What's new in Universal Virus Sniffer 4.14

May 23, 2023
  • Fixed a critical error when parsing parameters in task files.
  • Due to a bug, uVS may crash without creating a dump.
  • The default directory is now the Windows directory.
  • (For directory selection windows).

New in Universal Virus Sniffer 4.12 (Dec 27, 2021)

  • DNS logging:
  • A section "DNS log" has been added to uVS, it contains the addresses that have been requested by processes since the system was booted,
  • in the information window for each address, the process, its pid, the date of access to the DNS and the result, if any, intermediate addresses are indicated
  • not included in the list. For example, when requesting the IP address of CXCS.MICROSOFT.NET, the address CXCS.MICROSOFT.NET.EDGEKEY.NET will be received,
  • which in turn will refer, for example, to E3230.B.AKAMAIEDGE.NET, as a result, only the source address CXCS.MICROSOFT.NET will be included in the list,
  • intermediate addresses will be filtered out.
  • This section will help in identifying malware / miners and rootkits connecting to specific addresses.
  • (!) After enabling the function, you need to reboot the system,
  • (!) only in this case you will receive complete information from the moment the system boots.
  • (!) Only for active and remote systems starting from Windows 7.
  • (!) Enabling DNS logging requires an additional 512mb on the system disk, this amount is enough for 30-50 minutes,
  • (!) therefore, it is recommended to analyze or create an image immediately after a reboot.
  • Added support for process tracking:
  • Process tracking allows you to identify the parent of any process, even if the parent process has already terminated, and
  • reliably identify all files that have been launched since the start of the system.
  • If tracking is enabled, then only those files that were launched with
  • the moment the system starts.
  • Tweak # 39 turns on tracking, tweak # 40 turns it off.
  • Tweak # 39 includes tracking of command lines of completed processes, command lines are displayed in the information window.
  • For Windows 8.1 / Windows Server 2012 R2 and older only.
  • (!) After enabling process tracking, you need to reboot the system,
  • (!) only in this case you will receive complete information about the processes from the moment the system is rebooted.
  • (!) Only for active and remote systems starting from Vista (NT6.0) / Windows Server 2008.
  • Added support for tracking tasks:
  • The following sections have been added to the information window of the executable file that created, modified or modified tasks:
  • "Creating a task", "Deleting a task", "Updating a task" in which the time of the operation, the pid of the process,
  • pid and the name of the process that started the process, as well as the XML description of the task, if any.
  • Tweaks # 39 / # 40 now enable / disable process and task tracking.
  • (!) Only for Windows 10 build 1903 + / Windows Server 2016.
  • DNS log management moved to separate tweaks, # 41 and # 42:
  • DNS log works starting from Win8 (in limited form) and from Win8.1 in full.
  • Disabling logging occurs instantly on all systems except Windows 10,
  • in the latter case, you need to reboot the system after 42 tweaks.
  • (Win7 and below are not supported).
  • The history of launches of this file has been added to the information about the executable file, indicating the start and end times of the process,
  • pid, user, parent process. By double-clicking the left mouse button on the file name of the parent process
  • you can open its information window.
  • The data is available from the moment the system was started, with process tracking enabled.
  • In the context menu of a criterion, a command is available to check the entire list for a given criterion.
  • New hotkey:
  • Ctrl + F7 - Filter the list by user base of criteria.
  • Added information about Windows start time to the log.
  • lnk files are no longer deleted by the function of removing links to missing objects.
  • Added new types of search criteria:
  • delwmi - autoscript adds the delwmi command to the script
  • deltsk - autoscript adds the deltsk command to the script
  • filter - the list object receives the "Filter" status and falls into the "filtered by criteria" category.
  • Removal from this category is possible when the list is updated or the status is changed to verified or suspicious.
  • (!) Applicable only for objects from the main list.
  • Added parsing of the notification command line to the BITS handler. (BITS v1.5 +)
  • Added automatic detection of NTFS links.
  • Added support for Windows 11.
  • Improved the function of detecting embedded code.
  • Now, when a modified code is found in the process (hollowing / dopelganging, etc.), a warning is displayed in the log.
  • WLBSCTRL.DLL now automatically gets the status of a suspicious file.
  • The DHCP Domain field, if available, is now displayed in the network adapter information window (under DNS).
  • Added support for VT API v3.
  • The log now displays information about existing window stations and a list of desktops for the default window station.
  • Added hotkeys when working with the active system:
  • Alt-> left and Alt-> right keys toggle the available desktops.
  • Fixed bugs.

New in Universal Virus Sniffer 4.11 (Sep 15, 2020)

  • Added new menu items in the "Run" menu.
  • Improved command line's parse function.
  • Added DnsPolicy policy detection.
  • Added support for WMI Class __TimerInstruction.
  • Performance optimizations.
  • Fixed startf module.
  • Fixed some critical and interface errors.

New in Universal Virus Sniffer 4.1 (Oct 11, 2018)

  • Added process activity monitor.
  • CPU / GPU activity is calculated in the last 10 seconds.
  • Hot Key: Alt + D
  • You can view information about the process and can terminate the process immediately. (except for processes with pid = 4 and uVS processes)
  • (only one process is terminating with the corresponding pid, the command queue is not used, the command has an instant action - requests / warnings are not issued, the ASA is used if necessary)
  • Function available for active and remote systems.
  • In info of process added new fields: ÑPU, CPU 1 core, GPU 1, GPU 2...
  • CPU usage, GPU usage(Vista+)
  • "CPU" * number of all logical cores = "CPU 1 core".
  • Processes with high CPU/GPU usage get "suspicious" status.
  • (!) CPU/GPU load counts from the time the process starts to the current time.
  • New category "WMI: Events handlers".
  • Added the ability to delete WMI events and tasks without removing all references to the file / object.
  • Script commands: delwmi and deltsk
  • Added experimental function of detecting embedded streams in known system processes (currently only for 32-bit processes).
  • In the case of detection in the log line is displayed: Injected thread detected in process full name [PID], tid = TID
  • The function complements the old functionality for detecting threads based on embedded DLLs.
  • New menu item: Rootkits->Suspend all injected threads of all processes (excluding DLL based) (Vista+)
  • Script command: icsuspend
  • Registry backup/restore functions now saving all user's hives and DRIVERS and COMPONENTS hives.
  • You can use my small utility "ABR", for backup and restore saved registry.
  • Added function to automatically load user registries.
  • This eliminates problems with logging into the workstation and user switching on the remote computer.
  • In the service/drivers info added a new fields: DisplayName, Description, Owners.
  • The problem with reading the task cache has been fixed; in some cases the cache could not be checked.
  • Optimized digital signature verification function.
  • The "Download" button was restored in the file information window.
  • Registry's keys deletion function fixed and updated.
  • URLs in command lines now get "suspicious" status.
  • New parameter in settings.ini - bFakeName
  • Added support for new Firefox (x86/x64) extensions.
  • Added support for the protected processes (Vista+)
  • Added new tweak #38 - Clear DisallowedCertificates list.
  • Critical bug fixed in autorun image read function. (an error could occur when reading large images in a system with a lack of free RAM)
  • Current user's name for offline system added to the log.
  • Fixed a bug in the window of installed programs: the Del key did not delete entries from the registry.
  • WOW64 emulator function fixed.
  • Improved parsing command-line options.
  • Filename's parser fixed.
  • Extension's parser updated.
  • All executable files with non-standard extensions now get "suspicious" status after list scan (on F7/F3 hotkeys).
  • Fixed error in FireFox extension's parser.
  • VT support fixed.
  • Interface bugs fixed.

New in Universal Virus Sniffer 4.0 (May 5, 2017)

  • Added Command's queue support and commands emulation feature. Now all simple commands is NOT executed immediately, but emulated and added in the command's queue. You can delete some commands from queue. (see "Command's queue" partition). And if you want texecute ALL commands in the queue you must press the "Apply" button.
  • For all working modes.
  • New script command "apply" executes all operations in the queue.
  • Virus base format updated. Now you can set specific flags for any signature in the base.
  • Now you can use hotkey "RWin" for switching back tuVS. And if you press RWin+Close button then server part of uVS will be unloaded (if bReUseRemote=1) (this hotkey working in remote desktop window only)
  • New switch hide "DLL w/entry point".
  • bWebVT flag obsolete. You must set your personal VTAPIKey in settings.ini
  • Added new registry keys support.
  • System's image format changed, all old version supported.
  • cmpimg updated tv1.02
  • uvs_snd updated tv1.02
  • Added support for *.hta files.
  • New hotkey Del - Hide object from list.
  • New menu item Registry->Create copy of RegBack folder and make it active (!) Only for active systems.
  • Added Yandex Browser support.
  • Added ChromeYandex extensions support.
  • Added Task scheduler cache support.
  • Added BITS support.
  • Added MSIE newest versions support.
  • New advanced function for analyzing command lines.
  • New script command "BP". Block file execution by file path & mask. Example: BP %APPDATA%*.exe BP trojan*.* BP c:auto*.???New parameter in settings.ini "fHeight" [Settings]; Font size for script editor fHeight (by default 9)
  • New parameter in settings.ini "ImgAutoClean" [Settings] ; On the end of autoscript functions add tthe script deltmp & delnfr commands. ImgAutoClean (by default 0)
  • New parameter in settings.ini "fWeight" [Settings] ; Font weight fWeight (by default 300)
  • New parameter in settings.ini "fFaceName" [Settings]; Font name FaceName (by default Tahoma)
  • Added support for "SearchScope" MSIE.
  • Added new tweak #36 Reset Microsoft Edge key (for Windows 10)
  • Added new tweak #37 Fix \ in file's path. Only REG_SZ and REG_SZ_EXPAND values supported.
  • Performance greatly increased.
  • Major bug fix.

New in Universal Virus Sniffer 3.87 (Jan 19, 2016)

  • Criterions now have priority field.
  • Support bootable flash/dvd based on win10 kernel.
  • New advanced functions for removing protected registry keys.
  • New hotkey in remote desktop window: RWin - Emulate Alt+Tab
  • Added support for preinstalled Google Chrome extensions.
  • New parameter in settings.ini
  • [Settings]
  • ; Don't use VT API. (except rescan feature).
  • bWebVT (by default 1)
  • New parameter in settings.ini
  • [Settings]
  • ; Run uVS with fixed name.
  • bFixedName (by default 0)
  • New parameter in settings.ini
  • [Settings]
  • ; Don't close uVS on remote system and reuse server part on reconnect.
  • ; Now you can use uVS as conventional remote administration tool.
  • ; Use with bFixedName=1.
  • bReUseRemote (by default 0)
  • Minor bug fix.

New in Universal Virus Sniffer 3.86 (Aug 3, 2015)

  • New start mode.
  • Restart OS and Start uVS before Windows Explorer
  • Loading windows delayed.
  • (Normal mode & Safe Mode supported)
  • Windows 10 bug - uVS started after Windows Explorer.
  • Windows 10 supported.
  • New criterion's type supported. (Text files with values, one value per line)
  • New criterion's actions supported.
  • Opera extensions supported.
  • Google Chrome extensions supported.
  • Mozilla FireFox extensions & search engines supported.
  • New tweak #35 Clean Image File Execution Options
  • New parameter in settings.ini
  • ; Additional keys for speedup processing hashes
  • VTAPIKey2
  • VTAPIKey3
  • VTAPIKey4
  • Minor bug fix.

New in Universal Virus Sniffer 3.85 (Nov 19, 2014)

  • New tweaks:
  • [Win8] Enable Microsoft accounts
  • [Win8] Disable Microsoft accounts
  • [Win8] Disable autologon and enable userswitch
  • [Win8] Enable autologon and disable userswitch
  • New hotkey Alt+Z:
  • Copy the file to Zoo.
  • Major bug fix, urgent update recommended.

New in Universal Virus Sniffer 3.84 (Oct 17, 2014)

  • New function "Apply reg-file to registry of inactive system...":
  • Paths to this keys will be modified:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
  • HKEY_LOCAL_MACHINE\SYSTEM
  • HKEY_LOCAL_MACHINE\SOFTWARE
  • HKEY_CLASSES_ROOT
  • (!) Paths to HKEY_CURRENT_USER & HKEY_USERS ignored.
  • (!) HKEY_CLASSES_ROOT replaced with corresponded HKLM\Software path. (for inactive systems only).
  • New flag parameter in settings.ini:
  • [Settings]
  • ; Username for proxy server
  • ProxyUser
  • New flag parameter in settings.ini:
  • [Settings]
  • ; Password for proxy server
  • ProxyPassword
  • New flag parameter in settings.ini:
  • [Settings]
  • ; Hide verified files with "VIRUS" state if WDS list is active.
  • ; (Works only with autoscript function)
  • ImgAutoHideVerified (0 by default)
  • New bug reporting module "report_crash.exe"
  • Some improvements.
  • Minor bug fix.

New in Universal Virus Sniffer 3.83 (Sep 15, 2014)

  • Added full registry virtualization.
  • Now added lnk/files in user's desktops and menus to the list.
  • Added search function in "Installed Application" window.
  • Improved FireFox's plugins detection.
  • CmpImg utility upgraded to v1.01
  • Added support of user's White Digital Signature list. (WDS) You can add signatures in information window of file.
  • New flag in settings.ini:
  • [Settings]
  • ; Turn ON WDS support.
  • bUseWDSList (by default 0)
  • New flag parameter in settings.ini:
  • [Settings]
  • ; Extra extensions of files added by function File->Add to list->...
  • ; Sample: .BAT.CMD.LNK.VBS
  • Add2ListExt (by default empty string)
  • Upgraded signature extraction function.
  • Added Windows ADK 8.1 support in creation boot disk function. (WinPE 5.x)
  • Script commands "deldir" & "deldirex" now remove any links deleted by these commands files.
  • Script command "czoo" now executed only in the end of the script.
  • New tweaks:
  • 28. Correct modified shortcuts. (replace .url/.bat with .exe and so on)
  • 29. Remove browser's parameters in shortcuts.
  • 30: Fix Game Explorer hang.
  • Use if you have CPU power consuming process: C:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll...
  • New hotkey Ctrl+*:
  • Invert filter
  • Press ESC for reset or change section.
  • Added hash functions for objects.
  • New hot key Ctrl+T. Apply tweaks #1,2,3,9,28,29 if needed. You can use ImgAutoTweak falsg in part "Settings" of settings.ini.
  • Added Win8.1 bases and clean file in STORE.
  • Added registry App Paths keys support.
  • Added sort indicator.
  • New script command "exec32" behaved as a "exec" but with system redirector turned on.
  • Hotkey Alt+M removed. Now search started in current sort column.
  • New functions in Signature/Hash menu:
  • Set verified status for all filtered objects with VTOK/JTOK
  • Set verified status for all filtered KNOWN objects with VTOK/JTOK
  • Upgraded VT functions. Digital Signature information in VT response now used and some other minor improvements.
  • Added VT local cache support. Cache stored in "vtcache" subfolder.
  • New parameter in settings.ini:
  • [Settings]
  • ; TTL VT cache in days.
  • vtCacheDays (by default 15)
  • 0 - disable cache
  • -1 - unlimited cache
  • New parameter in settings.ini:
  • [Settings]
  • ; Prevent removing links to known files by commands delall & delref.
  • bProtectKnown (by default 1)
  • Fixed and upgraded LNK parser.
  • Major bug fix.
  • Some improvements.

New in Universal Virus Sniffer 3.82 (Mar 26, 2014)

  • New script command "deldir" path:
  • Delete folder with content.
  • New script command "deldirex" path:
  • Delete all execs in folder and subfolders. (deldir and deldirex can be added by using context menu of file/object)
  • New script command "quit":
  • Close uVS window at end of the script.
  • New 27-th tweak - Delete all Google Chrome policies.
  • Now you can delete any file in Information window using context menu.
  • HOSTS.ICS support.
  • New parameter in settings.ini:
  • [Settings]
  • ; Check list by criterion base
  • ImgAutoAltF7 = 1 (1 by default, run check before ImgAutoF4)
  • 2 (after ImgAutoF4)
  • 0 (disable)
  • New parameter in settings.ini:
  • [Settings]
  • ; Add "breg" command to the script
  • bHlpAddBackup (0 by default)
  • runscanner.net support fixed.
  • "DNS" section renamed to "DNS & IP"
  • Fixed start under RDP session.
  • Minor bug fix.

New in Universal Virus Sniffer 3.81.1 (Aug 19, 2013)

  • New x64 module (uvsz.x64):
  • New menu item "File->Save OS Image and open it"
  • New menu item "File->Save OS Image without checking digital signatures and open it"
  • New menu item "File->Copy script to clipboard and return to active mode"
  • New hotkeys:
  • Shift+Space - mark object as verified.
  • Shift+Del - delete all refs
  • Ctrl+Del - delete file only
  • Ctrl+Shift+Del - delete file and all refs
  • Script->Autoscript (Alt+A)
  • For OS Image mode only. The script generates automatically.
  • Function can be used after F7, Alt+F7.
  • New parameter in settings.ini
  • [Settings]
  • This flag used in autoscript function (Alt+A).
  • ImgAutoDelMethod1 (1 by default)
  • 0 - ignore object with ?VIRUS? state.
  • 1 - use delall command on object with ?VIRUS? state.
  • 2 - use delref command.
  • 3 - use delref+del commands.
  • New parameter in settings.ini
  • [Settings]
  • This flag used in autoscript function (Alt+Shift+A).
  • ImgAutoDelMethod2 (3 by default)
  • 0 - ignore object with ?VIRUS? state.
  • 1 - use delall command on object with ?VIRUS? state.
  • 2 - use delref command.
  • 3 - use delref+del commands.
  • New hotkey: Alt+Shift+A
  • Autoscript with registry virtualization.
  • Now you can edit criterions in file's information window.
  • New object "DNS Server list"
  • (all active DNS in system)
  • New script command "dirzooex"
  • Copy all execs in folder (w/o subfolders) to Zoo.
  • New script command "del"
  • Delete file only.
  • New script command "restreg"
  • Restore registry previously saved by "breg" or "bdreg".
  • Added settings for GoogleDNS (TCP-IPv6).
  • Added #25 and #26 tweak.
  • Criterion drag & drop supported.
  • New hotkeys Ctrl+Z / Alt+Backspace.
  • Cancel last command.
  • For OS Image mode only.
  • New parameter in settings.ini
  • [Settings]
  • Sript's name (w/o path) for adding to the end of the current AUTOscript.
  • Unicode encoding only!
  • Put your script to the "script" subfolder.
  • ImgAutoScriptAdd
  • New parameter in settings.ini
  • [Settings]
  • Extensions filter for parsing function (Windows prefetcher).
  • PrefetchExt (.EXE.SCR.DLL.SYS.BAT.CMD.VBS by default)
  • New hotkey Ctrl+T
  • Use #1,2,3,9 tweaks if needed.
  • New parameter in settings.ini
  • For OS Image mode only. (Ctrl+T)
  • Use #1,2,3,9 tweaks automatically if needed.
  • ImgAutoTweak (0 by default)
  • New hotkey Ctrl+H
  • Delete all detected (by criterions) record in HOSTS.
  • Now you can create criterions for HOSTS records.
  • New parameter in settings.ini
  • For OS Image mode only. (Ctrl+H)
  • ImgAutoDelHost (0 by default)
  • 1 - delete detected records automatically.
  • 2 - use 14-th tweak automatically.
  • Minor bug fix.

New in Universal Virus Sniffer 3.80.1 (Jun 4, 2013)

  • Network engine v2.0.
  • New script command "dirzoo":
  • Copy all files by mask in source folder to Zoo
  • Sample: dirzoo c:\temp\*.exe
  • New parameter in settings.ini:
  • [Settings]
  • ; Unwind "delnfr" command to sequences of delref commands (for OS images only)
  • ImgDelnfrUnwind (0 by default)
  • New hotkey Ctrl+U:
  • Uninstall all detected (by criterions) software.
  • New parameter in settings.ini:
  • ; Add uninstall commands to the script for software detected by criterion (for OS images only)
  • ImgAutoUninstall (0 by default)
  • ; Add /quiet key with misexec.exe for uninstall command in the script
  • ImgUninstQuiet (0 by default)
  • In the Log's context menu you can add uninstall commands for detected software
  • Upgraded detection engine
  • Fixed "zoo" script command

New in Universal Virus Sniffer 3.76 (Sep 26, 2012)

  • Added support for complex criterions
  • Added new registry keys
  • New hotkey Alt+C:
  • Unlock/lock column's width adjustment
  • New menu item Run->Netsh winsock reset
  • New script command "cexec":
  • Behave like a "exec" command and out results to the log
  • New context submenu "State"
  • New script command "OFFSGNSAVE":
  • Locks virus database update on client side
  • New parameter in settings.ini:
  • [Settings]
  • If set automatically add OFFSGNSAVE command to the script
  • bHlpNoSaveSgn (0 default)
  • Light bugfix

New in Universal Virus Sniffer 3.75 (May 21, 2012)

  • Light interface changes
  • Save MBR sector function added
  • Whois support added
  • Minor bugfix

New in Universal Virus Sniffer 3.73 (Dec 2, 2011)

  • New item in "Script" menu: Import virus signatures from a script
  • Critical bugfix

New in Universal Virus Sniffer 3.72 (Nov 23, 2011)

  • Now you can make bootable USB flash drive or bootable CD/DVD ISO. (File->Create bootable USB flash/iso [dism.exe + WAIK])
  • New items in "Signature/Hash" menu:
  • "Check all unverified KNOWN files on VirusTotal.com"
  • "Check all unverified KNOWN files on virusscan.Jotti.com"
  • virusscan.Jotti.com file upload support. (ESC to abort)
  • View loader contents (see context menu of loader).
  • New tweak #24:
  • Restore Group Policy keys [HKLM, registry backup]
  • Registry backup required for this operation.
  • New startup key for start.exe:
  • /t - start and open execute script dialog (script.cmd included)
  • SystemExplorer.net support.
  • New item "Advanced->Select path to STORE..."
  • New parameter in the settings.ini:
  • [Settings]
  • ; Disable sound.
  • bMute (0 default)
  • Minor bugfix.

New in Universal Virus Sniffer 3.70 (Sep 26, 2011)

  • Default value "bNetFastLoad" changed to 1
  • Default value "SearchMode" changed to 1
  • New parameter in the settings.ini
  • [Settings]
  • Archive a file (OS Image)
  • ArchiveFile = 7zip\7za.exe a -t7z -mx9 -m0=ppmd:o=32:mem=64m "%s.7z" "%s"
  • (Sample for 7za.exe)
  • Decompress OS Image
  • DecompressImage = 7zip\7za.exe x -y "%s" -o"%s" *.txt
  • Archive Zoo
  • ArchiveZoo = 7zip\7za.exe a -t7z "%s.7z" -pvirus "%s\*.*"

New in Universal Virus Sniffer 3.69 (Aug 13, 2011)

  • MBR/VBR/IPL signatures and VT/JT support
  • New item in "Signature/Hash" menu: "Reset "SUSP." state of all known files w/o digital signature"
  • Added MSIE, Firefox, Opera, Chrome start pages
  • Critical bug fixed

New in Universal Virus Sniffer 3.68 (Jul 26, 2011)

  • 2 registry keys added
  • New item in "Advanced" menu:
  • "Reset all attributes in the specified directory..."
  • New item in "Settings" menu:
  • "Manual disk names translation..."
  • New parameter in the settings.ini:
  • [Settings]
  • Add all dirs in the list
  • AddDirs
  • Separator : |
  • No recursion flag: >
  • Sample: AddDirs = %sys32% | d:\tools | >%SystemDrive%
  • Light bugfix

New in Universal Virus Sniffer 3.67 (Jul 14, 2011)

  • VBR+IPL support (only for FAT12/FAT16/FAT32/NTFS/exFAT)
  • New script command "fixvbr"
  • Sample: fixvbr c: 6
  • ñ - name of volume,
  • 6 - boot code version (6 - Vista/Seven, 5 - 2k/xp/2k3)
  • New menu item "Registry" -> "[INTEL] Enable AHCI support...
  • "
  • New value in settings.ini
  • [Settings]
  • Filter by developer (for VT/JT services only)
  • vFilter (String)
  • Sample: Kaspersky, DrWeb, AntiVir
  • Autoname function for new virus in base
  • vGetName (String)
  • Sample: Kaspersky, DrWeb, AntiVir
  • New item in the context menu "Unrestrict run by MD5 hash"
  • Script command: "rbl"
  • New hotkey Alt+M
  • Search mode: by Name or by Developer
  • GPT support
  • New Virus Base format

New in Universal Virus Sniffer 3.66 (Jun 26, 2011)

  • Added MBR related functions.
  • Added Save & Restore system registry functions.
  • Tweak #23: "Remove ALL files in the System Volume Information"
  • Light bugfix.

New in Universal Virus Sniffer 3.65 (Jun 20, 2011)

  • Known file replacement detection. (by F7 hotkey)
  • New item in the context menu: "Copy to STORE".
  • New item in the main menu: "Advanced->Restore all missed known files" (from STORE)
  • All script operation moved to the "Script" menu.
  • New script command "crimg":
  • This command can be used for custom OS Image creation process.
  • Sample:
  • adddir %sys32%
  • adddir %systemdrive%\users\administrator
  • crimg
  • Light bugfix.

New in Universal Virus Sniffer 3.64 (Jun 3, 2011)

  • Added jotti.org support.
  • Minor bugfix.

New in Universal Virus Sniffer 3.62 (May 20, 2011)

  • New hotkey:
  • Alt+Enter - File properties

New in Universal Virus Sniffer 3.61 (May 20, 2011)

  • New category "DNS".
  • New script command "setdns".
  • New item in the "Registry" menu: "Check parameters of device classes by registry backup".
  • New item in the "Registry" menu: "[HKLM] Clear System\MountedDevices key"
  • Script command "clrmd".
  • New buttons in the Remote Desktop window:
  • "CAD" - Send Ctrl+Alt+Del
  • "" - next desktop
  • Light interface improvements.
  • Light Bug fix.

New in Universal Virus Sniffer 3.60 (May 2, 2011)

  • New computer information and base.
  • Menu: Advanced
  • Hotkey: Alt+I.
  • (Network/Normal mode only)
  • New item in the context menu: "Upload file by VirusTotal Uploader".
  • New item in the "File" menu: "Add to list->All execs in the specified directory".
  • New item in the "Registry" menu: "Check parameters of services and drivers by registry backup".
  • New script command "RF filename" (Restore file)
  • New item in the context menu: "Open file's directory [FM]"
  • Select external File Manager by Alt+F hotkey first.
  • Hotkey: Alt+Shift+F
  • New flags in the settings.ini
  • [Settings]
  • ; Only for active OS
  • bFastLoad = 0 (default, normal mode)
  • 1 (Skip system scan)
  • ; Automatic image creation
  • bCreateImage = 0 (default, normal mode)
  • 1 (create image automatically)
  • 2 (create image automatically)
  • 3 (create image automatically in mute mode and exit)
  • 1 registry key added.
  • Date/time added to the Log.
  • Parent process information in the file's information dialog.
  • Last used ip/computername preserved.
  • Light interface improvements.
  • Minor Bug fix.
  • http://dsrt.jino-net.ru closed.
  • Main server: http://dsrt.dyndns.org

New in Universal Virus Sniffer 3.51 (Mar 3, 2011)

  • Network Mode: Now SHA1 base is not copied over network without sacrificing functionality.
  • Support for custom SHA1 bases. Just place custom base(s) into "SHA" folder and it will be loaded automatically.
  • R/O mode.
  • New parameter in the settings.ini:
  • (other parameters you can find in the Russian FAQ)
  • [Settings]
  • SHA1 Base name. (name for _user base)
  • Sha1Name (by default SHA1)
  • SHA1 default base was renamed:
  • New name: MAIN (in the "SHA" subfolder)
  • Base loaded automatically in R/O mode.
  • You can add new hashes in the user SHA1 base. (Name "SHA1" by default)
  • Minor bug fix.

New in Universal Virus Sniffer 3.50 (Feb 25, 2011)

  • New VirusTotal.com related functions
  • New state "?VIRUS?"
  • New User Criterion Base (old snms base):
  • Define any criterion in the context menu of the file information dialog.
  • Hot Key for scan - Alt+F7
  • External browser & text editor selection available in the "Settings" menu
  • 7-zip/rar OS images support
  • Minor bugfix

New in Universal Virus Sniffer 3.46 (Feb 2, 2011)

  • New hotkey: Shift+F10 - Context menu.

New in Universal Virus Sniffer 3.45 (Jan 22, 2011)

  • Minor Bugfix.

New in Universal Virus Sniffer 3.44 (Jan 17, 2011)

  • Light improvements.
  • Bugfix.

New in Universal Virus Sniffer 3.43 (Dec 27, 2010)

  • Light improvements.
  • Minor Bugfix.

New in Universal Virus Sniffer 3.42 (Dec 20, 2010)

  • Minor Bugfix.

New in Universal Virus Sniffer 3.41 (Dec 18, 2010)

  • Clipboard autosync.
  • Light improvements.

New in Universal Virus Sniffer 3.40 (Dec 9, 2010)

  • Remote desktop control feature. (network mode). Hotkey: Alt+V
  • Some improvements.
  • Minor bugfix.

New in Universal Virus Sniffer 3.33 (Nov 22, 2010)

  • New tweak #22 "Restore exec file's start parameters"
  • New item "Services" in the "Run" menu.
  • Some light improvements.

New in Universal Virus Sniffer 3.32 (Nov 15, 2010)

  • Minor bugfix.

New in Universal Virus Sniffer 3.31 (Nov 1, 2010)

  • New script commands
  • New StartF module
  • Minor bugfix

New in Universal Virus Sniffer 3.30 (Nov 1, 2010)

  • New search mode
  • New run keys(see _startup.txt)
  • New malware name's base
  • Antisplicer mode
  • New hotkey Alt+S (Save script)
  • Light bugfix

New in Universal Virus Sniffer 3.27 (Oct 4, 2010)

  • Fixed some interface bugs (Windows 2000 only)
  • xMD5 module for applying bl.log
  • New script command EXEC.
  • Advanced->Installed Applications now is available in the Virtual Mode

New in Universal Virus Sniffer 3.26 (Sep 29, 2010)

  • MD5 support (RFC 1321)
  • New function: Restrict run by MD5 hash (see context menu)
  • New tweak #19 "Remove all restricted (by uVS) MD5 hashes"
  • New tweak #20 "Restore corrupted ImagePath values"
  • Tweak #21 "Restore SafeBoot key"
  • New option in "Run" menu - GPUPDATE /FORCE
  • Log view mode - Hotkey Alt+L
  • Minor bugfix

New in Universal Virus Sniffer 3.25 (Sep 17, 2010)

  • Minor bugfix

New in Universal Virus Sniffer 3.24 (Sep 4, 2010)

  • Minor Bugfix