A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #2950  by CloneRanger
 Wed Oct 06, 2010 10:27 pm
Not heard of this before, has anyone tried it ? If so what did you think of it ?

It has quite a large number of options in several tabs which look very useful :) I havn't tried it yet though, as i just found out about it and DL'd it.

I think the name should be changed to something like for eg, Universal VMalware Sniffer, as it supposedly does a Lot more then just sniff out Viruses.

Universal Virus Sniffer

Developer: Dmitriy Kuznetzoff
uvs.gif (42.66 KiB) Viewed 1200 times
Small selection of info from various files it comes with.



Q: uVS? What is it?

A: uVS is a powerful antivirus removal tool designed to ease the process of detecting and
eliminating unknown 0-day viruses, rootkits, and bootkits.
It's NOT designed to replace your antivirus!.


You can easily detect ANY type of rootkits/bootkits.


You can virtualize your registry to kill ANYTHING you want.



7 MB / Windows 2K / XP / 2003 / Vista / 2008 / Vista64 / 7 / 7 x64

Full English version (SHA1 & english lclz included)

http://www.softpedia.com/get/Antivirus/ ... ffer.shtml

Russian - http://dsrt.jino-net.ru


Other stuff on there too, but as it's in Russian i'm not sure what they all do, and didn't have to translate etc. Maybe someone can enlighten us ;)
 #2955  by gjf
 Thu Oct 07, 2010 11:51 am
I have tried. Nothing special but quite interesting positioning as an "universal tool". In fact you can easily destroy the system not only cure it :) And in fact - you can do almost the same with ERD Commander or some another LiveCD.
 #25893  by g0dl1ke
 Sun May 17, 2015 6:58 pm
Hi all, i'm from russia and i use uvs, uvs constantly updated and actual stable version ~ 3.85

This is full changelog from this (from topic) to actual: http://pastebin.com/QQJ5SapS

The current version includes many changes and features that can be useful in the fight against know and unknow malware

Best regards
 #25911  by onthar
 Wed May 20, 2015 9:54 pm
3.85 is the last free minor update. All updates are paid. Current version is 3.85.21.
Safe files hash database is paid too.
Cost per one update is 0.0002 BTC.

I think UVS is the most useful antimalware tool to use with WinPE
 #27683  by g0dl1ke
 Mon Jan 18, 2016 5:58 pm
o Criterions now have priority field.

o Support bootable flash/dvd based on win10 kernel.

o New advanced functions for removing protected registry keys.

o New hotkey in remote desktop window:
o RWin - Emulate Alt+Tab

o Added support for preinstalled Google Chrome extensions.

o New parameter in settings.ini
; Don't use VT API. (except rescan feature).
bWebVT (by default 1)

o New parameter in settings.ini
; Run uVS with fixed name.
bFixedName (by default 0)

o New parameter in settings.ini
; Don't close uVS on remote system and reuse server part on reconnect.
; Now you can use uVS as conventional remote administration tool.
; Use with bFixedName=1.
bReUseRemote (by default 0)

o Minor bug fix.

o New start mode.
Restart OS and Start uVS before Windows Explorer
Loading windows delayed.
(Normal mode & Safe Mode supported)
(!) Windows 10 bug - uVS started after Windows Explorer.

o Windows 10 supported.

o New criterion's type supported.
(Text files with values, one value per line)

o New criterion's actions supported.

o Opera extensions supported.

o Google Chrome extensions supported.

o Mozilla FireFox extensions & search engines supported.

o New tweak #35 Clean Image File Execution Options

o New parameter in settings.ini
; VirusTotal API Key

o New parameter in settings.ini
; Additional keys for speedup processing hashes

o Minor bug fix.

 #33139  by g0dl1ke
 Sun Aug 11, 2019 11:04 am

Big update and change website address: http://dsrt.dyndns.org:8888/

o Added process activity monitor.
CPU / GPU activity is calculated in the last 10 seconds.
Hot Key: Alt + D
You can view information about the process and can terminate the process immediately. (except for processes with pid = 4 and uVS processes)
(only one process is terminating with the corresponding pid, the command queue is not used, the command has an instant action - requests / warnings are not issued, the ASA is used if necessary)
Function available for active and remote systems.

o In info of process added new fields: СPU, CPU 1 core, GPU 1, GPU 2...
CPU usage, GPU usage(Vista+)
"CPU" * number of all logical cores = "CPU 1 core".
Processes with high CPU/GPU usage get "suspicious" status.
(!) CPU/GPU load counts from the time the process starts to the current time.

o New category "WMI: Events handlers".

o Added the ability to delete WMI events and tasks without removing all references to the file / object.
Script commands: delwmi and deltsk

o Added experimental function of detecting embedded streams in known system processes (currently only for 32-bit processes).
In the case of detection in the log line is displayed: Injected thread detected in process full name [PID], tid = TID
The function complements the old functionality for detecting threads based on embedded DLLs.

o New menu item: Rootkits->Suspend all injected threads of all processes (excluding DLL based) (Vista+)
Script command: icsuspend

o Registry backup/restore functions now saving all user's hives and DRIVERS and COMPONENTS hives.
You can use my small utility "ABR", for backup and restore saved registry.

o Added function to automatically load user registries.
This eliminates problems with logging into the workstation and user switching on the remote computer.

o In the service/drivers info added a new fields: DisplayName, Description, Owners.

o The problem with reading the task cache has been fixed; in some cases the cache could not be checked.

o Optimized digital signature verification function.

o The "Download" button was restored in the file information window.

o Registry's keys deletion function fixed and updated.

o URLs in command lines now get "suspicious" status.

o New parameter in settings.ini - bFakeName
; Use random caption for uVS window.
bFakeName (by default 0)

o Added support for new Firefox (x86/x64) extensions.

o Added support for the protected processes (Vista+)

o Added new tweak #38 - Clear DisallowedCertificates list.

o Critical bug fixed in autorun image read function.
(an error could occur when reading large images in a system with a lack of free RAM)

o Current user's name for offline system added to the log.

o Fixed a bug in the window of installed programs: the Del key did not delete entries from the registry.

o WOW64 emulator function fixed.

o Improved parsing command-line options.

o Filename's parser fixed.

o Extension's parser updated.

o All executable files with non-standard extensions now get "suspicious" status after list scan (on F7/F3 hotkeys).

o Fixed error in FireFox extension's parser.

o VT support fixed.

o Interface bugs fixed.

o Added Command's queue support and commands emulation feature.
Now all simple commands is NOT executed immediately, but emulated and added in the command's queue.
You can delete some commands from queue. (see "Command's queue" partition)
And if you want to execute ALL commands in the queue you must press the "Apply" button.
(!) For all working modes.

o New script command "apply" executes all operations in the queue.

o Virus base format updated.
Now you can set specific flags for any signature in the base.

o Now you can use hotkey "RWin" for switching back to uVS.
And if you press RWin+Close button then server part of uVS will be unloaded (if bReUseRemote=1)
(this hotkey working in remote desktop window only)

o New switch hide "DLL w/o entry point".

o bWebVT flag obsolete.
You must set your personal VTAPIKey in settings.ini

o Added new registry keys support.

o System's image format changed, all old version supported.

o cmpimg updated to v1.02

o uvs_snd updated to v1.02

o Added support for *.hta files.

o New hotkey Del - Hide object from list.

o New menu item Registry->Create copy of RegBack folder and make it active
(!) Only for active systems.

o Added Yandex Browser support.

o Added Chrome\Yandex extensions support.

o Added Task scheduler cache support.

o Added BITS support.

o Added MSIE newest versions support.

o New advanced function for analyzing command lines.

o New script command "BP"
Block file execution by file path & mask.
BP %APPDATA%\*.exe
BP trojan*.*
BP c:\auto*.???

o New parameter in settings.ini "fHeight"
; Font size for script editor
fHeight (by default 9)

o New parameter in settings.ini "ImgAutoClean"
; On the end of autoscript functions add to the script deltmp & delnfr commands.
ImgAutoClean (by default 0)

o New parameter in settings.ini "fWeight"
; Font weight
fWeight (by default 300)

o New parameter in settings.ini "fFaceName"
; Font name
fFaceName (by default Tahoma)

o Added support for "SearchScope" MSIE.

o Added new tweak #36 Reset Microsoft Edge key (for Windows 10)

o Added new tweak #37 Fix \\ in file's path.
Only REG_SZ and REG_SZ_EXPAND values supported.

o Performance greatly increased.

o Major bug fix.