Hello!
Big update and change website address:
http://dsrt.dyndns.org:8888/
---------------------------------------------------------
4.1
---------------------------------------------------------
o Added process activity monitor.
CPU / GPU activity is calculated in the last 10 seconds.
Hot Key: Alt + D
You can view information about the process and can terminate the process immediately. (except for processes with pid = 4 and uVS processes)
(only one process is terminating with the corresponding pid, the command queue is not used, the command has an instant action - requests / warnings are not issued, the ASA is used if necessary)
Function available for active and remote systems.
o In info of process added new fields: СPU, CPU 1 core, GPU 1, GPU 2...
CPU usage, GPU usage(Vista+)
"CPU" * number of all logical cores = "CPU 1 core".
Processes with high CPU/GPU usage get "suspicious" status.
(!) CPU/GPU load counts from the time the process starts to the current time.
o New category "WMI: Events handlers".
o Added the ability to delete WMI events and tasks without removing all references to the file / object.
Script commands: delwmi and deltsk
o Added experimental function of detecting embedded streams in known system processes (currently only for 32-bit processes).
In the case of detection in the log line is displayed: Injected thread detected in process full name [PID], tid = TID
The function complements the old functionality for detecting threads based on embedded DLLs.
o New menu item: Rootkits->Suspend all injected threads of all processes (excluding DLL based) (Vista+)
Script command: icsuspend
o Registry backup/restore functions now saving all user's hives and DRIVERS and COMPONENTS hives.
You can use my small utility "ABR", for backup and restore saved registry.
http://dsrt.dyndns.org/files/abr.zip
o Added function to automatically load user registries.
This eliminates problems with logging into the workstation and user switching on the remote computer.
o In the service/drivers info added a new fields: DisplayName, Description, Owners.
o The problem with reading the task cache has been fixed; in some cases the cache could not be checked.
o Optimized digital signature verification function.
o The "Download" button was restored in the file information window.
o Registry's keys deletion function fixed and updated.
o URLs in command lines now get "suspicious" status.
o New parameter in settings.ini - bFakeName
[Settings]
; Use random caption for uVS window.
bFakeName (by default 0)
o Added support for new Firefox (x86/x64) extensions.
o Added support for the protected processes (Vista+)
o Added new tweak #38 - Clear DisallowedCertificates list.
o Critical bug fixed in autorun image read function.
(an error could occur when reading large images in a system with a lack of free RAM)
o Current user's name for offline system added to the log.
o Fixed a bug in the window of installed programs: the Del key did not delete entries from the registry.
o WOW64 emulator function fixed.
o Improved parsing command-line options.
o Filename's parser fixed.
o Extension's parser updated.
o All executable files with non-standard extensions now get "suspicious" status after list scan (on F7/F3 hotkeys).
o Fixed error in FireFox extension's parser.
o VT support fixed.
o Interface bugs fixed.
---------------------------------------------------------
4.0
---------------------------------------------------------
o Added Command's queue support and commands emulation feature.
Now all simple commands is NOT executed immediately, but emulated and added in the command's queue.
You can delete some commands from queue. (see "Command's queue" partition)
And if you want to execute ALL commands in the queue you must press the "Apply" button.
(!) For all working modes.
o New script command "apply" executes all operations in the queue.
o Virus base format updated.
Now you can set specific flags for any signature in the base.
o Now you can use hotkey "RWin" for switching back to uVS.
And if you press RWin+Close button then server part of uVS will be unloaded (if bReUseRemote=1)
(this hotkey working in remote desktop window only)
o New switch hide "DLL w/o entry point".
o bWebVT flag obsolete.
You must set your personal VTAPIKey in settings.ini
o Added new registry keys support.
o System's image format changed, all old version supported.
o cmpimg updated to v1.02
o uvs_snd updated to v1.02
o Added support for *.hta files.
o New hotkey Del - Hide object from list.
o New menu item Registry->Create copy of RegBack folder and make it active
(!) Only for active systems.
o Added Yandex Browser support.
o Added Chrome\Yandex extensions support.
o Added Task scheduler cache support.
o Added BITS support.
o Added MSIE newest versions support.
o New advanced function for analyzing command lines.
o New script command "BP"
Block file execution by file path & mask.
Example:
BP %APPDATA%\*.exe
BP trojan*.*
BP c:\auto*.???
o New parameter in settings.ini "fHeight"
[Settings]
; Font size for script editor
fHeight (by default 9)
o New parameter in settings.ini "ImgAutoClean"
[Settings]
; On the end of autoscript functions add to the script deltmp & delnfr commands.
ImgAutoClean (by default 0)
o New parameter in settings.ini "fWeight"
[Settings]
; Font weight
fWeight (by default 300)
o New parameter in settings.ini "fFaceName"
[Settings]
; Font name
fFaceName (by default Tahoma)
o Added support for "SearchScope" MSIE.
o Added new tweak #36 Reset Microsoft Edge key (for Windows 10)
o Added new tweak #37 Fix \\ in file's path.
Only REG_SZ and REG_SZ_EXPAND values supported.
o Performance greatly increased.
o Major bug fix.
http://dsrt.dyndns.org:8888/files/uvs_v410eng.zip
uvs.gif (42.66 KiB) Viewed 1199 times
Small selection of info from various files it comes with.
