UVK forums

can UVK be used to remove root kits and repair the PC? I can also be reached at joshcane@yahoo.com I will be checking this forum and my email FREQUENTLY for this one!! thanks

Hi Josh.

Of course UVK can be used to detect and delete rootkits.

The most effective way to detect rootkits is creating a UVK log on the section Scan and create log.

e.g Imagine that malware has infected the system file volsnap.sys. You'll easily notice the line:
A genuine driver file is always digitally signed, either by its manufacturer or Microsoft. In this case it should be:
Pasting the first line above in the Run UVK scripts section and execute it should take care of the rootkit, but the Volume shadow copy service would still be damaged, as the genuine volsnap.sys would still be missing in the drivers folder.

You should then use the System protected resources scan, in the UVK system repair section to fix the issue, or use the command <SReplaceFile> to replace the infected file with a genuine one. In a Windows 7 64 bit system it could be done by executing the folowing code:
And if the service has also been damaged add this one:
UVK's ability to block ntfs permissions on the files marked to delete on reboot helps on these cases. The blocked files cannot be loaded until rebootexec is launched, and deletes them.

For executable files it should be much easier, as you just have to detect them, and then delete them.

thank you so much for this !!

You're welcome.

Whenever you need help, just post.

Hi Dear Can you post step by step Guidance on how to remove rootkit virus using UVK it will be very helpful for beginners

OK User24 I started making the tutorial.

viewtopic.php?f=6&t=56

If you have a rootkit to remove, would you mind trying the step one I posted and say if it worked?

Cheers.