UVK Help: Memory modules manager
You can access this feature by clicking Memory modules manager, in the Home page.
This function lets you to detect and delete infected memory objects.
The list shows all running processes in a treeview control. Each process is a branch of the tree. To list the modules loaded by a process, click the + button to the left of the process line, or just double-click the line. The branch will be expanded.
Choosing which modules to display in the list:
You can choose to hide the system protected files, all Microsoft files, or all signed files from the list by clicking the List settings button.
It will open a dialog box similar to the one in the picture below:
Select the radio button corresponding to the desired option.
If you
select Show all modules, then all the modules will be shown.
However, you will not be able to delete or rename system protected
files using UVK.
If you select Hide system protected files
(Default), then only the non protected modules will be
displayed.
If you select Hide all Microsoft files, then no
Microsoft files will be shown.
If you select Hide all
digitally signed files, then UVK will verify the digital of all
files and display only the unsigned ones.
All the processes will be shown, no matter which option you choose. The filter applies only to the modules loaded by the processes.
If you use the second or third option, and you suspect that the system or Microsoft files have been infected or replaced, check the aditional option Verify the file signatures. This will ensure only genuine files are hidden from the list.
Click Apply to refresh the list using the selected filter, or Cancel to cancel the operation
Analyzing the modules:
Once you have selected the module you want to analyze, right click
its line to get a list of options you can select to get more info on
the modules, and delete it, if desired.
Click Module
properties in the upper pane or in the context menu, or
double-click the module's line to get more info on the selected file. UVK will display an
information dialog box similar to the picture below. Note that the
file chosen for this example is not an infected file.
Click
the Go button, in the Process path line to jump to the
corresponding process file location.
Click
the Go button, in the Module path line to jump to the
selected module file location.
Click
the Google button, in the File description line to perform a quick
google search using the selected module's file description as the
keywords.
Click
VirusTotal report to get a VT report of the
selected module. To get more info about the VirusTotal analysis,
click here.
Click
Close (Esc) to close the info dialog box.
Deleting a module:
You can choose to move the selected module to the recycle bin, or delete it permanently by checking the desired option in the Deletion options area, in the upper pane.
Move to recycle bin: The selected module will be moved to the
recycle bin. If UVK does not succeed to move the module immediately,
it will be blocked and scheduled to be recycled the next system
reboot.
This is the recommended option, as it allows the quick recovery of the file, in case of mistake.
Delete permanently: If you choose this option, the
selected file will be permanently deleted. If UVK does not succeed
to delete the file immediately, it will be marked for removal on
reboot. This method can be more effective for stubborn files, but it
does not allow the recovery of the module file.
Other options:
Use the
other options in the context menu to get more information on the
selected modules.
Click
Refresh to update the process and modules list.
Click
Home or press Esc to go back to the welcome screen.
