Universal Virus Sniffer v5.0 Copyright (c)   2009-26

 : http://dsrt.dyndns.org:8888
        : http://dsrt.dyndns.org:8888/uvs_register.htm
  : http://www.anti-malware.ru/forum/index.php?showforum=63
e-mail          : demkd@mail.ru

F.A.Q.

Q:   uVS?
A: Win2k, WinXP x86/x64 - Win11 x64, WinPE x86/x64.
   Windows PE     HTA.
   512MB  .

Q:   uVS?
A:     ( ..    ), ,   
    ,     .

Q:   uVS    Windows    /     .
A:  uVS            .
   1.    Windows 8  ,   start.exe    "      ".
   2.    "   -> -> "
   3.         .
   4.  start.exe/start_x64.exe   uVS.
      (!)      D.
          : uVS    :\uvs (     D:\uvs)
            uVS    3 ,     Enter.
          1. d:
          2. cd d:\uvs
          3. start.exe
   5.   Windows ( D:\Windows    ).
      Windows 7  ,         F8   
   (!)  msconfig    ,       .
             , ..   .

Q:        WinPE?
A:       :
   (!)  x86 ISO     ADK+PE ADK  Windows 10 2004  ,     ADK+PE  x86 .
   (!)   ADK   : https://learn.microsoft.com/ru-ru/windows-hardware/get-started/adk-install#choose-the-right-adk-for-your-scenario 
   (!)     Windows ADK   "Could not acquire privileges; GLE=0x514"
   (!)    adksetup    ,      uVS,   LocalSystem.
   (!)   uVS  ADK  Windows 10 2004       ADK  Windows 11 v10.1.26100.2454 ( 2024 .)
           /ISO     .
        :
     o Windows ADK [adksetup.exe]
       o  
       o     (USMT)
       o      Windows
     o  Windows PE  ADK [adkwinpesetup.exe]
   (!)         FAT32,      ,    MBR.

Q:    uVS    ?
A:      1 :
   1. " DLL      uVS"
   2. ""
   3. "  HKCR"
       3 ,      ,   
          ( )    
      (demkd@mail.ru)   .

Q:   uVS  ?
A: . uVS     ,         
       .

Q:        -> ?
A: C:\Windows\System32\config\uVS_RegBack

Q:    uVS   ,       ?
A: uVS         ,        .

Q:  uVS    ?
A: http://dsrt.dyndns.org:8888/uvs.htm

Q:      uVS,     ?
A:  :
     uVS    .
          
       .
   .  uVS   CD/DVD-ROM      .

Q:    uVS  LocalSystem   ?
A: LocalSystem         ,
        .
      uVS  ,    .
        .

Q:      
       ,  uVS   ?
A: uVS      .     .
    settings.ini    bFixedName,  uVS     uvsstd.

Q:  uVS     svchost.exe,   ?
A: uVS   ,   -  .    
       .  .

Q:  uVS   LNK-  ?
A: uVS   LNK          .
   LNK         ,     LNK,  
   uVS     LNK.
   LNK-       . .
   LNK      .

Q: uVS      Windows 7+,  ?
A:           ADMIN$
         :
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   "LocalAccountTokenFilterPolicy"=dword:00000001
      .

Q: uVS             .
         .
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters
     o FileNotFoundCacheLifetime : DWORD 0
     o DirectoryCacheLifetime    : DWORD 0
       Lanmanworkstation.
                -    SMB.

Q:   "    "?
A:   , lnk/pif   ..     .

Q:   "     "?
A:           ,
      .
   
Q:    " "?
A:   .

Q:      " "?
A:      ,       .

Q:          ?
A: LNK         , . uVS
          LNK .

Q:  uVS     ?
A: uVS  ,      ,  
          .

Q:    ?
A:        " "
      ().

Q:     ?
A:        .
   8     .
           5,
     
       32 .
    DLL   64 .
   (!)      uVS  ,
   (!)         ( )   .

Q:       ?
A: .

Q:          ?
A:         ,  Bloody 5    4-Wheel.

Q:    ?
A:  2    .
    :
         ,  
     . , ,      
     " ".      
    100%,           ,  
       .

Q:   Zoo?
A:       .

Q:   BOX?
A:    .

Q:   " "?
A:          .
                  
    .

Q:  ""    ?
A: ,      .
   \Program files  \Windows     ,  
      .

Q:     ?
A:       . 
   (      bFastBackup).

Q:    ?
A:  uVS      .
      2 :     ,    
     ,          .
           uVS       
       .

Q:      uVS  Windows  ?
A:   /,  uVS      .
             .

Q:         ?
A:          .

Q:       ?
A: ,    .        
       WinPE   2.0. ( Win8   WinPE 4.0)

Q:   uVS  CD/DVD   ..    .
A: _autorun.zip

Q:        .
A: 
    
     /    (  ).
       (DLL)        (  uVS).

    
        ,       .
 
   _(__)+VT
         (     ).
     "+VT"       VirusTotal.com.     
   
   ??
         VirusTotal.com 
     (       )

   
      DLL     uVS      
      .

   
                  .
     (   ,    !)

   
             ( SHA1)   ""
          (    ).

   
          ,     
         .

    
       autorun.inf,       .
   
   / ( .. )
       .
     .    ""   "".

   DLL 
     /.
   
   _DLL
     DLL   ServiceDLL / Library / ProviderPath   .

    Zoo
        Zoo.

    
           . 
     ( - ,        )
      ,            
      ,     ..         
          ( NTDLL.DLL).

   Firefox_, Opera_
       

   [system.ini]
        system.ini

   [_]
            , ..    
           ..   localhost.
     (  TCP/TCP6, UDP/UDP6)

   [SAFE_MODE]
             .
            .

   [SVCHOST]
        ServiceDLL / Library / ProviderPath    __ svchost.exe

   [ ]
       

   
      ntldr, bootmgr  ..     (..    . )

   [   ]
     __ ,     ,  ..   ,
     .  ,  ,  - ,    ,
      uVS     .

    
     ,         .    ,
      -  ,      .
         
Q:       ?
A: bait          ()

   bl.log -      (MD5)      uVS.
                 Settings.ini    [Settings]  bLogBL=1

   km*    -     . OS
            (   UTF8, km*.x64  x64 )

   cdlz   -  .

   mbrc   -   MBR.

   sgnz   -   ()    
               uVS.

   sha1   -   .

   snms   -   . ( )

   strt   -  start.exe  ()

   strf   -  startf.exe ()

   lclz   -  uVS ()

   uvsz   -  uVS ()

   uvsv   -  uVS ()
   
   uvsz.x64 - 64-   ()

   uvsv.x64 - 64-   ()

   usvc   -       ()
  
Q:    xMD5?
A: xMD5.exe      bl.log  .
   xMD5     (ip    )    
         .
   (     gpupdate /force /   )

Q:       "     "
A:      :
   
   
    
   _DLL      

Q:          userinit.exe?
A:   __  ,      
               
   .

Q:       settings.ini?
A:
   [Settings]
   ;         
   ;          
   bAddComment  = 1 (1  )

   ;    zoo ,     delall (  )
   bAutoZooOnDelAll = 1 (0  )

   ;      MD5,     delall 
   ;      __ 
   ; (!)     
   bAutoBL = 1 (0  )

   ;    "ZOO"      .
   ;             (    ).
   bAutoZooOnF7 = 1 (0  )

   ;    "BL"       (    ).
   bAutoBLOnF7 = 1 (0  )

   ; 0 =     .
   ; 1 =     Zoo _   CZOO.
   ; 2 =   _      uVS.
   ; 3 =   .
   bSaveScrLog = 2 (2  )

   ;     Zoo (   )   Zoo   .
   bSaveZooFileInfo  = 1 (1  )

   ;   D&S/Users     , 
   ;       ,  .
   bAllProfiles  = 1 (0  )
   
   ;        MD5 
   bLogBL=1

   ;     .
   bNetFastLoad  = 0 (0 -   ) 
                   1 ( ,    )
                   2 (        )

   ;       .
   bFastLoad  = 0 (0  ,   ) 
                1 (   )

   ;       
   bSaveWndPos = 1 (0  )

   ;     1:1 (  )
   ;          / .
   ;    uVS   Windows 2000.
   ;    1   .
   bFastBackup = 1 (1  )

   ;        .
   ;    1  32
   MaxInetThreads = 4 (4  )

   ;     .
   ;     7-Zip/WinRAR.
   bZipImage = 1 (1  )
    
   ;      
   ImgAutoF7 = 1 (1  )

   ;       
   ImgAutoAltF7 = 1 (1  ,   ImgAutoF4)
                  2 (  ImgAutoF4)
                  0 ( )

   ;      ""    .
   ; (     )
   ImgAutoHideVerified (  0)

   ;          
   ImgAutoF4 = 1 (1  )

   ;      
   Sha1Name (  SHA1)

   ;         .
   bCreateImage  = 0 (0  ,   ) 
                   1 (    )
                   2 (       ,   uVS)
                   3 (       ,   ,
                        uVS)

   ;      .
     vFilter (   )
           .
              .
     : Kaspersky, DrWeb, AntiVir, Comodo
   (!)  Jotti  VT     , . 
   (!)   .

   ;              VT  JT.
     vGetName ()
              . ( vFilter)

   ;         
     AddDirs
     : |
       : >
         .
     : %sys32% | d:\tools | >%SystemDrive%

   ;   .
     bMute (0  )

   ;  
     DecompressImage = 7zip\7za.exe x -y "%s" -o"%s" *.txt
     (  7za.exe   7zip)

   ;  Zoo
     ArchiveZoo = 7zip\7za.exe a -t7z "%s.7z" -pvirus "%s\*.*"
     (  7za.exe   7zip,    virus)

   ;   ()
     ArchiveFile = 7zip\7za.exe a -t7z -mx9 -m0=ppmd:o=32:mem=64m "%s.7z" "%s"
     (  7za.exe   7zip, %s -   uVS)

   (!)         
   (!)      .
   (!)     : ArchivateZoo = 7zip\7za a -t7z "%s.7z" -pvirus "%s\*.*"

   ;   /       
   ;      .
     ImgDisableAV (0  )

   ;      
   ; czoo      zoo
     bHlpCZoo (0  )

   ;      
   ; restart
     bHlpRestart (0  )

   ;      /quiet  
   ;       MSIEXEC (    )
     ImgUninstQuiet (0  )

   ;         
   ;     . (    )
     ImgAutoUninstall (0  )

   ;         
   ;   HOSTS    . (    )
     ImgAutoDelHost (0  )
      1 -   HOSTS     
      2 -   14- .

   ;     delnfr    delref
   ;    .
     ImgDelnfrUnwind (1  )

   ;      #1,2,3,9,28,29
   ;    .
     ImgAutoTweak (0  )

   ;       
   ;        .
     PrefetchExt (  .EXE.SCR.DLL.SYS.BAT.CMD.VBS)

   ;   ( )     .
   ;         UNICODE .
   ; :   "script".
     ImgAutoScriptAdd (   )

   ;        "??"  
   ; .
     ImgAutoDelMethod1 (  1)
     0 -  (    )
     1 -  delall
     2 -  delref
     3 -  delref+del

   ;        "??"  
   ;    .
     ImgAutoDelMethod2 (  3)
     0 -  (    )
     1 -  delall
     2 -  delref
     3 -  delref+del

   ;    breg   
   ; (    ).
     bHlpAddBackup (0  )

   ;   VT      /.
     vtCacheDays (15  )
      0 -   
     -1 -    .

   ;        
   ;      ->  ->...
   ;  : .BAT.CMD.LNK.VBS
     Add2ListExt (   )

   ;     .
     bUseWDSList (  0)

   ;       delall  delref.
     bProtectKnown (  1)

   ;      
     ProxyUser

   ;      
     ProxyPassword

   ;    public API VirusTotal
     VTAPIKey

   ;      
     VTAPIKey2
     VTAPIKey3
     VTAPIKey4

   ;  VT API   . ( )
     bWebVT (  0)
     (!)      4.0

   ;  uVS   ,      .
     bFixedName (  0)

   ;   uVS        .
   ; (!)     bFixedName    .
   ;           .
   ;      bNetFastLoad  
   ;     .
   ;     /c  start.exe     
   ;    .
   ;           .
     bReUseRemote (  0)

   ;    
     FontHeight (  10)

   ;    
     FontName (  Tahoma)

   ;     
     fHeight (  9)

   ;  () 
     fWeight (  300)

   ;  
     fFaceName (  Tahoma)

   ;     deltmp+delnfr (delnfr        ImgDelnfrUnwind=1)
     ImgAutoClean (  0)

   ;            .
     bFakeName (  0)
  
   ;         2
     bSaveScriptLog (  0)

   ;  IPv6      
     bIPv6 (  1)

   ;      ,        .
     TopCount (  0-20,   5, 0 - ).

   ; APP
   [APP]
   ;   
   ;   .
   FM

   ;   (   )
   ;      "".
   ;   .
   Browser (   )

   ;   
   ;      "".
   ;   .
   TextEditor (   notepad)

   ;     VT
   VTUploader (   )

Q:  uVS   ?
A:       -. Windows  
     ,      
     .

Q:      AHCI?
A:     . ,      
   Windows          AHCI
    BIOS-        .
     AHCI    .
       HDD  SSD    AHCI  
    .
   ( . AHCI.txt)

Q:      WinPE,   uVS ?
A:        HTA  WMI.
