What's happened AVZ

AVZ is a direct analogue of programs TrojanHunter And LavaSoft Ad-aware.

The first version appeared in 2004. Developer AVZ- Oleg Zaitsev.

– built-in for searching files on disk (with saving search results). Allows you to search for a file using various criteria; the search system’s capabilities exceed search capabilities;

– built-in for searching data in (with saving search results). Allows you to search for keys and parameters according to a given pattern;

– built-in analyzer of open TCP/UDP;

– built-in analyzer of shared resources, network sessions and files opened over the network;

– built-in analyzer Downloaded Program Files (DPF);

– system recovery firmware. Restoring settings , program launch options and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are indicated;

– control scripts. Allow the administrator to write a script that performs a set of specified operations. Scripts allow you to use AVZ V corporate network, including its launch during system boot;

– process analyzer. Uses neural networks and analysis firmware, enabled when advanced analysis is enabled at the maximum heuristic level. Designed to search for suspicious processes in memory;

– system AVZGuard. Designed to combat hard-to-remove malware;

– a direct disk access system for working with locked files. Works for FAT16/FAT32/ , supported on all operating systems of the line NT, allows the scanner to analyze blocked files and quarantine them;

– unpack the archive;

– run the file avz.exe;

– in the utility window on the tab Search area specify the location to search for malware (disks, folders);

– check the boxes if necessary Heuristic file deletion, Copy deleted files to Infected, Copy suspicious ones to quarantine;

– on the tab File types installed – Potentially dangerous files, Check NTFS streams, Check archives, Do not scan archives larger than 10MB - make the necessary adjustments if necessary;

– on the tab Search options installed – Medium level of heuristics, Detect API and RootKit interceptors, Check SPI/LSP settings, Search for keyboard loggers (Keylogger)– if necessary, make the necessary amendments;

– press the button Start;

– wait until the scanning is completed;

– in a scrollable list Protocol check out the results;

– if you suspect the presence of viruses in the system (or other questions about AVZ), you can contact the conference – virusinfo.info.

What to do, if AVZ discovered (or allegedly discovered!) a virus or malware?

Let's give the floor to the developer:

« AVZ conceived as, equipped with a mass of various checks and analyzers, sometimes paranoid. This was done on purpose, because... AVZ often used for analysis , testing of which by other means did not yield anything. That's why false positives possible, and in this case the protocol for the object provides the wording "Suspicion of..."(malware category and additional details).

If suspicious objects are detected, the following procedure should be followed:

1. Under no circumstances should you destroy suspicious files. The fact that a file is suspected by the analyzer does not mean that it is dangerous. Suspicious files must be quarantined AVZ and send it to my address [email protected] . When creating an archive manually, it is highly advisable to set a password, otherwise the letter may be blocked by your mail server;

2. The letter must briefly outline the essence of the problem and any suspicions. It is highly advisable to attach the protocol AVZ;

3. Wait for a response with the results of the analysis.”

Extended capabilities AVZ

– IE extension manager (BHO, panels);

– Control Panel Applet Manager (CPL);

– Explorer Extensions Manager;

– Printing System Extensions Manager;

– Task Scheduler Manager;

– Protocol and Handler Manager;

– Downloaded Program Files Manager;

– Active Setup Manager;

– Winsock SPI Manager (LSP, NSP, TSP);

– Hosts File Manager;

– Open TCP/UDP;

– Shares and Network Sessions;

– generate text containing a script based on templates.

The editor supports options command line– as the first parameter you can specify the name of the script that should be loaded after launching the editor.

The script editor can be downloaded from the download page – www.z-oleg.com/secur/avz/download.php.

Update AVZ

To update, select menu File –> Database Update;

- in the window Operational automatic update select the update source, check the settings;

– click Start;

– wait for the update process to complete.

Manual update AVZ

– close the program AVZ;

– download the latest databases for AVZ link z-oleg.com/secur/avz_up/avzbase.zip;

– unpack the downloaded archive into a folder Base programs AVZ(authorizing file replacement - Yes for everyone).

Notes

Surely every computer owner has encountered malicious programs such as viruses. Not everyone is able to track and neutralize any threat. One of the most reliable anti-virus programs is the AVZ anti-virus utility.

What is AVZ?

You can see a lot on the Internet good reviews about AVZ antivirus. What is this program? The creator of the utility is Oleg Zaitsev from Kaspersky Lab. He developed a tool similar to LavaSoft Adaware and TrojanHunter, but AVZ is several times superior to them in its capabilities. It's free software tool, which is designed to remove spyware and adware modules and programs, Trojans, programs for secret computer control and other viruses.

Unlike serious software packages, AVZ does not monitor your computer in real time and does not require installation. The big advantage is the absence of conflicts with other antiviruses. For example, the utility can be launched together with a running NOD32.

What threats does AVZ fight against? Antivirus protects your computer against:

• Postal and
• Trojan programs.
• Backdoor modules.
• Spyware.

Functions of the AVZ utility

What can this software do? To begin with, it is worth noting that the utility receives regular updates to its anti-virus databases. It searches for viruses using firmware, analyzing memory, registry and disk contents. AVZ has a built-in manager of running processes and services, quickly recognizes and neutralizes keyloggers, and has a file search function based on specified parameters.

When the program detects malicious files, it blocks them and places them in a special storage - quarantine. Many types of viruses cannot be removed from a computer even by world-class antiviruses, but the utility in question can cope with them. This fact suggests that AVZ is a powerful anti-malware tool.

How do malware work?

Programs that belong to the class of spyware and adware are not necessarily Trojans or viruses. Their main goal is to collect data from computers for their further use in illegal fraud or implementation to collect information about user activity. This information is then used for pop-up advertising. Antiviruses such as Avira and Avast very often do not take such programs into account, and this is where AVZ is needed.

How to scan?

The interface is completely Russified, and all menu items will be understandable even to an inexperienced user. The program must be run with administrator rights if the computer has Windows versions 7 or higher. To start scanning, just select an area and click on the “Start” button, but before that it is advisable to update the databases. You need to check the “Perform treatment” checkbox to delete it. If you need to perform a quick scan, then this option is available. But the longer AVZ scans your computer, the higher the likelihood of detecting viruses.

For prevention, you can regularly scan all computers with the AVZ utility. This will help avoid unnecessary problems in the future, as the consequences hidden actions malware can be quite disastrous.

To summarize, what can we say about the AVZ program? That this is a high-quality and reliable tool for searching and eliminating Trojans and spyware, advertising files and other malicious software. The utility does not take up much space, so it is advisable to have it on every computer.

Antivirus utility AVZ designed to detect and remove:

• SpyWare and AdWare modules are the main purpose of the utility
• Dialer (Trojan.Dialer)
• Trojan programs
• BackDoor modules
• Network and mail worms
• TrojanSpy, TrojanDownloader, TrojanDropper

Main features of the AVZ utility (in addition to the standard signature scanner)

Heuristic system check firmware. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.

Updated database of safe files. It includes digital signatures tens of thousands of system files and files of known safe processes. The database is connected to all AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);

Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is universal system detecting and blocking KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1

Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;

Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.

Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings and diagnose possible mistakes in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;

Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database, identified safe and system files highlighted in color;

Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them); the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine

Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)

Built-in TCP/UDP open port analyzer. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs typical use of this port

Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.

Built-in Downloaded Program Files (DPF) analyzer- displays DPF elements, connected to all AVZ systems.

System recovery firmware. Firmware restores settings Internet Explorer, program launch settings and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.

Heuristic file deletion. Its essence is that if during treatment the malicious files and this option is enabled, an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. All found links to deleted file are automatically cleaned with information about what exactly was cleaned and where it was recorded in the protocol. For this cleaning, the system treatment firmware engine is actively used;

Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; letters Email And MHT files; CHM archives

Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75

Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.

Process Analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.

AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.

Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.

AVZPM Process Monitoring and Driver Driver. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.

Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.

AVZ 4.46

AVZ download the latest version for free from the official website

Utility AVZ - powerful antivirus scanner, used to quickly remove Trojans, Backdoor components, AdWare, SpyWare, and other malicious code, such as Dialer downloaders, from a PC. Antivirus AVZ latest version from the official website available for download from the link provided at the bottom of the page.

AVZ is used to scan and then remove the following elements:

• mail and network worms;
• AdWare, AdWare modules (priority focus of the antivirus);
• Trojans;
• BackDoor modules;
• downloaders like Trojan.Dialer;
• such malicious components as TrojanDropper, TrojanDownloader, TrojanSpy.

Antivirus AVZ has an excellent archive database, including about 300 thousand viruses, special firmware for treatment, elimination of programs, search engines, heuristics, as well as neuroprofiles. Additionally, the archive contains about 400 thousand signatures of safe files.

The program provides for the use of a huge number of powerful analyzers, for example, shared resources, open ports, Downloaded Program Files. The processor analyzer, the ability to monitor program operation, and Boot Cleaner require special attention. In addition to these features, the utility uses many additional ones to ensure maximum PC security. This is what makes AVZ antivirus so popular among users.

AVZ download free

Modern antiviruses have acquired various additional functionality so much that some users have questions while using them. In this lesson we will tell you about all key features AVZ antivirus operation.

Let's look at what AVZ is in as much detail as possible using practical examples. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus should be able to detect malware on your computer and deal with it (treat or remove it). Naturally, this function is also present in AVZ. Let's see in practice what such a check is like.

1. Let's launch AVZ.
2. A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.



3. On the first tab "Search area" you need to tick those folders and sections hard drive that you want to scan. A little lower you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will allow you to perform a special heuristic analysis, scan additional running processes and even identify potentially dangerous software.



4. After that, go to the tab "File Types". Here you can choose what data the utility should scan.
5. If you are doing a regular check, then just check the box "Potentially dangerous files". If viruses have taken deep roots, then you should choose "All files".
6. In addition to regular documents, AVZ also easily scans archives, something that many other antiviruses cannot boast of. This tab is where you can enable or disable this check. We recommend unchecking the checkbox for scanning large archives if you want to achieve maximum results.
7. In total, your second tab should look like this.



8. Next we go to the last section "Search Options".
9. At the very top you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking API and RootKit interceptors, searching for keyloggers, and checking SPI/LSP settings. General form last tab you should have something like this.



10. Now you need to configure the actions that AVZ will take when a particular threat is detected. To do this, you first need to check the box next to the line "Carry out treatment" in the right area of ​​the window.



11. Next to each type of threat, we recommend setting the parameter "Delete". The only exceptions are threats like "HackTool". Here we recommend leaving the parameter "Treat". In addition, check the two lines below the list of threats.



12. The second parameter will allow the utility to copy the unsafe document to a specially designated location. You can then view all the contents, and then safely delete them. This is done so that you can exclude from the list of infected data those that are not actually infected (activators, key generators, password generators, and so on).
13. When all the settings and search parameters have been set, you can begin the scanning itself. To do this, click the corresponding button "Start".



14. The verification process will begin. Her progress will be displayed in a special area "Protocol".
15. After some time, which depends on the amount of data being scanned, the scanning will be completed. A message indicating the completion of the operation will appear in the log. The total time spent on analyzing files will also be indicated, as well as statistics on scanning and identified threats.



16. By clicking on the button marked in the image below, you will be able to see in a separate window all the suspicious and dangerous objects that were identified by AVZ during the scan.



17. The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. When the operation is complete, press the button "OK" at the bottom.



18. After cleaning your computer, you can close the program window.

System functions

In addition to standard malware scanning, AVZ can perform a lot of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File". The result will be context menu, which contains all the available helper functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogues of the corresponding buttons in the AVZ main menu.

System Research

This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware. Such information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. Here you can specify what information AVZ should collect. After checking all the necessary boxes, you should click the button "Start" at the bottom.


After this, a save window will open. In it you can select the location of the document with detailed information, and also indicate the name of the file itself. Please note that all information will be saved as an HTML file. It opens in any web browser. Having specified the path and name for the saved file, you need to click the button "Save".


As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

System Restore

Using this set of functions, you can return elements of the operating system to their original form and reset various settings. Most often, malware tries to block access to the Registry Editor, Task Manager and write its values ​​in the Hosts system document. You can unlock such elements using the option "System Restore". To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.


After this you need to press the button “Perform marked operations” in the lower area of ​​the window.

A window will appear on the screen in which you must confirm the action.


After some time, you will see a message indicating that all tasks have completed. Just close this window by clicking the button "OK".

Scripts

In the list of parameters there are two lines related to working with scripts in AVZ - "Standard scripts" And "Run script".

Clicking on a line "Standard scripts", you will open a window with a list of ready-made scripts. All you need to do is tick the boxes that you want to run. After this, click the button at the bottom of the window "Run".


In the second case, you will launch the script editor. Here you can write it yourself or download it from your computer. Don't forget to click the button after writing or uploading "Run" in the same window.

Database update

This item is the most important of the entire list. By clicking on the corresponding line, you will open the AVZ database update window.

We do not recommend changing settings in this window. Leave everything as it is and press the button "Start".


After some time, a message will appear on the screen indicating that the database update is complete. All you have to do is close this window.

Viewing the contents of the Quarantine and Infected folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected while scanning your system.

In the windows that open, you can permanently delete such files or restore them if they actually do not pose a threat.


Please note that in order for suspicious files to be placed in these folders, you must check the appropriate boxes in the system scanning settings.

This is the last option from this list that the average user may need. As the name suggests, these parameters allow you to save the preliminary antivirus configuration (search method, scanning mode, etc.) to your computer, and also load it back.

When saving, you will only need to specify the file name, as well as the folder in which you want to save it. When loading a configuration, simply select the desired file with settings and click the button "Open".

Exit

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - when a particularly dangerous software— AVZ blocks all methods of its own closing, except for this button. In other words, you will not be able to close the program with a keyboard shortcut "Alt+F4" or by clicking on the banal cross in the corner. This is done so that viruses cannot interfere with the correct operation of AVZ. But by clicking this button, you can close the antivirus if necessary for sure.

In addition to the options described, there are also others in the list, but they most likely will not be needed by ordinary users. Therefore, we did not focus on them. If you still need help regarding the use of functions that are not described, write about it in the comments. And we move on.

List of services

In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the last section, we will go over only those that may be useful to the average user.

Process Manager

By clicking on the very first line from the list, you will open a window "Process Manager". In it you can see a list of all executable files that are running on a computer or laptop at a given time. In the same window you can read a description of the process, find out its manufacturer and the full path to the executable file itself.


You can also terminate a particular process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.


This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations where "Task Manager" blocked by a virus.

Services and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.


You can select the required item, after which you will have the options to enable, disable or complete removal services/drivers. These buttons are located at the top of the work area.

Startup Manager

This service will allow you to fully customize autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on the line with the same name, you will see the following.


In order to disable the selected element, you only need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button at the top of the window in the form of a black cross.

Please note that a deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

Hosts File Manager

We mentioned a little above that the virus sometimes writes its own values ​​into the system file "Hosts". And in some cases, malware also blocks access to it so that you cannot correct the changes made. This service will help you in such situations.

By clicking on the line shown in the image above in the list, you will open a manager window. You cannot add your own values ​​here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of ​​the work area.


After this, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".


When the selected line is deleted, you just need to close this window.

Be careful not to delete lines whose purpose you don't know. To file "Hosts" Not only viruses, but also other programs can write their values.

System utilities

With AVZ you can also launch the most popular system utilities. You can see their list if you hover your mouse over the line with the corresponding name.


By clicking on the name of a particular utility, you will launch it. After this, you can make changes to the registry (regedit), configure the system (msconfig) or check system files (sfc).

These are all the services we wanted to mention. Beginner users are unlikely to need a protocol manager, extensions, or other additional services. Such functions are more suitable for more advanced users.

AVZGuard

This function was developed to combat the most cunning viruses that cannot be removed using standard methods. She just takes it malware to the list of untrusted software that is prohibited from performing its operations. To enable this function you need to click on the line "AVZGuard" in the upper AVZ area. In the drop-down window, click on the item "Enable AVZGuard".

Be sure to close all third-party applications before enabling this feature, otherwise they will also be included in the list of untrusted software. The operation of such applications may be disrupted in the future.

All programs that are marked as trusted will be protected from deletion or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After this, you should disable AVZGuard back. To do this, click again on a similar line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology indicated in the name will monitor all started, stopped and modified processes/drivers. To use it, you must first enable the corresponding service.

Click on the AVZPM line at the top of the window.
In the drop-down menu, click on the line “Install the advanced process monitoring driver”.


Within a few seconds, the necessary modules will be installed. Now, when changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down window. This will unload all AVZ processes and remove previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have installed operating system x64. Unfortunately, the mentioned utilities do not work on an OS with this bit depth.

This brings this article to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will be happy to pay attention to each question and try to give the most detailed answer.