New UVK - Ultra Virus Killer build

[U.V.K]

I've spent all my free time the last two weeks on this new version. It's getting closer to what I want. As I said before, the goal is to create a tool that does al the hard work. I'm adding new features as I find them while working. So if you know of an important fix that UVK should have, please tell.

I've added lots of new features, but the most important are:

• When double-clicking a process, startup entry, service, driver, etc (or just pressing Enter) a window will popup showing important info like the command line used to run the file and the file description or digital signature +info 1 | +info 2 | +info 3

• Colored lines to faster distinguish the processes and startup entries.

• Now the startup items screen also shows the context menu buttons for all files and folders.

• Added three more fixes: Fix Windows sidebar, Reset IE and internet settings and Fix shortcuts, urls and protocols. +info

• Scan & create log was also updated with these features, and I made some improvements to make the log faster and easier to read and analyze. +info 1 | +info 2 | +info 3

• Improved stability, performance and application user control.

Please post if you find any bugs.

Click here to go to download page.

 

[grayfoxcomputing]

Looks very good!

I'll check it out this evening and give you some feedback.

Thanks for sharing.

 

[TimJacobs]

Can I use Command Line Switches??

 

[U.V.K]

Can I use Command Line Switches??

Well, UVKSetup has -silent and /silent command line switches.

This switch is used by the AutoUpdater to perform a silent update.

UVKPortable.exe doesn't have any command line switch.

UVK_en.exe (the main application) has -readfile "Path to UVK script to run"

This switch is used to run UVK scripts created with the log analyzer. Example:

"C:\Program Files\UVK\UVK_en.exe" -readfile "C:\MyRepairScript.uvk"

The scripts are plain text files, and can be created with any text editor. But if you create a script with a text editor other than Log analyzer, ensure that the first line only contains the string <UVKCommandsScript>, or UVK won't run it.

This is prevention measure in case someone creates another file type with .uvk extension and tries to open it with UVK.

Writing a path as a command line switch will open a message box asking if you want to delete the file or folder but the application gui won't be shown. Example:

"C:\Program Files\UVK\UVK_en.exe" "C:\FileOrFolderToDelete"

will prompt you if you want to delete the selected file. If you click Yes, the file or folder will be sent to recycle bin. For running executable files, corresponding processes will be killed before deleting. If th file or folder is locked, it will be deleted on reboot.

Witch switches would you like it to have? Maybe I can add them.

 

[U.V.K]

I've fixed a few small bugs and uploaded a new build.
If you were having problems with the auto update or fixing windows sidebar you can now try again.

 

[Midnite]

Love the Program ...

Great work I can see where this would really come in handy and I thank you for your hard work and look forward to future updates and versions ... Very nice ... maybe add a section that will download malware removers ETC also one that will incorperate like rkill so you can run the malware program ... etc etc just thinking out loud LOL

GREAT WORK tho ... I really am liking your program

Midnite
Chad

 

[U.V.K]

Hi Midnite,

GREAT WORK tho ... I really am liking your program

Thanks, it's really nice to know that people like the program. Feel free to use it as you will.

maybe add a section that will download malware removers ETC also one that will incorperate like rkill so you can run the malware

This feature has already been integrated. I wrote a good example to download and run MBAM HERE.
UVK has a smart script parser that allows to do most of the necessary actions to cleanup the trash. Just read all the page to know how it works.

To download and run Rkill just create an UVK script with the code below:

<UVKCommandsScript>

 <Comment>

  This script will download and run Rkill.

 <Download>

http://download.bleepingcomputer.com/grinler/rkill.exe | %Desktop%\rkill.exe

 <Sleep>2

 <Run>
%Desktop%\rkill.exe

I'm currently adding new modes to the custom commands, and took PC medics idea to introduce more command line switches. But it will take some time cause this is only a hobby and I'm a little busy right now.

 

[Midnite]

Great work

Thank you for the explanation and great feature use with your program ... its a real time saver and works well if I spot any bugs I will be sure to message and let you know


May I ask what program you are using to make the program ? as I am interested in getting into program design and would really like to start working on a project of my own ... thank you so much for your great work and time with your project

Midnite

 

[U.V.K]

May I ask what program you are using to make the program ?

It was written in AutoIt. I used to program in C++ but for windows applications, it's mutch faster and easy With AutoIt.

http://www.autoitscript.com/site/autoit/

 

[U.V.K]

May I know what you're planning to create?

 

[Jory]

I was going to suggest you ask a mod to move this to the Automation and Scripting forum, but I don't think you have enough posts to view it yet.

If you don't mind me asking how do you get the contents of Process Explorer and the like to show in your GUI?

 

[U.V.K]

I was going to suggest you ask a mod to move this to the Automation and Scripting forum, but I don't think you have enough posts to view it yet.

I can post in Automation and Scripting forum, but since this tool is intended for virus removal, I decided to post here.

If you don't mind me asking how do you get the contents of Process Explorer and the like to show in your GUI?

Sure! To get the processes paths I use a function I created: ProcessPathList()

Here it is:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;				Func ProcessPathList()																				;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;			Creates an array containing all running processes executable paths and pids.							;
;			$aRet[0][0]	==>Number of processes.																		;
;			$aRet[n][0]	==>Process executable path.																;
;			$aRet[n][1]	==>PID of the process.																		;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Func ProcessPathList()
	Local $Process = ProcessList(), $DosDriveLetter, $handle = '0x0000000000000000'
	Local $aRet[$Process[0][0]+1][2]
	Local $aDriveArray = DriveGetDrive("ALL")
For $i = 1 To $Process[0][0]
	Local $han = DllCall( @SystemDir & _
	'\kernel32.dll',"handle","OpenProcess","dword",0x1000,"bool",False,"dword",$Process[$i][1])
	If IsArray($han) Then Local $handle = $han[0]
	If $handle = '0x0000000000000000' Then
		Local $han = DllCall( @SystemDir & _
		'\kernel32.dll',"handle","OpenProcess","dword",0x0400,"bool",False,"dword",$Process[$i][1])
		If IsArray($han) Then Local $handle = $han[0]
	EndIf
	Local $iProcess=DllCall( @SystemDir & _
	'\psapi.dll',"dword","GetProcessImageFileNameW","handle",$handle,"wstr","","dword",65536)
	If IsArray($iProcess) And  $iProcess[2] <> '' Then $aRet[$i][0] = $iProcess[2]
	For $b = 1 To $aDriveArray[0]
		$DosDriveLetter = DllCall( @SystemDir & _
		'\kernel32.dll',"dword","QueryDosDeviceW","wstr",StringUpper($aDriveArray[$b]),"wstr",0,"dword",65536)
		If StringInStr($aRet[$i][0], $DosDriveLetter[2]) > 0 Then _
		$aRet[$i][0] = StringReplace($aRet[$i][0], $DosDriveLetter[2], StringUpper($aDriveArray[$b]))
	Next
	If Not FileExists($aRet[$i][0]) Then $aRet[$i][0] = $Process[$i][0]
	If StringInStr($aRet[$i][0],':\') = 0 And StringInStr($aRet[$i][0],'.exe') > 0 Then _
	$aRet[$i][0] = _WinAPI_PathFindOnPath($aRet[$i][0])
	$aRet[$i][1] = $Process[$i][1]
Next
	$aRet[0][0] = $Process[0][0]
	ReDim $Process[1]
	ReDim $aDriveArray[1]
	Return $aRet
EndFunc;==>ProcessPathList()

Then I add them to a ListView control.

 

[Jory]

Cool, I assumed you were using the SysInterals Process Explorer with FileInstall() from the screenshot, but I guess not. I'm guessing that piece of software took you quite a bit of time.

 

[U.V.K]

I like manual virus removal. Tools with automatic scan & delete often leave lots of stuff behind and then it's more difficult to find them.

Before creating UVK, the tools I most used to detect and delete virus were Process Explorer and Autoruns, from SysInternals, and OTL from Old Timer, but I always thought that they all had something missing.

To get the image path of the processes with Process explorer I had to double-click the process. I always thought it would more useful if it showed the image path instead of the process's name. Also it didn't have the option to kill the process and delete the parent file, witch is very important, of course.

Autoruns is excellent, but, like PE, doesn't have the option to delete the registry entry and also the file.

OTL is very good too, but it doesn't verify the digital signatures of the scanned files, when it says (Microsoft corporation) it's what it reads from the CompanyName field of the version resource. Well, anyone can put whatever he wants on this field. I even create a program that does it. You can find it here.

So I decided to create a tool that joins the three together, and having the functions I think they miss. I started to write it about 8 months ago, and been updating it ever since. When I make a disinfection, and find a new important fix or area to scan, I add it to UVK so the next time I only have to click a button to fix it.

 

[gazza]

Thank you for creating such a fantastic time saving tool.

 

[U.V.K]

Thank you for creating such a fantastic time saving tool.

You're welcome, I'm glad you like it.

Keep auto-update on, new build will be ready in a few days with new features!

 

[Kitten Kong]

I have to say I LOVE THIS PROGRAM!. I have just used it on a system which has been a major major cause of rectal discomfort.. read pain in the a$$.

It has saved me lots of time from swapping between this program, that program, checking this that and the other..

Only thing I have found wrong so far, is on this particular system there are 2 folders (which did have spyware in them). With no tool (so far yet anyhow), have I been able to delete them.

When ever I attempt to delete the folder, it comes up wth the directory is not empty. Even though it is (show hidden files is checked).

But a very well deserved WELL DONE for writing such a informative program!. Will definately add to your rep on this one my friend.

 

[U.V.K]

I have to say I LOVE THIS PROGRAM!

Thanks Nige,I'm glad you like it.

Only thing I have found wrong so far, is on this particular system there are 2 folders (which did have spyware in them). With no tool (so far yet anyhow), have I been able to delete them.

When ever I attempt to delete the folder, it comes up wth the directory is not empty. Even though it is (show hidden files is checked).

Forgive my missunderstanding, but did you manage to delete the folders or not?

Regards. Fred.

 

[Kitten Kong]

Hi Fred, no mate, the files simply would not go. The folders are empty, yet the pc claims there is something in them. Showing hidden files and folders reveals nothing either.

I tried all the usual tricks to remove the folders but nada. . Not saying its anything to do with your program mate, but nothing is/was able to delete them.

 

[U.V.K]

Ok, try this:

On UVK process explorer, ensure that no process is using the folders.

On UVK System repair screen, click Check system drive on next reboot button.

If the folders are in a drive other than the system drive, click More fixes button and type Chkdsk [the letter of the drive where the folders are] /f /r on the run field and hit Enter.

Then go back to previous screen and click Reboot system button, and let it check the drive on boot.

After reboot, reopen UVK on More fixes screen and type:

cmd /c rd /s /q "[the full path of the PainInTheA** folder 1]"

Hit Enter and do the same for the other folder.

Hope it helps.