home › Installation and configuration › AVZ - restore system settings and remove viruses. Setting up AVZ firmware - system recovery after viruses. AVZ - restoring system settings and removing viruses Resetting the registry using avz

AVZ - restore system settings and remove viruses. Setting up AVZ firmware - system recovery after viruses. AVZ - restoring system settings and removing viruses Resetting the registry using avz

AVZ is a free utility designed to search for and remove viruses, as well as to restore system settings after the actions of malicious programs.

Preparing for work

1. Download the AVZ utility from the official website: http://z-oleg.com/avz4.zip

2. Unpack the archive

3. Run the file from the archive avz.exe

4. Go to the menu File and select Database update

Click Start to start the update process :

The anti-virus database is being updated:

When the databases are updated, this message will appear. Click OK:

Virus check

To scan for viruses, check all computer drives on the left and check the box on the right Carry out treatment, and click the button below Start:

System Restore

A very useful function of the AVZ utility is system recovery. It will come in handy after removing malware to eliminate traces of it. To start System Restore, click File -> System Restore:

Check the required boxes and click the button Perform marked operations:

Confirm your intent:

Cleaning browsers with AVZ

From the main menu select File.

Select an item Troubleshooting Wizard:

In field Danger level select All the problems.

Click Start.

Check the following boxes:

Clearing the TEMP folder;
Adobe Flash Player— cleaning temporary files;
Macromedia Flash Player - clearing caches;
Cleaning system folder TEMP;
Clearing caches of all installed browsers;

Click the button Fix flagged issues.

In certain situations it may be necessary to disable the kernel debugger. This operation is not recommended for inexperienced users due to the potential threat to the stability of the operating system. Microsoft systems Windows.

Instructions

Click the "Start" button to open the main system menu and enter cmd in the search bar to initiate the procedure to disable the kernel debugger.

Call context menu found the “Command Prompt” tool by right-clicking and specifying the “Run as administrator” command.

Enter the value Kdbgctrl.exe -d in the utility text field command line to disable kernel debugging in the current session and press the Enter softkey to confirm the command.

Use the bcdedit /debug off value in the command line text box to disable the processor core debugging process for all operating sessions Windows systems Vista and Windows 7 and press the Enter function key to confirm your selection.

Enter dir /ASH in the command line text box to search for a hidden, protected boot.ini file located on the system drive to disable the kernel debugger for all sessions in all more earlier versions operating system Microsoft Windows and open the found file in Notepad.

Delete the parameters:

- /debug;
- debugport;
- /baudrate

and restart your computer to apply the selected changes.

Click the "Continue" button in the prompt dialog box if you need to perform a debugging operation on the system's processor core and wait until the procedure completes.

Use the gn command in the text field of the Kernel Debugger window when a User break exception (Int 3) error message appears.

Use Debugging Mode when booting your computer into safe mode to enable the kernel debugger service.

A kernel debugger is special software that runs at the kernel level of the entire operating system of a personal computer. The process of “debugging the operating system kernel” refers to the procedure for scanning various errors in the system kernel. When working with Daemon Tools, an Initialization error... Kernel debugger must be deactivated often occurs. You can fix this by disabling the kernel debugger.

You will need

Administrator rights.

Instructions

If this warning appears during the application installation process, you need to disable the service called Machine debug manager. To do this, launch the “Control Panel” and go to the “Administration” section. Next, click on the “Services” shortcut. Find Machine Debug Manager in the list. Click on the name with the mouse button and click “Stop”.

Disable debugger processes in the Task Manager. To do this, right-click in a free area and select “Task Manager”. You can press the key combination Alt + Ctrl + Delete. Go to the Processes tab and disable all mdm.exe, dumprep.exe and drwatson.exe processes. If you don't feel comfortable searching for them in the list, click the Image Name tab to have the list sorted by name. As a rule, such operations are carried out manually, on behalf of the administrator of the personal computer.

The error reporting system should also be disabled to record debugging information was discontinued. To do this, go to the “Control Panel”. Select the "System" section and click the "Advanced" button. Next, click on the “Error Report” button. Check the box next to “Disable error reporting.” Then go to the “Boot and Recovery” tab and uncheck the boxes next to “Send an administrative alert” and “Log event to system log.”

Remove the Daemon Tools application from startup. To do this, click the "Start" button. Next, click Run and enter the msconfig command. Once the system window appears, uncheck the box next to the Daemon Tools application. When installing the program, disable your antivirus software. If the described error occurs, the installation of the application should be started again, after eliminating all the reasons for personal computer.

Helpful advice

Performing some of the above operations requires administrative access to system resources.

A simple and convenient AVZ utility that can not only will help, but also knows how to restore the system. Why is this necessary?

The fact is that after the invasion of viruses (it happens that AVZ kills thousands of them), some programs refuse to work, the settings have all disappeared somewhere and Windows somehow does not work quite correctly.

Most often, in this case, users simply reinstall the system. But as practice shows, this is not at all necessary, because using the same AVZ utility, you can restore almost any damaged programs and data.

In order to give you a more clear picture, I provide full list something that can restoreAVZ.

Material taken from the reference bookAVZ - http://www.z-oleg.com/secur/avz_doc/ (copy and paste into the browser address bar).

Currently the database contains the following firmware:

1.Restoring startup parameters of .exe, .com, .pif files

This firmware restores the system's response to exe files, com, pif, scr.

Indications for use: After the virus is removed, programs stop running.

2.Reset protocol prefix settings Internet Explorer to standard

This firmware restores protocol prefix settings in Internet Explorer

Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

3.Restoring the starting Internet pages Explorer

This firmware restores the start page in Internet Explorer

Indications for use: substitution home page

4.Reset Internet Explorer search settings to standard

This firmware restores search settings in Internet Explorer

Indications for use: When you click the “Search” button in IE, you are directed to some third-party site

5.Restore desktop settings

This firmware restores desktop settings.

Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

Indications for use: The desktop settings bookmarks in the “Display Properties” window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

6.Deleting all Policies (restrictions) of the current user

Windows provides a mechanism for restricting user actions called Policies. Many people use this technology malware, since the settings are stored in the registry and are easy to create or modify.

Indications for use: Explorer functions or other system functions are blocked.

7.Deleting the message displayed during WinLogon

Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup.

A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

Indications for use: An extraneous message is entered during system boot.

8.Restoring Explorer settings

This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

Indications for use: Explorer settings changed

9.Removing system process debuggers

Registering a system process debugger will allow you to hidden launch application, which is used by a number of malware

Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

10.Restoring boot settings in SafeMode

Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode.

This firmware restores boot settings in protected mode. Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode .

11.Unlock task manager

Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

12.Clearing the ignore list of the HijackThis utility

The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list.

IN currently A number of malicious programs are known that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list

Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

13. Cleaning the Hosts file

Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard “127.0.0.1 localhost” line.

Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms include blocking antivirus software updates.

You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

14. Automatic correction of SPl/LSP settings

Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found.

This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session

Indications for use: After removing the malicious program, I lost access to the Internet.

15. Reset SPI/LSP and TCP/IP settings (XP+)

This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows.

Note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!

Indications for use: After removing the malicious program, access to the Internet and execution of the firmware “14. Automatically correcting SPl/LSP settings does not work.

16. Recovering the Explorer launch key

Restores system registry keys responsible for launching Explorer.

Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

17. Unlocking the registry editor

Unblocks the Registry Editor by removing the policy that prevents it from running.

Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

18. Complete re-creation of SPI settings

Performs backup SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15. Use only if necessary!

19. Clear MountPoints database

Cleans up the MountPoints and MountPoints2 database in the registry. This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

On a note:

Restoration is useless if the system is running a Trojan that performs such reconfigurations - you must first remove the malicious program and then restore the system settings

On a note:

To eliminate traces of most Hijackers, you need to run three firmware - “Reset Internet Explorer search settings to standard”, “Restore Internet Explorer start page”, “Reset Internet Explorer protocol prefix settings to standard”

On a note:

Any of the firmware can be executed several times in a row without damaging the system. Exceptions - “5.

Restoring desktop settings" (running this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10.

Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting in safe mode).

To start the recovery, first download, unpack and run utility. Then click File - System Restore. By the way, you can also do

Check the boxes that you need and click start operations. That's it, we look forward to completion :-)

In the following articles we will look in more detail at the problems that avz system recovery firmware will help us solve. So good luck to you.

Modern antiviruses have acquired various additional functionality so much that some users have questions while using them. In this lesson we will tell you about all key features AVZ antivirus operation.

Let's look at what AVZ is in as much detail as possible using practical examples. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus should be able to detect malware on your computer and deal with it (treat or remove it). It is natural that this function is also present in AVZ. Let's see in practice what such a check is like.

Let's launch AVZ.
A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.

On the first tab "Search area" you need to tick those folders and sections hard drive that you want to scan. A little lower you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will allow you to perform a special heuristic analysis, scan additional running processes and even identify potentially dangerous software.

After that, go to the tab "File Types". Here you can choose what data the utility should scan.
If you are doing a regular check, then just check the box "Potentially dangerous files". If viruses have taken deep roots, then you should choose "All files".
In addition to regular documents, AVZ also easily scans archives, something that many other antiviruses cannot boast of. This tab is where you can enable or disable this check. We recommend unchecking the checkbox for scanning large archives if you want to achieve maximum results.
In total, your second tab should look like this.

Next we go to the last section "Search Options".
At the very top you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking API and RootKit interceptors, searching for keyloggers, and checking SPI/LSP settings. The general appearance of your last tab should be something like this.

Now you need to configure the actions that AVZ will take when a particular threat is detected. To do this, you first need to check the box next to the line "Carry out treatment" in the right area of the window.

Next to each type of threat, we recommend setting the parameter "Delete". The only exceptions are threats like "HackTool". Here we recommend leaving the parameter "Treat". In addition, check the two lines below the list of threats.

The second parameter will allow the utility to copy the unsafe document to a specially designated location. You can then view all the contents, and then safely delete them. This is done so that you can exclude from the list of infected data those that are not actually infected (activators, key generators, password generators, and so on).
When all the settings and search parameters have been set, you can begin the scanning itself. To do this, click the corresponding button "Start".

The verification process will begin. Her progress will be displayed in a special area "Protocol".
After some time, which depends on the amount of data being scanned, the scanning will be completed. A message indicating the completion of the operation will appear in the log. The total time spent on analyzing files will also be indicated, as well as statistics on scanning and identified threats.

By clicking on the button marked in the image below, you can see in a separate window all suspicious and dangerous objects, which were identified by AVZ during the inspection.

The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. When the operation is complete, press the button "OK" at the bottom.

After cleaning your computer, you can close the program window.

System functions

In addition to standard malware scanning, AVZ can perform a lot of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File". As a result, a context menu will appear containing all available auxiliary functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogues of the corresponding buttons in the AVZ main menu.

System Research

This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware. Such information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. Here you can specify what information AVZ should collect. After checking all the necessary boxes, you should click the button "Start" at the bottom.

After this, a save window will open. In it you can select the location of the document with detailed information, and also indicate the name of the file itself. Please note that all information will be saved as an HTML file. It opens in any web browser. Having specified the path and name for the saved file, you need to click the button "Save".

As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

System Restore

By using this set functions, you can return operating system elements to their original form and reset various settings. Most often, malware tries to block access to the Registry Editor, Task Manager and write its values in the Hosts system document. You can unlock such elements using the option "System Restore". To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.

After this you need to press the button “Perform marked operations” in the lower area of the window.

A window will appear on the screen in which you must confirm the action.

After some time, you will see a message indicating that all tasks have completed. Just close this window by clicking the button "OK".

Scripts

In the list of parameters there are two lines related to working with scripts in AVZ - "Standard scripts" And "Run script".

Clicking on a line "Standard scripts", you will open a window with a list of ready-made scripts. All you need to do is tick the boxes that you want to run. After this, click the button at the bottom of the window "Run".

In the second case, you will launch the script editor. Here you can write it yourself or download one from your computer. Don't forget to click the button after writing or uploading "Run" in the same window.

Database update

This item is the most important of the entire list. By clicking on the corresponding line, you will open the AVZ database update window.

We do not recommend changing settings in this window. Leave everything as it is and press the button "Start".

After some time, a message will appear on the screen indicating that the database update is complete. All you have to do is close this window.

Viewing the contents of the Quarantine and Infected folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected while scanning your system.

In the windows that open, you can permanently delete such files or restore them if they actually do not pose a threat.

Please note that in order for suspicious files to be placed in these folders, you must check the appropriate boxes in the system scanning settings.

This is the last option from this list, which the average user may need. As the name suggests, these parameters allow you to save the preliminary antivirus configuration (search method, scanning mode, etc.) to your computer, and also load it back.

When saving, you will only need to specify the file name, as well as the folder in which you want to save it. When loading a configuration, simply select the desired file with settings and click the button "Open".

Exit

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - when a particularly dangerous software— AVZ blocks all methods of its own closing, except for this button. In other words, you will not be able to close the program with a keyboard shortcut "Alt+F4" or by clicking on the banal cross in the corner. This is done so that viruses cannot interfere with the correct operation of AVZ. But by clicking this button, you can close the antivirus if necessary for sure.

In addition to the options described, there are also others in the list, but they most likely will not be needed ordinary users. Therefore, we did not focus on them. If you still need help regarding the use of functions that are not described, write about it in the comments. And we move on.

List of services

In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the last section, we will go over only those that may be useful to the average user.

Process Manager

By clicking on the very first line from the list, you will open a window "Process Manager". Here you can see a list of all executable files, which are running on a computer or laptop in this moment time. In the same window you can read a description of the process, find out its manufacturer and the full path to the executable file itself.

You can also terminate a particular process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.

This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations where "Task Manager" blocked by a virus.

Services and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.

You can select the required item, after which you will have the options to enable, disable or complete removal services/drivers. These buttons are located at the top of the work area.

Startup Manager

This service will allow you to fully customize autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on the line with the same name, you will see the following.

In order to disable the selected element, you only need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button at the top of the window in the form of a black cross.

Please note that a deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

Hosts File Manager

We mentioned a little above that the virus sometimes writes its own values into the system file "Hosts". And in some cases, malware also blocks access to it so that you cannot correct the changes made. This service will help you in such situations.

By clicking on the line shown in the image above in the list, you will open a manager window. You cannot add your own values here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of the work area.

After this, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".

When the selected line is deleted, you just need to close this window.

Be careful not to delete lines whose purpose you don't know. To file "Hosts" Not only viruses, but also other programs can write their values.

System utilities

With AVZ you can also launch the most popular system utilities. You can see their list if you hover your mouse over the line with the corresponding name.

By clicking on the name of a particular utility, you will launch it. After this, you can make changes to the registry (regedit), configure the system (msconfig) or check system files (sfc).

These are all the services we wanted to mention. Beginner users are unlikely to need a protocol manager, extensions, or other additional services. Such functions are more suitable for more advanced users.

AVZGuard

This function was developed to combat the most cunning viruses that using standard methods do not delete. It simply adds malware to a list of untrusted software that is prohibited from performing its operations. To enable this function you need to click on the line "AVZGuard" in the upper AVZ area. In the drop-down window, click on the item "Enable AVZGuard".

Be sure to close everything third party applications before enabling this feature, otherwise they will also be included in the list of untrusted software. The operation of such applications may be disrupted in the future.

All programs that are marked as trusted will be protected from deletion or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After this, you should disable AVZGuard back. To do this, click again on a similar line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology indicated in the name will monitor all started, stopped and modified processes/drivers. To use it, you must first enable the corresponding service.

Click on the AVZPM line at the top of the window.
In the drop-down menu, click on the line “Install the advanced process monitoring driver”.

Within a few seconds, the necessary modules will be installed. Now, when changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down window. This will unload all AVZ processes and remove previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have an x64 operating system installed. Unfortunately, the mentioned utilities do not work on an OS with this bit depth.

This brings this article to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will be happy to pay attention to each question and try to give the most detailed answer.

An excellent program for removing viruses and restoring the system is AVZ (Zaitsev Anti-Virus). You can download AVZ by clicking on the orange button after generating links.And if a virus blocks the download, then try downloading the entire anti-virus set!

The main capabilities of AVZ are virus detection and removal.

AVZ antivirus utility is designed to detect and remove:

SpyWare and AdWare modules are the main purpose of the utility
Dialer (Trojan.Dialer)
Trojans
BackDoor modules
Network and mail worms
TrojanSpy, TrojanDownloader, TrojanDropper

The utility is a direct analogue of the TrojanHunter and LavaSoft Ad-aware 6 programs. The primary task of the program is to remove SpyWare and Trojan programs.

Features of the AVZ utility (in addition to the standard signature scanner) are:

Heuristic system check microprograms. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.
Updated database of secure files. It includes digital signatures of tens of thousands system files and files of known safe processes. The base is connected to everyone AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
Detector keyloggers(Keylogger) and Trojan DLLs. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings and diagnose possible mistakes in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;
Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them); the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port
Built-in analyzer shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
Built-in Downloaded Program Files (DPF) analyzer - displays DPF elements, connected to all AVZ systems.
System recovery firmware. Firmware restores Internet Explorer settings, program launch settings, and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.
Heuristic file deletion. Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. . All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used;
Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; letters Email and MHT files; CHM archives
Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75
Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ in corporate network, including its launch during system boot.
Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.
AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, supported on all operating systems NT line, allows the scanner to analyze blocked files and quarantine them.
Driver for monitoring processes and drivers AVZPM. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.