the system protected resources scan.
<EnableUAC> Enable the User account control (only Vista, Server 2008 and Windows 7).
<DisableUAC> Disable the User account control (only Vista, Server 2008 and Windows 7).
   
<UnhideUserFiles> Unhide all user's files and folders if they've been hidden by malware.
<UnhideDir> Recursively unhide non system files in a directory or partition.
   
<RebuildIconCache> Fix the icons if the Windows explorer doesn't display them properly.
<DeleteAllRestorePoints> Delete all the existing restore points.
<CreateRestorePoint> Create a system restore point named UVK Fix.
   
<Reboot> Reboot the computer after running the script.
<Shutdown> Shutdown the computer after running the script.
<RebootSafeMode> Reboot the pc in safe mode with or without networking.
   
Automation functions Functions that automate applications through UVK scripts.
->WaitWindow() Wait for a specific window to exist, and add it to the managed windows list.
->WaitControl() Wait until a secific control is visible and enabled.
->WaitControlState() Wait untill a specific control has the specified state.
->ClickControl() Click a specific control in a window.
->ClickWindowPos() Simmulate a mouse click at the specified position within a window.
->ControlSend() Send keystrokes to a specific control in a window.
->WinSend() Send keystrokes to a window.
->Sleep() Pause the script execution for the specified time, in miliseconds.
->CloseWindow() Close a specific window.
->CloseProcess() Terminate the process created by the last <Run> command.
->WaitWindowClose() Pause the script execution until the specified window(s) close.
->WaitProcessClose() Pause the script execution until the process created by the last <Run> command ends.
Title definition Description of the special title definition, used by the ->WaitWindow() function.
ClassNN definition Description of the ClassNN control definition, used by the automation functions.
Managed windows Description of the Managed windows list, used by the automation functions.
Automation examples Some examples demostrating how the UVK automation works.

 

The Mode keyword can be preceeded by a few white spaces, but not the commands below it. Blank lines are ignored.

UVK supports all Windows environment variables like %windir%, %systemroot%, %userprofile%, %temp%, %systemdrive%, %allusersprofile%, %programfiles%, %comspec%, %appdata%, etc. (all case insensitive).

We also added support for eight more variables to simplify writing common paths (case insensitive):

%InstallSourceDir% The folder where the setup/portable package from which UVK was launched/installed resides.
For instance, if UVK is launched from F:\tools\UVKPortable.exe, this variable will expand to F:\tools
%ThirdParty% The Third party folder, inside the UVK's directory.
%ProgramFiles(x86)% For 64 bits Windows, it's the path of the Program files (x86) folder.
For 32 bits Windows, it the same as %ProgramFiles%
%UVKDir% Path to UVK's installation folder.
%LocalAppData% Path of Local Application Data.
%Desktop% Path of current user's desktop.
%MyDocs% Path of current user's documents folder.
%CommonDocs% Path of common documents folder.
%SystemDir% Path of the system directory (Usually C:\Windows\System32).
%UVKExe% The fully qualified path of the UVK's executable.
%PublicDesktop% The path of the common desktop folder (usually C:\Users\Public\Desktop).

These variables are expanded in all modes except <Reg>, <CmdScript>, <AutoItScript> and <VBScript>.

This may seem complicated but it's very simple. I'll explain in detail. Techs and geeks that are used to scripts often will certainly enjoy the AutoIt, VBScript and cmd batch integration support, and the Automation functions.

The Automation functions allow you to automate your third party applications in an easy way.

 

<Comment>

This mode allows you to write comments in your script, explaining what it does and how it works. The lines under the <Comment> keyword will be ignored by UVK and you can use this mode anywhere in the script. Example:

<Comment>

This script will defragment the system drive and clear the hosts file.
Note that this can take long, depending on several factors.

<RunWait>

%comspec% /c echo 127.0.0.1 localhost>%systemdir%\drivers\etc\hosts
%SystemDir%\defrag.exe %SystemDrive% /v

You can also insert comment lines anywhere in the script by preceeding them with a semi-colon. Example:

;This script will only reset the hosts file because the last line is commented

<RunWait>

%comspec% /c echo 127.0.0.1 localhost>%systemdir%\drivers\etc\hosts
;%SystemDir%\defrag.exe %SystemDrive% /v

 

Back to the list

 

<Sleep>[seconds]

This command allows to pause the script for a given number of seconds. The number of seconds must be specified in the same line, and after the <Sleep> keyword.  Example:

<Comment>

The command below will pause the script for five seconds:

<Sleep>5

Back to the list 

 

<Beep>[times]

This command plays a sound or beep. You can specify the number of times to beep after the command.

If you don't specify the number of times to beep, the %Windir%\Media\tada.wav file will be played once.

Also if a positive value is specified, the tada.wav file if played that number of times. Specifying a negative value, a beep is played that number of times converted to a positive value.

Example:

;The command below will play the tada.wav file twice:

<Beep>2

;The command below will beep three times:

<Beep>-3

;The command below will play the tada.wav file once:

<Beep>

Back to the list

 

<Reg>

This mode allows you to integrate Regedit code in a UVK script and merge it to the registry. The reg code is specified in the lines below the <Reg> keyword.

Let's say you want to set the registry value QuickEdit under the key HKEY_CURRENT_USER\Console to 1
and delete the key HKEY_CURRENT_USER\Software\SoftName. Your code block should look like this:

  <Reg>

[HKEY_CURRENT_USER\Console]
"QuickEdit"=dword:00000001

[-HKEY_CURRENT_USER\Software\SoftName]

You will note that it's the same format regedit uses to export registry entries. That's the idea!

You can export keys from another computer using regedit or the reg export command and then use UVK to import them to the infected pc.

To delete a registry key use use a "-" before the key's name. e.g.: [-HKEY...]

To delete a registry value use "=-" after the value's name. e.g.: "ValueName"=-

Back to the list

 

<Delete> and <SDelete>

<Delete> is used to delete files and folders and it's very simple: You only have to insert lines with the paths of the files or folders you want to delete under the mode line. You can use multiple paths under the same mode line, but only one path per line. The deleted files will be moved to the recycle bin, for possible recovery.

<SDelete> is similar to <Delete>, except the files and folders will be permanently deleted, instead of moved to the recycle bin. <SDelete> can sometimes be more effective, but doesn't allow to recover the deleted files.

When deleting files, don't forget to enter the extension. If the files or folders cannot be deleted immediately, they will be scheduled to be deleted on the next reboot.

Exemple:

  <Delete>

%desktop%\File name.exe
%ProgramFiles%\Folder Name

<SDelete>

%appdata%\FolderName
C:\Folder Name\FileName.txt

When using <Delete> or <SDelete> you don't have to enclose paths in double quotes even if they contain white spaces.

Back to the list

 

<ReplaceFile> and <SReplaceFile>

These modes can be used to replace a file with another file. If the file is locked, it will be replaced on reboot. The first given file doesn't have to exist, meaning these commands can also be used to copy files.

The difference between these two modes is that <ReplaceFile> moves the destination file to the recycle bin before replacing it, while <SReplaceFile> deletes the file permanently.

Syntax:

<ReplaceFile>

File to be replaced (destination file) | File to replace with (source file).

Example:

<SReplaceFile>

%SystemDir%\urlmon.dll | %SystemDir%\dllcache\urlmon.dll

Note: The separator must absolutely be " | " (a vertical bar with a white space in each side).

Back to the list

 

<Run> and <RunWait>

These two modes are used to execute files. The difference is that <RunWait> executes an application and waits until it closes to step to next command. <Run> executes the command and continues immediately, and supports window automation. You can use the one that best fits the actions you want to perform.

Syntax:

<Run> -h -x86 -x64

;commands to run / Automation functions

 

;OR

 

<RunWait> -h -x86 -x64

;Commands to run and wait until they end

Mode parameters:

-h - Run the command in a hidden window.
-x86 - Run only if the OS is 32 bits.
-x64 - Run only if the OS is 64 bits.

Note: The intended use of -h is to prevent the cmd console from displaying when executing quick commands that automatically close when complete. Although it may be used for any other programs, it should not be used for applications that expect user input.

<Run> is a very special mode, because it allows you to automate the programs you run. Click here for more info.

Enter the commands you want to run in the lines below the Mode line. If the commands have parameters with white spaces, those parameters need to be enclosed in quotation marks.

Exemple:

 ;The commands below will not show the cmd console:

   <RunWait> -h
%comspec% /c copy /y %systemdir%\FileName.dll "%Desktop%"
%comspec% /c ren /y "%Desktop%\FileName.dll" NewName.dll

 

;Now the command below will show the normal GUI of the corresponding program:

  <Run>
%desktop%\My program.exe "My params"

 

;Now the command below will only be executed in 64 bits Windows versions.

  <Runwait> -x64
%windir%\regedit

Back to the list

 

<KillProcess>

This mode allows you to kill one or several processes based on the process executable path.

Since Windows doesn't have a native tool to do this job, this mode will be very useful to kill processes with the same name as system files like csrss.exe, svchost.exe or winlogon.exe, etc.

e.g. If you killed a trojan's process which executable file is %appdata%\svchost.exe using the command
%comspec% /c taskkill /f /im svchost.exe your computer would shutdown immediately because you also killed system critical processes svchost.exe.

The commands in the example below will kill the process %appdata%\svchost.exe and restart the Windows Explorer:

  <KillProcess>

%windir%\explorer.exe
%appdata%\svchost.exe

 

  <Run>

%systemroot%\explorer.exe

When using this mode you don't need to enclose paths in double quotes even when they have white spaces.

If there are several processes with the same path, they all will be killed.

Back to the list

 

<Download>

This mode can be very useful if your browser is infected and you can't download an antivirus or anti-spyware program, or if you want to automatically download and run a file in a specific part of a script.

Syntax:

 <Download>
Url of the file to download | Path to save the file on the hard disk, including the file name.

As you can see in the example below, the url is separated from the destination path by " | ". This separator is very important and it must always be a vertical bar (|) with only one white space on each side.

<Download>

http://www.carifred.com/uvk/UVKSetup.exe | %MyDocs%\UVKSetup.exe
http://www.carifred.com/uvk/UVKPortable.exe | %Desktop%\UVK.exe

<Run>

%MyDocs%\UVKSetup.exe -Silent

Back to the list

 

<RegisterSystemDLLs>

Register all system dlls is a unique UVK feature that can solve many problems related to the Windows explorer, Windows update, missing services, installation problems, runtime errors, missing windows features, system working too slow and many other problems. This command does not only registers DLL files, but also OCX and CPL.

This is a standalone command. No other lines are required. Example:

<Comment>

This script will register all system dll's

<RegisterSystemDLLs>

Back to the list

 

<CmdScript>

This mode allows you to integrate one or several cmd batch scripts in a UVK script. UVK will run the script with administrator privileges.

If you do not wish the console window to show up, specify -h after the <CmdScript> keyword. Note that you should only use -h if the batch script will close automatically without any user input needed. 

Example:

<Comment>

This script will empty the temp folders and defragment the hard drives. It will not show the console window.

<CmdScript> -h

@echo off
rd /s /q "%temp%"
rd /s /q "%windir%\temp"
if not exist "%temp%" md "%temp%"
if not exist "%windir%\temp" md "%windir%\temp"
for %%i in (C D E F G H I J K L M N O P Q R S T U V) do if exist "%%i:\System Volume Information" defrag %%i: /v
exit

Back to the list

 

<AutoItScript>

This mode allows you to embed one or more AutoIt scripts in a UVK script. UVK will run the script with administrator privileges.

@ScriptDir will be the UVK's install folder. AutoIt does not need to be installed to run the script. However, if you want to #include any of the AutoIt's builtin UDFs or Constants, you will need to install it, or copy the functions and Constants to the UVK script.

Example:

<Comment>

This useful script will give information about installed AntiVirus, AntiSpyware and Firewall products.

<AutoItScript>
_CheckAV()
Func _CheckAV()
    Local $oWMI = (@OSVersion = "WIN_XP") ? _
    ObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter") : _
    ObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")
    If Not IsObj($oWMI) Then
        MsgBox(0,"AV check", "Error: Could not get WMI object")
        Return 0
    EndIf

    Local $colItems = $oWMI.ExecQuery("Select * from AntiVirusProduct")
    Local $msgstr = "Installed AntiVirus software:"&@CRLF, $avstr, $state
    If Not IsObj($colItems) Then
        $avstr = "Could not query installed Antivirus software!"&@CRLF
    Else
        For $objProduct in $colItems
            $avstr = $objProduct.DisplayName
            $state = $objProduct.ProductState
            $avstr &= BitAND($state,0x1000) ? " [Enabled" : " [Disabled"
             $avstr &= BitAND($state,0x40000) ? "|Updated]" : "|Outdated]"
             $avstr &= @CRLF
        Next
        $msgstr &= ($avstr = "") ? ("Antivirus software not installed!"&@CRLF) : $avstr
    EndIf

    $msgstr &= @CRLF&@CRLF&"Installed AntiSpyware software:"&@CRLF
    $colItems = $oWMI.ExecQuery("Select * from AntiSpywareProduct")
    If Not IsObj($colItems) Then
        $avstr = "Could not query installed AntiSpyware software!"&@CRLF
    Else
        $avstr = ""
        For $objProduct in $colItems
            $avstr = $objProduct.DisplayName
            $state = $objProduct.ProductState
            $avstr &= BitAND($state,0x1000) ? " [Enabled" : " [Disabled"
             $avstr &= BitAND($state,0x40000) ? "|Updated]" : "|Outdated]"
             $avstr &= @CRLF
        Next
        $msgstr &= ($avstr = "") ? ("AntiSpyware software not installed!"&@CRLF) : $avstr
    EndIf

    $msgstr &= @CRLF&"Installed Firewall software:"&@CRLF
    $colItems = $oWMI.ExecQuery("Select * from FirewallProduct")
    If Not IsObj($colItems) Then
        $avstr = "Could not query installed Firewall software!"&@CRLF
    Else
        $avstr = ""
        For $objProduct in $colItems
            $avstr = $objProduct.DisplayName
            $state = $objProduct.ProductState
            $avstr &= BitAND($state,0x1000) ? " [Enabled]" : " [Disabled]"
             $avstr &= @CRLF
        Next
        $msgstr &= ($avstr = "") ? ("Firewall software not installed!"&@CRLF) : $avstr
    EndIf
    MsgBox(64,"AV check", $msgstr)
EndFunc ;==> _CheckAV

Back to the list

 

<VBScript>

This mode allows you to embed one or Visual basic scripts in a UVK script. UVK will run the script with administrator privileges.

Example:

<Comment>

This useful script will give information about installed AntiVirus, AntiSpyware and Firewall products.

<VBScript>

On Error Resume Next
Dim oWMI, msgstr, enabled, updated, obj, state
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")
For Each obj in oWMI.ExecQuery("Select * from AntiVirusProduct")
    state = obj.productState
    If state And 4096 Then enabled = " [Enabled" Else enabled = " [Disabled"
    If state And 262144 Then updated = "|Updated] " Else updated = "|Outdated] "
    msgstr = msgstr & "AntiVirus: " _
    & obj.displayName _
    & Enabled _
    & Updated _
    & vbCrLf
Next
For Each obj in oWMI.ExecQuery("Select * from AntiSpywareProduct")
    state = obj.productState
    If state And 4096 Then enabled = " [Enabled" Else enabled = " [Disabled"
    If state And 262144 Then updated = "|Updated] " Else updated = "|Outdated] "
    msgstr = msgstr & "AntiSpyware: " _
    & obj.displayName _
    & Enabled _
    & Updated _
    & vbCrLf
Next
For Each obj in oWMI.ExecQuery("Select * from FirewallProduct")
    state = obj.productState
    If state And 4096 Then enabled = " [Enabled] " Else enabled = " [Disabled] "
    msgstr = msgstr & "Firewall: " _
    & obj.displayName _
    & Enabled _
    & vbCrLf
Next
MsgBox msgstr, vbInformation

Back to the list

 

<UpdateSoftware>

This powerful feature allows you to keep your set of tools updated by simply running a UVK script.

It downloads a file from the internet, only if the same exact file does not already exist in the specified path.

The syntax for this mode is as follows:

<UpdateSoftware> x86 x64

Path of program to update | Direct download url
Path of program to update | Url of Softpedia program's page | Softpedia
Path of program to update | Url of MajorGeeks program's page | MajorGeeks
Path of program to update | Url of program's download page | Direct link text

You can choose whether to download the files depending on the current OS architecture. Specify x86 if you only want to download the file if the Windows architecture is 32 bits. Specify x64 if you only want to download the file if the Windows architecture is 64 bits.

If you want to download the regardless of the Windows architecture, specify only <UpdateSoftware>. Then enter each command in a new line.

Each command has two or three arguments separated with " | " (whitespace + vertical bar + whitespace).

The first argument is the path of the program to update, including the file name. Example F:\UVKSetup.exe. Environment variables are supported.

The second argument is a url. This url may have three different types. See below.

The third argument is optional:

Using a direct url:

If you specify a direct url as the second argument, don't set the third argument. Direct urls are urls that point directly to the file you wish to download. The UVKSetup.exe or UVKPortable.exe downloads from our server are examples of direct urls.

Example:

  <UpdateSoftware>
%Desktop%\UVKPortable.exe | http://www.carifred.com/uvk/UVKPortable.exe

The script above will update UVKPortable.exe in your desktop folder.

Using a Softpedia software page:

This is the option we recommend when the program you wish to update doesn't have an updated download url.

Specify the url of the Softpedia page corresponding to the software you want to update. Not the download page, just the main software page. Just google Softpedia followed by the name of the program, and you will quickly find the page, if it exists. Usually it's address is something like http://www.softpedia.com/get/[Section]/[Program's name].shtml.

Then, always specify Softpedia as the third argument. Here's an example:

 <UpdateSoftware>
%ThirdParty%\Defraggler.exe | http://www.softpedia.com/get/System/Hard-Disk-Utils/Defraggler.shtml | Softpedia
%ThirdParty%\Rgkiller.exe | http://www.softpedia.com/get/Security/Security-Related/RogueKiller.shtml | Softpedia

The script above will update Defraggler.exe and Rgkiller.exe (Rogue killer) in your Third party folder. 

Using a MajorGeeks software page:

Specify the url of the MajorGeeks page corresponding to the software you want to update. Not the download page, just the main software page. i.e.: for UVK it's this one, for Avast! Virus cleaner tool it's this one. Just google Majorgeeks followed by the name of the program, and you will quickly find the page, if it exists.

Then, always specify MajorGeeks as the third argument. Here's an example:

  <UpdateSoftware>
%ThirdParty%\UVKSetup.exe | http://www.majorgeeks.com/UVK_Ultra_Virus_Killer_d7653.html | MajorGeeks
%ThirdParty%\SAS.exe | http://www.majorgeeks.com/files/details/superantispyware_free.html | MajorGeeks

The script above will update UVKSetup.exe and SAS.exe (Super AntiSpyware) in your Third party folder.

Using a link text as the third argument:

If the methods above do not work for the program you want to download, you can set the second agument as the url of a page containing a text link pointing directly to the updated file you want to download.

Then set the third argument with the text of the direct link. UVK will parse the link, retrieve the url it's pointing to, and perform the update with the corresponding file. That means when the link target is updated, the software will be updated too. Neat, huh?

 Example:

 <UpdateSoftware>
%Desktop%\Combofix.exe | http://www.bleepingcomputer.com/download/combofix/dl/12/ | click here
%Desktop%\TDSSKiller.exe | http://support.kaspersky.com/5350 | TDSSKiller.exe
%Desktop%\CCleanersetup.exe | http://www.piriform.com/ccleaner/download/standard | start the download

The script above will update Combofix, TDSSKiller and CCleaner in your desktop folder.

If the program is already updated, UVK will skip the download and jump to the next command.

Back to the list

 

<ImunizeSystem>

Immunizes or un-immunizes one or more areas. For more information about the UVK immunization see UVK Immunization.

The syntax for this command is:

<ImunizeSystem>[Area number 1]|[Area number 2]|[Area number n]|AllUsers.

Using this command without parameters will make UVK un-immunize any previously immunized areas.

The area numbers must be separated by a vertical bar (|).

Available areas and corresponding numbers are:

0 - Autorun entries.
1 - Startup and tasks folders.
2 - Winlogon entries.
3 - RunOnce entries.
4 - RunServices entries.
5 - RunServicesOnce entries.
6 - Group policies.
7 - Lsa providers.
8 - Hosts file.
9 - Image Hijacks.
10 - Driver files.
11 - SubSystems key.
12 - Browser helper objects.
13 - Url search hooks.
14 - Main IE entries.
15 - IE toolbars and search.
16 - Internet settings.
17 - Explorer registry entries.
18 - Shell execute hooks.
19 - Desktop registry entries.
20 - Start menu.

Using AllUsers at the end of the command will make UVK set the immunization for all the local users. This feature is only available for the users having a UVK license key.

Examples:

;The example below will immunize the Autorun entries, Winlogon entries,
;IE toolbars and search and the Start menu areas:

<ImunizeSystem>0|2|15|20

;The example below will immunize the recommended areas for all users:

<ImunizeSystem>0|1|2|4|6|7|8|9|11|12|13|14|15|16|18|19|AllUsers

;The example below will un-immunize any previously immunized areas:

<ImunizeSystem>

Any previously immunized areas not specified in the new command will be automatically un-immunized:

Back to the list 

 

<BackupRegistry>
 

This command allows you to perform a registry backup in a specific part of the script. Specifying only <BackupRegistry> will backup the HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE rootkeys. You can customize the registry backup by specifying a flag and username in the following format:

<BackupRegistry> | flag | username

The flag parameter is set as follows:

0: Don't backup HKEY_CURRENT_USER neither HKEY_LOCAL_MACHINE.
1: Backup only HKEY_CURRENT_USER.
2: Backup only HKEY_LOCAL_MACHINE.
3: Backup both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE

The username parameter should be the name of an extra user to backup the config from. This can not be the current user name. You can specify All users if you want to backup all users hives.

;The example below will backup the whole registry

<BackupRegistry> | 3 | All users

;The example below will backup the current user and the
;builtin admin hives (for english language Windows):

<BackupRegistry> | 1 | Administrator

Back to the list 

 

<RestoreRegistry>
 

This command allows you to perform a registry restore. This option will automatically enable <Reboot>, meaning the computer will be rebooted after running the script. The syntax is the same as for <BackupRegistry>, but you can not specify All users as the second parameter. Only a valid user name is supported.

Important note: The registry backup and restore automatically defragments the saved hives, meaning you can use these commands to defragment the registry, by performing a registry backup immediately followed by a registry restore, and a computer reboot. The example below will defragment the current user and local machine hives:

<BackupRegistry>
<RestoreRegistry>

Back to the list

 

<UnlockFileExtensions>
 

This command grants access to modify the following file associations: exe, reg, .msi, bat, cmd, com and vbs.

This can be useful if you have locked the file extensions with the command <ProtectFileExtensions>.

Example:

<UnlockFileExtensions>

Back to the list

 

<FileExtension>

This command fixes one or several file extensions. Supported extensions are: exe, reg, .msi, bat, cmd, com and vbs.

Syntax:

 <FileExtension> | Extension

Extension is the file extension to fix, including the dot. If you use All instead of a file extension, then all seven file extensions will be fixed. Examples:

<FileExtension> | .msi

<FileExtension> | All

Back to the list

 

<ProtectFileExtensions>

This command prevents modifying the following file associations: exe, reg, .msi, bat, cmd, com and vbs.

This can be an important step on the malware protection techniques, considering the number of modern malware that affect these file extensions.

Example:

<ProtectFileExtensions>

Back to the list

 

<FixInstallProblems>

This command fixes the most common problems related to software installation.  It repairs Windows installer, the %appdata% environment variable, empties and repairs the temporary folders. Example:

<Comment>

This script will fix installation problems.

<FixInstallProblems>

Back to the list 

 

<EnableAutoplay>

This command enables Windows autoplay function for all drives. Example:

;This script will enable autoplay for CD/DVD and USB drives.
<EnableAutoplay>

Back to the list

 

<DisableAutoplay>

This command disables Windows autoplay function for all drives. Example:

;This script will disable autoplay for all drives.
<DisableAutoplay>

Back to the list

 

<FixWindowsUpdate>

This command repairs and enables Windows Update. Example:

<FixWindowsUpdate>

Back to the list

 

<ResetHostsAndDns>

This command resets the hosts file to its defaults and flushes the DNS. Example:

<ResetHostsAndDns>

Back to the list

 

<FixWindowsSidebar>

This command fixes the windows sidebar. Specifying 1 right after the command will keep the current Windows sidebar settings (the gadgets on the desktop, their positions, etc). If you don't want to keep these settings, just delete the 1. This will increase the success rate. Examples:

;This script will fix the Windows sidebar and keep the current settings:
 <FixWindowsSidebar>1

;This script will fix the Windows sidebar and delete the current settings:
 <FixWindowsSidebar>

Back to the list

 

<FixWindowsFirewall>

This command fixes, enables and resets the windows firewall to its defaults. Example:

;This script will reset and fix fix the Windows firewall:
 <FixWindowsFirewall>

Back to the list

 

<FixIEAndWindowsShell>

This command will repair possible Windows shell hijacks, repair Internet explorer, and register the files needed for the shell to work properly. Example:

;This script will repair the Windows shell:
 <FixIEAndWindowsShell>

Back to the list

 

<FixWMIAndSR>

Sometimes the WMI is corrupted, which also prevents the system restore from working. This command will fix both the WMI core and the system restore service. Example:

;This script will repair the WMI and the system restore.
 <FixWMIAndSR>

Back to the list

 

<ResetIEAndInternet>

This command resets Internet explorer settings and Windows internet settings to their defaults, meaning these settings will be set as if you had just created a new user. Example:

<ResetIEAndInternet>

Back to the list

 

<FixShortcutsUrlsProtocols>

This command repairs the desktop and  internet shortcuts file extensions and associations, and also restores the registry keys for the internet protocols to their defaults. Example:

<FixShortcutsUrlsProtocols>

Back to the list

 

<DeleteAllRestorePoints>

This command deletes all existing system restore points. Example:

<DeleteAllRestorePoints>

Back to the list

 

<CreateRestorePoint>

This command creates a restore point named UVK Fix. Creating a restore point before running the commands is already part of UVK's interface, but this command allows to create a restore point in a specific part of the script or after executing all the commands. Example:

<CreateRestorePoint>

Back to the list

 

<EmptyBrowsersCache>

This command empties the cache for all the installed internet browsers. Supported browsers are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari. Example:

<EmptyBrowsersCache>

Back to the list

 

<DeleteBrowsersCookies>

This command deletes the cookies for all the installed internet browsers. Supported browsers are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari. Example:

<DeleteBrowsersCookies>

Back to the list

 

<ClearEventLogs>

This command resets the following system event logs: Application, Security, Setup, System and Internet Explorer.

You should use this fix when the event logs become too big, and are not easy to read or are causing performance issues.

Example:

<ClearEventLogs>

Back to the list

 

<ResetSecuritySettings>

This command resets the registry and ntfs security settings to their defaults using the Windows Api functions. Use it when you have issues related to file or registry access. Example:

<ResetSecuritySettings> 

Back to the list

 

<ResetGroupPolicy>

This command resets the local group policies to their defaults. The fix will take effect not only for the policies configured with gpedit.msc, but for the ones configured directly in the registry.

Example:

<ResetGroupPolicy>

Back to the list

 

<ResetUserShellFolders>

This command will reset the registry entries for the User Shell Folders key (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders).

Example:

<ResetUserShellFolders>

Back to the list

 

<ResetNumLockOn>

This command will set the NumLock state ON at Winlogon for all users..

Example:

<ResetNumLockOn>

Back to the list

 

<ResetChrome>

This command will reset Google chrome's preferences and extensions. The cache and cookies will not be affected.

Specifying -AllUsers as a parameter will make UVK perform the operation for all users.

Examples:

<ResetChrome>
<ResetChrome> -AllUsers

Back to the list

 

<ResetFirefox>

This command will reset Google chrome's preferences and extensions. The cache and cookies will not be affected.

Specifying -AllUsers as a parameter will make UVK perform the operation for all users.

Example:

<ResetFirefox>
<ResetFirefox> -AllUsers

Back to the list

 

 

<ResetIPWinsockProxy>

This command resets the local IP, Winsock and proxy settings to the defaults.

Example:

<ResetIPWinsockProxy>

Back to the list

 

<EnableAdminAccount>

This command will enable the hidden admin account. Example:

<EnableAdminAccount>

Back to the list

 

<DisableAdminAccount>

This command will disable the hidden admin account. Example:

<DisableAdminAccount>

Back to the list

 

<RebuildIconCache>

This command will recreate the icon cache database. Use it when the icons aren't displaying properly in the Windows explorer. Example:

<RebuildIconCache>

Back to the list

 

<EnableUAC>

This command will enable the user account control. This option is only valid for Vista or newer Windows versions. Example:

<EnableUAC>

Back to the list

 

<DisableUAC>

This command will disable the user account control. This option is only valid for Vista or newer Windows versions. Example:

<DisableUAC>

Back to the list

 

<FixUserDesktop>

This command will enable the corrent user's desktop, the icons displaying and the context menu. Example:

<FixUserDesktop>

Back to the list

 

<FixEventSystemService>

Use this command if you can no longer login to your account, or when you log in, the system account is used instead of yours. Note: This fix is not available on Xp. Example:

<FixEventSystemService>

Back to the list

 

<FixSubSystemsKey>

Some malware hijack the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems registry key. This fix will repair it. Example:

<FixSubSystemsKey>

Back to the list 

 

<FixGroupAccess>

This command will add the "Local service" and "Network service" members to the administrators group.

Use it when you have network or service problems, such as your network icon not displayng the connected state or you are unable to start some services.

Example:

<FixGroupAccess>

Back to the list

 

<FixIE10History>

Some cleanup programs delete the IE's History folder, which, for Internet Explorer 10, makes it stop working.
This command will repair it.

Example:

<FixIE10History>

Back to the list

 

<FixAppsNotResponding>

This command will increase the time windows waits before marking the applications as "Not responding". Useful for slow systems.

You will need to log off and on for the changes to take effect.

Example:

<FixAppsNotResponding>

Back to the list

 

<FixBrowserShortcuts>

Some adware programs modify the browsers' desktop and start menu shortcuts, making them open specific pages when launched from those shortcuts.

This fix will repair the IE, Chrome, Firefox and Opera shortcuts for all users.

Example:

<FixBrowserShortcuts>

Back to the list

 

<FixWinStoreApps>

This command re-registers the Windows store and repairs the Metro apps. It only works on Windows 8 or higher.

This fix may solve other issues not related to the Windows store itself, such Windows updates or Metro apps not working.

Example:

<FixWinStoreApps>

Back to the list

 

 

<UnhideUserFiles>

This command will unhide the user's files and folders. Use it if malware has hidden them. System files and folders like the AppData, Recent, or the Start menu folders, and the desktop.ini, thumbs.db, index.dat or user.dat* files, etc. won't be unhidden. Example:

<UnhideUserFiles>

Back to the list

 

<UnhideDir>

This command will unhide all non system files and folders in a specific directory. This directory can be specified just after the command's keyword(optional). The default directory is the system partition (usually C:).

To unhide all fixed drives, use <UnhideDir>All drives. Environment variables are supported.

Examples:

<Comment>

The command below will unhide all non system files in the system partition:

<UnhideDir>
 

<Comment>

The command below will unhide all non system files in the D: partition:

<UnhideDir>D:
 

<Comment>

The command below will unhide all non system files in the Windows folder:

<UnhideDir>%Windir%
 

<Comment>

The command below will unhide all non system files in all drives:

<UnhideDir>All drives

Back to the list

 

<UpdateDirectX>

This command updates the DirectX in unattended mode. Example:

<UpdateDirectX>

Back to the list

 

<UpdateJava>

This command updates Java  in unattended mode. Example:

<UpdateJava>

Back to the list

 

<UpdateFlash>

This command updates the Flash player plugin and activeX in unattended mode. Example:

<UpdateFlash>

Back to the list

 

<InstallNetFramework>

This command installs the non installed versions of .NET Framework in unattended mode. Example:

<InstallNetFramework>

Back to the list 

 

<InstallVC++>

This command will install the following Visual C++ redistributable packages: VC++ 2005 SP1, VC++ 2008 SP1, VC++ 2010 SP1 and VC++ 2012. Example:

<InstallVC++>

Back to the list 

 

<InstallWin8Gadgets>

This command only works for Windows 8. It will download the 8GadgetPack from addgadgets.com and silently install it. Example:

<InstallWin8Gadgets>

Back to the list 

 

<CleanAllUsersTemp>

This command will empty the temporary folders for all users. Any locked files will be deleted on reboot Example:

<CleanAllUsersTemp>

Back to the list 

 

<ClearEventLogs>

This command will reset the following Windows event logs: Application, Security, Setup, System and Internet Explorer. You should use this fix if the event logs have become too big and can no longer be easily read or are causing performance issues.

Example:

<ClearEventLogs>

Back to the list 

 

<ClearErrorReports>

With time, Windows can accumulate thousands of useless error reports. This command will remove them all, to recover HDD space.

Example:

<ClearErrorReports>

Back to the list 

 

<ClearIEHistory>

This command will clear the Internet Explorer's history for the current user.

The IE's cookies and cache will not be affected.

Example:

<ClearIEHistory>

Back to the list 

 

<FreePhysicalMemory>

This command will release memory used by the applications by emptying their working set. Usually this doesn't affect performance, but users should use this feature only if they are running out of memory. Example:

<FreePhysicalMemory>

Back to the list

 

<DefragAndOptimize>

This command will add some registry tweaks to reduce the boot time, defragment all the hard drives to improve performance and process the idle tasks to reduce the boot time.

Please note that the boot optimization can not be stopped and will only take effect after rebooting the computer at least twice. Also, defragmenting the hard drives can take a long time depending on how fragmented they are, their size and the system speed. Example:

<DefragAndOptimize>

Back to the list

 

<CleanupRegistry>

This command will cleanup the registry the same way the System booster does. All areas will be scanned, except the Junk files and the System restore points. Invalid items are automatically removed.

Note: This fix is only available to registered users. Example:

<CleanupRegistry>

Back to the list

 

<CleanupJunkFiles>

This command will cleanup the junk files the same way the System booster does. Junk files found are automatically removed.

Note: This command is only available to registered users. Example:

<CleanupJunkFiles>

Back to the list

 

<MBAMScan>

This command updates Malwarebytes AntiMalware and starts a threat scan.

The application will be automatically downloaded if not already installed and up to date. UVK will automatically start the scan but doesn't automate the threat removal process.

Note: This command is only available to registered users.

This is a single line command. No other lines or parameters are needed.

Example:

<MBAMScan>

Back to the list

 

<SASScan>

This command updates Super AntiSpyware and starts a scan. Append "1" right after the command keyword to perform a full scan.

The application will be automatically downloaded if not already installed and up to date. UVK will automatically start the scan but doesn't automate the threat removal process.

Note: This command is only available to registered users.

This is a single line command. No other lines are needed.

Example:

;The command below will perform a SAS quick scan
<SASScan>

;The command below will perform a SAS full scan
<SASScan>1

Back to the list

 

<TDSSKillerScan>

This command updates TDSSKiller from Kaspersky and starts a threat scan.

The application will be automatically downloaded if not already installed and up to date. UVK will automatically start the scan but doesn't automate the threat removal process.

Note: This command is only available to registered users.

This is a single line command. No other lines or parameters are needed.

Example:

<TDSSKillerScan>

Back to the list

 

<AswMBRScan>

This command updates AswMBR and starts a scan. Append "1" right after the command keyword if you want AswMBR to automatically download the latest Avast! virus definitions.

The application will be automatically downloaded if not already installed and up to date. UVK will automatically start the scan but doesn't automate the threat removal process.

Note: This command is only available to registered users.

This is a single line command. No other lines are needed.

Example:

;The command below will perform a AswMBR scan
<AswMBRScan>

;The command below will start AswMBR, download the latest virus definitions, and start scan
<AswMBRScan>1

Back to the list

 

<AdwCleanerScan>

This command updates AdwCleaner and starts a scan.

The application will be automatically downloaded if not already installed and up to date. UVK will automatically start the scan but doesn't automate the threat removal process.

Note: This command is only available to registered users.

This is a single line command. No other lines or parameters are needed.

Example:

<AdwCleanerScan>

Back to the list

 

<AvastBCScan>

This command updates Avast! Browser Cleanup and runs the application.

The application will be downloaded if not already up to date. 

Note: This command is only available to registered users. 

This is a single line command. No other lines or parameters are needed.

Example:

<AvastBCScan>

Back to the list

 

<UnzipFile>

Unzip zip files listed in the lines below this keyword to the specified folders.

The Zip file and destination folder must be specified in the following format:

Path of the zip file | Path of the destination folder

Environment variables are supported for both paths. If the destination folder does not exist, it will be created.

Note: This command is only available to registered users. 

This is a single line command. No other lines or parameters are needed.

Example:

<UnzipFile>
%ThirdParty%\MyzipName.zip | %ThirdParty%\MyFoldername
%ThirdParty%\MyzipName2.zip | %ThirdParty%\MyFoldername2

Back to the list

 

<KillNonTrustedProcesses>

If you use this command, UVK will verify the digital signatures of the processes to kill.

If the signer is part of an internal trusted signers list, the process will not be killed.

The list includes some trusted publishers like Microsoft, Google, Mozilla, Opera, Hewlett Packard, Acer, etc.

Example:

<KillNonTrustedProcesses>

Back to the list

 

<KillNonSystemProcesses>

This command will kill all processes which executable files are not system protected files. The file signatures will be verified.

Example:

<KillNonSystemProcesses>

Back to the list

 

<KillNonCriticalProcesses>

This command will kill all non critical processes. Use it to stop the malware activity and free system resources if you think that system files can be infected. The processes will be filtered by path. Ignored processes are:

  [System Process]
  System
  %Windir%\System32\svchost.exe
  %Windir%\System32\lsass.exe
  %Windir%\System32\winlogon.exe
  %Windir%\System32\csrss.exe
  %Windir%\System32\smss.exe
  %Windir%\System32\wininit.exe
  %Windir%\System32\services.exe
  %Windir%\System32\lsm.exe
  %Windir%\explorer.exe will be restarted.
  UVK process

Example:

<KillNonCriticalProcesses>

Back to the list

 

<StopNonMsServices>

This command will try to stop all non Microsoft running services. Example:

<StopNonMsServices>

Back to the list

 

<ScheduleChkDskOnReboot>

This command will schedule the system drive to be checked on next reboot. Example:

<ScheduleChkDskOnReboot>

Back to the list

 

<RunScfScan>

This command will run the system protected resources scan (sfc.exe /scannow). Example:

<RunScfScan>

Back to the list

 

<Reboot>

This command will tell UVK to reboot the computer after running the current script. This command doesn't have to be the last command in the script. Example:

<KillNonSystemProcesses>
 
<Reboot>
 
<DefragAndOptimize>

The script above will kill all non system processes, defragment and optimize the hard drives, and then reboot the computer.

Back to the list

 

<Shutdown>

This command is similar to <Reboot>, except it will shutdown the computer instead of restarting it. Example:

<Shutdown>
 
<KillNonSystemProcesses>
 
<DefragAndOptimize>

Back to the list 

 

<RebootSafeMode>

This command allows you to reboot the pc in safe mode after running the script. To reboot in safe mode with networking, enter 1 after the keyword. Even if this command is not in the end of the script, the computer will only be rebooted after all the script is parsed.

Example:

<RebootSafeMode>1
 
<Comment>
 
This pc will be rebooted in safe mode with networking after running this script.

 

Back to the list

 

Create scripts for full system maintenance and repair

You can combine the commands described above to create UVK scripts to automate a full system maintenance or repair, or both. Example of a repair script:

 <Comment>
 
This script will perform a full system repair. Please save all your work before continuing.
 
<KillNonSystemProcesses>
<StopNonMsServices>
 
<ScheduleChkDskOnReboot>
<RunSfcScan>
<FixIeAndWindowsShell>
<UnlockFileExtensions>
<FileExtension> | All
<ProtectFileExtensions>
<RegisterSystemDLLs>
<FixInstallProblems>
<EnableAutoplay>
<ResetUserShellFolders>
<FixEventSystemService>
<FixSubSystemsKey>
<ResetSecuritySettings>
<FixWindowsUpdate>
<FixGroupAccess>
<ResetHostsAndDns>
<ResetIEAndInternet>
<ResetIPWinsockProxy>
<FixShortcutsUrlsProtocols>
<ResetGroupPolicy>
<EnableUAC>
<FixUserDesktop>
<RebuildIconCache>
<IEStartPages> | Start Page | Google
<CreateRestorePoint>
<Reboot>

Example of a maintenance script:

 <Comment>
 
This script will perform a full system maintenance.
 
<UpdateDirectX>
<UpdateJava>
<UpdateFlash>
<InstallNetFramework>
<ClearEventLogs>
<EmptyBrowsersCache>
<CleanAllUsersTemp>
<DefragAndOptimize>
<Reboot> 

You can also combine the two scripts above to make a repair and maintenance script.

Back to the list

 

Using the custom modes and commands

  All modes and commands listed above can be combined together in the same UVK script or set of commands.

  For multi-line modes, the corresponding commands are specified in the lines under the mode's keyword.

  You can use the same mode several times in the same script.

Back to the list

 

UVK window automation

The UVK window automation consists of 11 functions which alow you to automate applications from a UVK script.

These functions must be used in the <Run> mode, but you can automate already running applications. They can be easily inserted from the Log analyzer's Automation tab, of from the Control info tool.

Basically, to automate an application, you insert the <Run> keyword, then optionally the command that runs the application you're going to automate. Then you call ->WaitWindow() to add the application's window to the managed windows list.

Let's start with a quick example. You can find more complete examples in the script collection. This one just runs notepad.exe and sends some text to its text box.

 <Run>
notepad.exe
->WaitWindow(20)
->WaitControl(Edit1)
->ControlSend(Edit1,This is my first automation script.)

In the example above, we start by inserting the <Run> keyword, and running the notepad.exe command.

Then we call ->WaitWindow(20), which waits up to 20 seconds for a new window belonging to the notepad process we just created, and adds the new window to the managed windows list.

Then we call ->WaitControl(Edit1), which waits for the notepad's text box to be visible and enabled.

And finally we call ->ControlSend() to send some text to the control.

Again, this is just an introduction script, you can find more complex scripts in the script collection.

Back to the list

 

->WaitWindow()

Syntax:

->WaitWindow( timeout, title, text )

Description:

Pauses the script execution until the specified window exists and is visible.

Parameters:

timeout (optional) - The maximum time to wait, in seconds. Default is 1000000.
title (optional) - The title, Class or Advanced mode of the window to wait for.
text (optional) - The text to search for (within the window).

Remarks:

Optional parameters do not need to be specified.
Use the Control info tool to easily get the title and text.
If title is not specified, the function will wait for a new window belonging to the last <Run> command.

Example:

;Open notepad and wait for its window to be visible
 <Run>
notepad.exe
->WaitWindow(20, [CLASS:Notepad])

Back to the list

 

->WaitControl()

Syntax:

->WaitControl( ClassNN/ID , timeout , winIndex )

Description:

Wait until a specific control is visible and enabled.

Parameters:

ClassNN/ID - The control's ClassNN, Advanced mode, ID or text.
timeout (optional) - The timeout, in seconds. Default is 1000000.
winIndex (optional) - The index of the window the control belongs to. Default is the last ->WaitWindow() window.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.

Example:

;Open notepad and wait until the text box ix visible and enabled
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)

Back to the list

 

->WaitControlState()

Syntax:

->WaitControlState( ClassNN/ID , state , timeout , winIndex )

Description:

Pause script execution until a specific control has the specified state.

Parameters:

ClassNN/ID - The control's ClassNN, Advanced mode, ID or text.
state (optional) - The required state. Valid values are: Enabled, Disabled, Visible, Hidden. Default is Visible.
timeout (optional) - The timeout, in seconds. Default is 1000000.
winIndex (optional) - The index of the window the control belongs to. Default is the last ->WaitWindow() window.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.

Example:

;Open notepad and wait until the text box is visible
 <Run>
notepad.exe
->WaitWindow()
->WaitControlState(Edit1,Visible,20,1)

Back to the list

 

->ClickControl()

Syntax:

->ClickControl( ClassNN/ID , winIndex , Button , Clicks )

Description:

Click a specific control in a window.

Parameters:

ClassNN/ID - The control's ClassNN, Advanced mode, ID or text.
winIndex (optional) - The index of the window the control belongs to. Default is the last ->WaitWindow() index.
Button (optional) - The mouse button to click: left, right, middle, main, primary, menu, secondary. Default is main.
Clicks (optional) - The number of times to click the mouse. Default is 1. Use 2 to perform a double click.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.
main and primary are always the main button, even if the mouse buttons have been swapped in the control panel.
menu or secondary are always the secondary mouse button, even if the mouse buttons have been swapped in the control panel.
left and right are those buttons by default. However, if the mouse buttons have been swapped in the control panel left will be the righ button, and right will be the left button.

Example:

;Open notepad and right-click the text box
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ClickControl(Edit1,-1,menu,1)

Back to the list

 

->ClickWindowPos()

Syntax:

->ClickWindowPos( xPos , yPos , winIndex , Button , Clicks )

Description:

Simmulate a mouse click at the specified position within a window.

Parameters:

xPos - The horizontal position to click, in client area coordinates.
yPos - The vertical position to click, in client area coordinates.
winIndex (optional) - The index of the window the control belongs to. Default is the last ->WaitWindow() window.
Button (optional) - The mouse button to click: left, right, middle, main, primary, menu, secondary. Default is main.
Clicks (optional) - The number of times to click the mouse. Default is 1. Use 2 to perform a double click.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.
main and primary are always the main button, even if the mouse buttons have been swapped in the control panel.

Example:

;Open notepad, wait half a second and right-click at 100x100
 <Run>
notepad.exe
->WaitWindow()
->Sleep(500)
->ClickWindowPos(100, 100, 1, menu)

Back to the list

 

->ControlSend()

Syntax:

->ControlSend( ClassNN/ID , textToSend , winIndex )

Description:

Send keystrokes to a specific control in a window.

Parameters:

ClassNN/ID - The control's ClassNN, Advanced mode, ID or text.
textToSend - The keystrokes to send to the control. Can be either keyboard or mouse input.
winIndex (optional) - The index of the window the control belongs to. Default is the last ->WaitWindow() index.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.
The text to send does NOT need to be enclosed in quotes or double quotes.

Example:

;Open notepad and send "My text" to the text box
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ControlSend(Edit1,My text)

Back to the list

 

->ControlSend()

Syntax:

->WinSend( textToSend , winIndex )

Description:

Send keystrokes to a window.

Parameters:

textToSend - The keystrokes to send to the window. Can be either keyboard or mouse input.
winIndex (optional) - The index of the window. Default is the last ->WaitWindow() index.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.
The text to send does NOT need to be enclosed in quotes or double quotes.

This function is similar to ->ControlSend, except the keystrokes are sent to the application's main window instead of a child control.
Useful to send keystrokes to console applications that don't have any controls.

Example:

;Open the command prompt with the Pause command
 <Run>
cmd.exe /c Pause
->WaitWindow()
->Sleep(2000) ->WinSendSend({Enter})

Back to the list

 

->Sleep()

Syntax:

->Sleep( miliSeconds )

Description:

Pause the script execution for the specified time.

Parameters:

miliSeconds - The time to pause, in miliseconds.

Remarks:

Unlike the <Sleep> keyword, this function takes the time to pause in miliseconds, not seconds.

Example:

;This code block will open notepad, sleep one second, and then send "My text" to the text box
 <Run>
notepad.exe
->WaitWindow()
->Sleep(1000)
->ControlSend(Edit1,My text)

Back to the list

 

->CloseWindow()

Syntax:

->CloseWindow( winIndex )

Description:

Close a specific managed window.

Parameters:

winIndex (optional) - The index of the window to close. Default is the last ->WaitWindow() index.

Remarks:

Optional parameters do not need to be specified.
This function must be called after at least one call to ->WaitWindow(), otherwise it will fail.
This function performs the same result as if you click the x (close) button at the right of the title bar.

Example:

 ;This code block will open notepad, send "My text", and close the window
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ControlSend(Edit1,My text)
->CloseWindow()

Back to the list

 

->CloseProcess()

Syntax:

->CloseProcess( )

Description:

Terminate the process created by the last <Run> command.

Parameters:

None.

Remarks:

None.

Example:

;This code block will open notepad, send "My text", sleep one second, and then kill the process
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ControlSend(Edit1,My text)
->Sleep(1000)
->CloseProcess()

Back to the list

 

->WaitWindowClose()

Syntax:

->WaitWindowClose( winIndex )

Description:

Pause the script execution until the specified window(s) close.

Parameters:

winIndex (optional) - The index of the window, or -1 to wait for all managed windows to close.

Remarks:

Optional parameters do not need to be specified.
All automation functions must be called in the <Run> mode.

Example:

;This code block will open notepad, send "My text" and wait for the window to close
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ControlSend(Edit1,My text)
->WaitWindowClose()

Back to the list

 

->WaitProcessClose()

Syntax:

->WaitProcessClose( )

Description:

Pause the script execution until the process created by the last <Run> command ends.

Parameters:

None.

Remarks:

None.

Example:

;This code block will open notepad, send "My text" and wait for the process to end
 <Run>
notepad.exe
->WaitWindow()
->WaitControl(Edit1)
->ControlSend(Edit1,My text)
->WaitProcessClose()

Back to the listdiv

 

Special title definition

The special title definition is the text you use as the title parameter of the ->WaitWindow() function. You will rarely need to use this parameter, because it is much easier to leave it blank, and UVK will automatically manage the current topmost window belonging to the last <Run> command.

However, you may need to automate a window that does not belong to the process you created with the <Run> command. The Control info tool will help you to get the special title definition for the window, but if you need a more accurate definition, we will explain here.

You can specify the full title's text, or just a portion of it, as in the example below:

->WaitWindow(20, Untitled - Notepad)
->WaitWindow(20, Untitled)

But  sometimes there may be several windows matching the same title. In that case, a special description can be used as the window title parameter. This description can be used to identify a window by the following properties:

TITLE - Window title
CLASS - The internal window classname
LAST - Last window used in a previous Automation function.
ACTIVE - Currently active window
INSTANCE - The 1-based instance when all given properties match

One or more properties are used in the title parameter of a window command in the format:

[PROPERTY1:Value1; PROPERTY2:Value2]

Note : if a Value must contain a ";" (semi-colon) or a "," (coma), it must be doubled.

Examples:

;Wait a window of classname "Notepad"
->WaitWindow(20, [CLASS:Notepad])

;Close the currently active window
->WaitWindow(20, [ACTIVE])
->CloseWindow()

;Wait for the 2nd instance of a window with title "My Window" and classname "My Class"
->WaitWindow(20, [TITLE:My Window; CLASS:My Class; INSTANCE:2])

Back to the list

 

ClassNN control definition

Each time you call the ->WaitControl(), ->WaitControlState(), ->ClickControl() or ->ControlSend() functions, you need to identify the control you want to interact with. This is done through the ClassNN/ID parameter.

This parameter can simply be the text you see displayed in the control, such as OK or Cancel, it will work for most controls like buttons or checkboxes.

However, it may not be the best way to identify a control, because there may be more than one control with the same text, and some controls don't display any text at all (they may display an image, for instance).

In that case, a special description can be used as the ClassNN/ID parameter. This description can be used to identify a control by the following properties:

ID - The internal control ID. The Control ID is the internal numeric identifier that windows gives to each control.
TEXT - The text on a control, for example Next on a button
CLASS - The internal control classname such as Edit or Button
CLASSNN - The ClassnameNN value, such as Edit1
INSTANCE - The 1-based instance when all given properties match.

One or more properties are used in the ClassNN/ID parameter of a control function in the format:

[PROPERTY1:Value1; PROPERTY2:Value2]

Note: if a Value must contain a ";" (semi-colon) or a "," (coma), it must be doubled.

The example below shows several ways to click a control with the following properties:TEXT:OK, CLASS:Button, INSTANCE:1,  ID:123

->ClickControl([CLASS:Button;INSTANCE:1])
->ClickControl(Button1)
->ClickControl(OK)
->ClickControl(123)
->ClickControl([TEXT:OK; CLASSNN:Button1])

In order to easily get these values, please see the following Log analyzer articles: Automation and Control info tool.

The Control info tool not only gets these values for you, but it can automatically create and insert already formated functions.

Back to the list

 

Managed windows list

Each time you call ->WaitWindow(), the corresponding window is added to an internal managed windows list.

This list can hold up to 32 windows, and is reset everytime you insert the <Run> keyword, or a new run command under the <Run> keyword.

The managed windows list is accessed through an index, starting at 1. The index is based in the ->WaitWindow() calls, being the first call Window 1, the second call Window 2, and so on.

For instance, let's say you want to automate a program named VirusScanner.exe, which displays in its main window, a button with a ClassNN Button1. Clicking that button starts the scan. When the scan ends, the application opens the log with notepad, and shows a message box. You want to close the notepad window, and click the button with ClassNN Button1 (OK) in the message box. Then you want to click a button with ClassNN Button2 (Remove selected), in the main window, and wait for the process to end. Your automation code would look like this:

 <Run>
VirusScanner.exe
;Now we wait for a window belonging to the process we just created.
;This is the Window 1
->WaitWindow()
 
;Now we wait for the Button1 and click it
->WaitControl(Button1)
->ClickControl(Button1)
 
;Now we wait for the notepad window and close it.
;This is the Window 2
->WaitWindow(1000, [CLASS:Notepad])
->CloseWindow()
 
;Now we wait for the message box and click the OK button.
;This is the window 3
->WaitWindow()
->WaitControl(Button1)
->ClickControl(Button1)
 
;Now we click the Button2 in the Window 1 and wait for the process to close
->ClickControl(Button2,1)
->WaitProcessClose()

Now, if you wanted to automate a new application from the same script, you just enter the new command you want to run and automate, and the managed windows list is automatically reset, meaning, a new call to ->WaitWindow() would be Window 1 again.

You can reset the list by specifying the <Run> keyword again.

Back to the list

 

Automation examples

If you are interested in more complex examples please download the folloing scripts from the UVK script collection:

MBAM install and scan, SAS install and scan, Hitman Pro scan, TDSSKiller scan

Back to the list

Copyright Carifred © 2010 - 2014, all rights reserved.