home › Navigators › Restoring normal functioning using AVZ. AVZ - restoring system settings and removing viruses Restoring windows using avz

Restoring normal functioning using AVZ. AVZ - restoring system settings and removing viruses Restoring windows using avz

A simple, easy and convenient way to restore functionality even without the qualifications and skills to do so is possible thanks to the AVZ anti-virus utility. The use of so-called “firmware” (terminology of the AVZ antivirus utility) allows you to reduce the entire process to a minimum.

In order for everything to function in your laptop, this will be ensured by a battery for asus laptop, and for the proper functioning of all the “cogs” of the operating system, AVZ functionality will not be the least important.

Help is possible with most typical problems appearing before the user. All firmware functionality is called from the menu "File -> System Restore".

Restoring startup parameters of .exe, .com, .pif files
Restoring the system's standard response to files with the extension exe, com, pif, scr.
After treatment for the virus, any programs and scripts stopped running.
Resetting protocol prefix settings Internet Explorer to standard
Recovery standard settings protocol prefixes in Internet browser Explorer
Recommendations for use: when you enter a web address, for example, www.yandex.ua, it is replaced with an address like www.seque.com/abcd.php?url=www.yandex.ua
Restoring the starting Internet pages Explorer
Just return the start page in Internet Explorer
Recommendations for use: if the start page has been changed
Reset Internet Explorer search settings to default
Restores search settings in Internet Explorer
Recommendations for use: The "Search" button leads to "left" sites
Restoring desktop settings
Removes all active ActiveDesktop items and wallpapers, and unlocks the desktop settings menu.
Recommendations for use: displaying third-party inscriptions and/or drawings on the desktop
Removing all Policies (restrictions) of the current user
removing restrictions on user actions caused by changes in Policies.
Recommendations for use: Explorer functionality or other system functionality was blocked.
Removing the message output during WinLogon
Restoring the standard message when the system starts up.
Recommendations for use: During the system boot process, a third-party message is observed.
Restoring File Explorer settings
Returns all Explorer settings to their standard form.
Recommendations for use: Inappropriate Explorer settings
Removing system process debuggers
System process debuggers are launched secretly, which is very beneficial for viruses.
Recommendations for use: for example, after booting the desktop disappears.
Restoring boot settings to safe mode(SafeMode)
Reanimates the effects of worms like Bagle, etc.
Recommendations for use: problems with loading into protected mode (SafeMode), otherwise it is not recommended to use it.
Unlocking Task Manager
Unblocks any attempts to call the task manager.
Recommendations for use: if instead of the task manager you see the message "Task Manager is blocked by the administrator"
Clearing the HijackThis utility ignore list
The HijackThis utility saves its settings in the system registry, in particular, a list of exceptions is stored there. Viruses masquerading as HijackThis are registered in this exclusion list.
Recommendations for use: You suspect that the HijackThis utility does not display all information about the system.
All uncommented lines are removed and the only meaningful line "127.0.0.1 localhost" is added.
Recommendations for use: Hosts file changed. You can check the Hosts file using the Hosts file manager built into AVZ.
Automatic correction of SPl/LSP settings
SPI settings are analyzed and, if necessary, errors found are automatically corrected. The firmware can be safely re-run many times. After execution, a computer restart is required. Attention!!! The firmware cannot be used from a terminal session
Recommendations for use: After treatment for the virus, I lost access to the Internet.
Resetting SPI/LSP and TCP/IP settings (XP+)
The firmware runs exclusively on XP, Windows 2003 and Vista. The standard “netsh” utility from Windows is used. Described in detail in the Microsoft knowledge base - http://support.microsoft.com/kb/299357
Recommendations for use: After treatment for the virus, I lost access to the Internet and firmware No. 14 did not help.
Recovering the Explorer launch key
Restoring system registry keys responsible for launching Explorer.
Recommendations for use: After the system boots, you can only launch explorer.exe manually.
Unlocking Registry Editor
Unblocking the Registry Editor by removing the policy that prevents it from running.
Recommendations for use: When you try to launch Registry Editor, you receive a message indicating that your administrator has blocked it from running.
Complete re-creation of SPI settings
Does backup all SPI/LSP settings, then creates them to the standard, which is located in the database.
Recommendations for use: When restoring SPI settings, firmware No. 14 and No. 15 did not help you. Dangerous, use at your own peril and risk!
Clear MountPoints database
The database in the system registry for MountPoints and MountPoints2 is cleared.
Recommendations for use: for example, it is impossible to open drives in Explorer.
Replace the DNS of all connections with Google Public DNS
We change everything DNS addresses used servers on 8.8.8.8

Some useful tips:

Most problems with Hijacker can be treated with three microprograms - No. 4 “Reset Internet Explorer search settings to standard”, No. 3 “Recovery” home page Internet Explorer" and No. 2 "Resetting Internet Explorer protocol prefix settings to standard."
All firmware except #5 and #10 can be safely executed multiple times.
And of course it is useless to fix anything without first removing the virus.

There are programs that are as universal as a Swiss Army knife. The hero of my article is just such a “station wagon”. His name is AVZ(Zaitsev Antivirus). With the help of this free Antivirus and viruses can be caught, the system can be optimized, and problems can be fixed.

AVZ capabilities

I already talked about the fact that this is an antivirus program in. The work of AVZ as a one-time antivirus (more precisely, an anti-rootkit) is well described in its help, but I will show you another side of the program: checking and restoring settings.

What can be “fixed” with AVZ:

Restore startup of programs (.exe, .com, .pif files)
Reset Internet Explorer settings to default
Restore desktop settings
Remove rights restrictions (for example, if a virus has blocked programs from launching)
Remove a banner or window that appears before you log in
Remove viruses that can run along with any program
Unblock the task manager and registry editor (if the virus has prevented them from running)
Clear file
Prohibit autorun of programs from flash drives and disks
Remove unnecessary files from hard drive
Fix desktop problems
And much more

You can also use it to check Windows settings for security (in order to better protect against viruses), as well as optimize the system by cleaning startup.

The AVZ download page is located.

The program is free.

First, let's protect your Windows from careless actions.

The AVZ program has Very many functions affecting the operation of Windows. This dangerous, because if there is a mistake, disaster can happen. Please read the text and help carefully before doing anything. The author of the article is not responsible for your actions.

In order to be able to “return everything as it was” after careless work with AVZ, I wrote this chapter.

This is a mandatory step, essentially creating an “escape route” in case of careless actions - thanks to the restore point, it will be possible to restore the settings, Windows registry to an earlier state.

System Windows recovery- a mandatory component of all Windows versions, starting with Windows ME. It’s a pity that they usually don’t remember about it and waste time reinstalling Windows and programs, although you could just click a couple of times and avoid all the problems.

If the damage is serious (for example, some system files have been deleted), then System Restore will not help. In other cases - if you configured Windows incorrectly, messed around with the registry, installed a program that prevents Windows from booting, or used the AVZ program incorrectly - System Restore should help.

After work, AVZ creates subfolders with backup copies in its folder:

/Backup- backup copies of the registry are stored there.

/Infected- copies of deleted viruses.

/Quarantine- copies of suspicious files.

If after using AVZ problems started (for example, you thoughtlessly used the AVZ “System Restore” tool and the Internet stopped working) and Recovery Windows systems did not roll back the changes made, you can open registry backups from the folder Backup.

How to create a restore point

Let's go to Start - Control Panel - System - System Protection:

Click “System Protection” in the “System” window.

Click the “Create” button.

The process of creating a restore point can take ten minutes. Then a window will appear:

A restore point will be created. By the way, they are automatically created when installing programs and drivers, but not always. Therefore, before dangerous actions (setting up, cleaning the system), it is better to once again create a restore point, so that in case of trouble you can praise yourself for your foresight.

How to restore your computer using a restore point

There are two options for running System Restore - from under running Windows and using the installation disc.

Option 1 - if Windows starts

Let's go to Start - All Programs - Accessories - System Tools - System Restore:

Will start Select a different restore point and press Further. A list of restore points will open. Select the one you need:

The computer will automatically restart. After downloading, all settings, its registry and some important files will be restored.

Option 2 - if Windows does not boot

You need an “installation” disk with Windows 7 or Windows 8. I wrote in where to get it (or download it).

Boot from the disk (how to boot from boot disks is written) and select:

Select "System Restore" instead Windows installations

Repairing the system after viruses or inept actions with the computer

Before all actions, get rid of viruses, for example, using. Otherwise there will be no sense - corrected settings running virus will “break” again.

Restoring program launches

If a virus has blocked the launch of any programs, then AVZ will help you. Of course, you still need to launch AVZ itself, but it’s quite easy:

First we go to Control Panel- set any type of viewing, except Category - Folders settings - View- uncheck Hide extensions for registered file types - OK. Now you can see for each file extension- several characters after the last dot in the name. This is usually the case with programs. .exe And .com. To run AVZ antivirus on a computer where running programs is prohibited, rename the extension to cmd or pif:

Then AVZ will start. Then in the program window itself, click File - :

Points to note:

1. Restoring startup parameters of .exe, .com, .pif files(actually, it solves the problem of launching programs)

6. Removing all Policies (restrictions) of the current user(in some rare cases, this item also helps solve the problem of starting programs if the virus is very harmful)

9. Removing system process debuggers(it is very advisable to note this point, because even if you checked the system with an antivirus, something could remain from the virus. It also helps if the Desktop does not appear when the system starts)

, confirm the action, a window appears with the text “System restoration completed.” Afterwards, all that remains is to restart the computer - the problem with launching programs will be solved!

Restoring the Desktop launch

A fairly common problem is that the desktop does not appear when the system starts.

Launch Desktop you can do this: press Ctrl+Alt+Del, launch Task Manager, there press File - New task (Run...) - enter explorer.exe:

OK- The desktop will start. But this is only a temporary solution to the problem - the next time you turn on the computer you will have to repeat everything again.

To avoid doing this every time, you need to restore the program launch key explorer(“Explorer”, which is responsible for standard viewing of the contents of folders and the operation of the Desktop). In AVZ click File- and mark the item

Perform marked operations, confirm the action, press OK. Now when you start your computer, the desktop will launch normally.

Unlocking Task Manager and Registry Editor

If a virus has blocked the launch of the two above-mentioned programs, you can remove the ban through the AVZ program window. Just check two points:

11. Unlock task manager

17. Unlocking the registry editor

And press Perform the marked operations.

Problems with the Internet (VKontakte, Odnoklassniki and antivirus sites do not open)

This component can check four categories of problems with varying degrees of severity (each degree differs in the number of settings):

System problems- This includes security settings. By ticking the found items and pressing the button Fix flagged issues, some virus loopholes will be closed. There is also back side medals - while increasing safety, comfort decreases. For example, if you disable autorun from removable media and CD-ROMs, when you insert flash drives and disks, a window with a choice of actions (view the contents, launch the player, etc.) will not appear - you will have to open the Computer window and start viewing the contents of the disk manually. That is, viruses will not start automatically, and a convenient prompt will not appear. Depending on the Windows settings, everyone will see here their own list of system vulnerabilities.

Browser settings and tweaks- Internet Explorer security settings are checked. As far as I know, the settings of other browsers ( Google Chrome,Opera, Mozilla Firefox and others) are not checked. Even if you do not use Internet Explorer to surf the Internet, I advise you to run a check - components of this browser are often used in various programs and are a potential security hole that should be plugged.

Cleaning the system- partially duplicates the previous category, but does not affect the places where data about user actions is stored.

I recommend checking your system in categories System problems And Browser settings and tweaks by selecting the degree of danger Moderate problems. If the viruses did not touch the settings, then most likely you will be offered only one option - “autostart is allowed from removable media” (flash drives). If you check the box and thus prohibit the autorun of programs from flash drives, then you will at least partially protect your computer from viruses distributed on flash drives. More full protection is achieved only with and working.

Cleaning the system from unnecessary files

Programs AVZ knows how to clean your computer unnecessary files. If you don’t have a hard drive cleaning program installed on your computer, then AVZ will do, since there are many possibilities:

More details about the points:

Clear system cache Prefetch- cleaning the folder with information about which files to load in advance for quick launch programs. The option is useless, because Windows itself quite successfully monitors the Prefetch folder and cleans it when required.
Delete Windows Log Files- you can clear various databases and files that store various records about events occurring in the operating system. The option is useful if you need to free up a dozen or two megabytes of space on your hard drive. That is, the benefit from using it is negligible, the option is useless.
Delete memory dump files- in case of critical Windows errors interrupts its work and shows BSOD ( blue screen death), at the same time preserving information about running programs and drivers to a file for subsequent analysis special programs to identify the culprit of the failure. The option is almost useless, as it allows you to win only ten megabytes free space. Clearing memory dump files does not harm the system.
Clear list of Recent documents- oddly enough, the option clears the Recent Documents list. This list is located in the Start menu. You can also clear the list manually by right-clicking on this item in the Start menu and selecting “Clear list of recent items.” The option is useful: I noticed that clearing the list of recent documents allows the Start menu to display its menus a little faster. It won't harm the system.
Clearing the TEMP folder- The Holy Grail for those who are looking for the reason for the disappearance of free space on the C: drive. The fact is that many programs store files in the TEMP folder for temporary use, forgetting to “clean up after themselves” later. A typical example is archivers. They will unpack the files there and forget to delete them. Clearing the TEMP folder does not harm the system; it can free up a lot of space (in particularly advanced cases, the gain in free space reaches fifty gigabytes!).
Adobe Flash Player - clearing temporary files- "flash player" can save files for temporary use. They can be removed. Sometimes (rarely) this option helps in dealing with Flash Player glitches. For example, with problems playing video and audio on the VKontakte website. There is no harm from use.
Clearing the terminal client cache- as far as I know, this option clears temporary files of a Windows component called “Remote Desktop Connection” (remote access to computers via RDP). Option it seems does no harm, frees up a dozen megabytes of space at best. There is no point in using it.
IIS - Deleting HTTP Error Log- it takes a long time to explain what it is. Let me just say that it is better not to enable the IIS log clearing option. In any case, it does no harm, and no benefit either.
Macromedia Flash Player- item duplicates "Adobe Flash Player - clearing temporary files", but affects rather ancient versions of Flash Player.
Java - clearing cache- gives you a gain of a couple of megabytes on your hard drive. I don't use Java programs, so I haven't checked the consequences of enabling the option. I don't recommend turning it on.
Emptying the Trash- the purpose of this item is absolutely clear from its name.
Remove system update installation logs- Windows keeps a log installed updates. Enabling this option clears the log. The option is useless because there is no gain in free space.
Remove Windows Update Protocol- similar to the previous point, but other files are deleted. Also a useless option.
Clear MountPoints database- if when you connect a flash drive or hard drive, icons with them are not created in the Computer window, this option can help. I advise you to enable it only if you have problems connecting flash drives and disks.
Internet Explorer - clearing cache- cleans Internet Explorer temporary files. The option is safe and useful.
Microsoft Office- cache clearing- cleans temporary files of Microsoft Office programs - Word, Excel, PowerPoint and others. I can't check the security options because I don't have Microsoft Office.
Clearing the CD burning system cache- a useful option that allows you to delete files that you have prepared for burning to disks.
Cleaning the system TEMP folder- unlike the user TEMP folder (see point 5), cleaning this folder is not always safe, and usually frees up little space. I don't recommend turning it on.
MSI - cleaning the Config.Msi folder- This folder stores various files created by program installers. The folder is large if the installers did not complete their work correctly, so cleaning the Config.Msi folder is justified. However, I warn you - there may be problems with uninstalling programs that use .msi installers (for example, Microsoft Office).
Clear task scheduler logs- Windows Task Scheduler keeps a log where it records information about completed tasks. I don’t recommend enabling this item, because there is no benefit, but it will add problems - Windows Task Scheduler is a rather buggy component.
Remove Windows Setup Logs- winning a place is insignificant, there is no point in deleting.
Windows - clearing icon cache- useful if you have problems with shortcuts. For example, when the Desktop appears, icons do not appear immediately. Enabling this option will not affect system stability.
Google Chrome - clearing cache- a very useful option. Google Chrome stores copies of pages in a designated folder to help open sites faster (pages are loaded from your hard drive instead of downloading over the Internet). Sometimes the size of this folder reaches half a gigabyte. Cleaning is useful because it frees up space on your hard drive; it does not affect the stability of either Windows or Google Chrome.
Mozilla Firefox - Cleaning up the CrashReports folder- every time when Firefox browser a problem occurs and it closes abnormally, report files are created. This option deletes report files. The gain in free space reaches a couple of tens of megabytes, that is, the option is of little use, but it is there. Does not affect the stability of Windows and Mozilla Firefox.

Depending on the installed programs, the number of items will vary. For example, if the Opera browser is installed, you can clear its cache too.

Cleaning the list of startup programs

A surefire way to speed up your computer's startup and speed is to clean the startup list. If unnecessary programs will not start, then the computer will not only turn on faster, but also work faster - due to the freed up resources, which will not be taken up by programs running in the background.

AVZ can view almost all loopholes in Windows through which programs are launched. You can view the autorun list in the Tools - Autorun Manager menu:

The average user has absolutely no need for such powerful functionality, so I urge don't turn everything off. It is enough to look at only two points - Autorun folders And Run*.

AVZ displays autorun not only for your user, but also for all other profiles:

In chapter Run* It’s better not to disable programs located in the section HKEY_USERS- this may disrupt the operation of other user profiles and the operating system itself. In chapter Autorun folders you can turn off everything you don't need.

The lines identified by the antivirus as known are marked in green. This includes both system Windows programs, and third-party programs that have a digital signature.

All other programs are marked in black. This does not mean that such programs are viruses or anything like that, just that not all programs are digitally signed.

Don't forget to make the first column wider so that the program name is visible. Simply unchecking the checkbox will temporarily disable the program's autorun (you can then check the box again), highlighting the item and pressing the button with a black cross will delete the entry forever (or until the program registers itself in autorun again).

The question arises: how to determine what can be turned off and what cannot? There are two solutions:

Firstly, there is common sense: you can make a decision based on the name of the .exe file of the program. For example, Skype program upon installation creates an entry for automatic start when you turn on the computer. If you don’t need this, uncheck the box ending with skype.exe. By the way, many programs (including Skype) can remove themselves from startup; just uncheck the corresponding item in the settings of the program itself.

Secondly, you can search the Internet for information about the program. Based on the information received, it remains to make a decision: to remove it from autorun or not. AVZ makes it easy to find information about items: just right-click on the item and select your favorite search engine:

By disabling unnecessary programs, you will significantly speed up your computer startup. However, it is not advisable to disable everything - this risks losing the layout indicator, disabling the antivirus, etc.

Disable only those programs that you know for sure - you don’t need them at startup.

Bottom line

In principle, what I wrote about in the article is akin to hammering nails with a microscope - the AVZ program is suitable for optimizing Windows, but in general it is a complex and powerful tool suitable for performing a wide variety of tasks. However, to use AVZ on full blast, you need to know Windows thoroughly, so you can start small - namely with what I described above.

If you have any questions or comments, there is a comment section under the articles where you can write to me. I am monitoring the comments and will try to respond to you as quickly as possible.

Modern antiviruses have acquired various additional functionality so much that some users have questions while using them. In this lesson we will tell you about all key features AVZ antivirus operation.

Let's look at what AVZ is in as much detail as possible using practical examples. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus should be able to detect malware on your computer and deal with it (treat or remove it). It is natural that this function is also present in AVZ. Let's see in practice what such a check is like.

Let's launch AVZ.
A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.

On the first tab "Search area" you need to check the boxes for those folders and hard drive partitions that you want to scan. A little lower you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will allow you to perform a special heuristic analysis, scan additional running processes and even identify potentially dangerous software.

After that, go to the tab "File Types". Here you can choose what data the utility should scan.
If you are doing a regular check, then just check the box "Potentially dangerous files". If viruses have taken deep roots, then you should choose "All files".
In addition to regular documents, AVZ also easily scans archives, something that many other antiviruses cannot boast of. This tab is where you can enable or disable this check. We recommend unchecking the checkbox for scanning large archives if you want to achieve maximum results.
In total, your second tab should look like this.

Next we go to the last section "Search Options".
At the very top you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking API and RootKit interceptors, searching for keyloggers, and checking SPI/LSP settings. The general appearance of your last tab should be something like this.

Now you need to configure the actions that AVZ will take when a particular threat is detected. To do this, you first need to check the box next to the line "Carry out treatment" in the right area of the window.

Next to each type of threat, we recommend setting the parameter "Delete". The only exceptions are threats like "HackTool". Here we recommend leaving the parameter "Treat". In addition, check the two lines below the list of threats.

The second parameter will allow the utility to copy the unsafe document to a specially designated location. You can then view all the contents, and then safely delete them. This is done so that you can exclude from the list of infected data those that are not actually infected (activators, key generators, password generators, and so on).
When all the settings and search parameters have been set, you can begin the scanning itself. To do this, click the corresponding button "Start".

The verification process will begin. Her progress will be displayed in a special area "Protocol".
After some time, which depends on the amount of data being scanned, the scanning will be completed. A message indicating the completion of the operation will appear in the log. The total time spent on analyzing files will also be indicated, as well as statistics on scanning and identified threats.

By clicking on the button marked in the image below, you can see in a separate window all suspicious and dangerous objects, which were identified by AVZ during the inspection.

The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. When the operation is complete, press the button "OK" at the bottom.

After cleaning your computer, you can close the program window.

System functions

In addition to standard malware scanning, AVZ can perform a lot of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File". The result will be context menu, which contains all the available helper functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogues of the corresponding buttons in the AVZ main menu.

System Research

This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware. Such information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. Here you can specify what information AVZ should collect. After checking all the necessary boxes, you should click the button "Start" at the bottom.

After this, a save window will open. In it you can select the location of the document with detailed information, and also indicate the name of the file itself. Please note that all information will be saved as an HTML file. It opens in any web browser. Having specified the path and name for the saved file, you need to click the button "Save".

As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

System Restore

By using this set functions, you can return operating system elements to their original form and reset various settings. Most often, malware tries to block access to the Registry Editor, Task Manager and write its values in the Hosts system document. You can unlock such elements using the option "System Restore". To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.

After this you need to press the button “Perform marked operations” in the lower area of the window.

A window will appear on the screen in which you must confirm the action.

After some time, you will see a message indicating that all tasks have completed. Just close this window by clicking the button "OK".

Scripts

In the list of parameters there are two lines related to working with scripts in AVZ - "Standard scripts" And "Run script".

Clicking on a line "Standard scripts", you will open a window with a list of ready-made scripts. All you need to do is tick the boxes that you want to run. After this, click the button at the bottom of the window "Run".

In the second case, you will launch the script editor. Here you can write it yourself or download it from your computer. Don't forget to click the button after writing or uploading "Run" in the same window.

Database update

This item is the most important of the entire list. By clicking on the corresponding line, you will open the AVZ database update window.

We do not recommend changing settings in this window. Leave everything as it is and press the button "Start".

After some time, a message will appear on the screen indicating that the database update is complete. All you have to do is close this window.

Viewing the contents of the Quarantine and Infected folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected while scanning your system.

In the windows that open, you can permanently delete such files or restore them if they actually do not pose a threat.

Please note that in order for suspicious files to be placed in these folders, you must check the appropriate boxes in the system scanning settings.

This is the last option from this list, which the average user may need. As the name suggests, these parameters allow you to save the preliminary antivirus configuration (search method, scanning mode, etc.) to your computer, and also load it back.

When saving, you will only need to specify the file name, as well as the folder in which you want to save it. When loading a configuration, simply select the desired file with settings and click the button "Open".

Exit

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - when a particularly dangerous software— AVZ blocks all methods of its own closing, except for this button. In other words, you will not be able to close the program with a keyboard shortcut "Alt+F4" or by clicking on the banal cross in the corner. This is done so that viruses cannot interfere with the correct operation of AVZ. But by clicking this button, you can close the antivirus if necessary for sure.

In addition to the options described, there are also others in the list, but they most likely will not be needed by ordinary users. Therefore, we did not focus on them. If you still need help regarding the use of functions that are not described, write about it in the comments. And we move on.

List of services

In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the last section, we will go over only those that may be useful to the average user.

Process Manager

By clicking on the very first line from the list, you will open a window "Process Manager". In it you can see a list of all executable files that are running on a computer or laptop in this moment time. In the same window you can read a description of the process, find out its manufacturer and the full path to the executable file itself.

You can also terminate a particular process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.

This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations where "Task Manager" blocked by a virus.

Services and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.

You can select the required item, after which you will have the options to enable, disable or complete removal services/drivers. These buttons are located at the top of the work area.

Startup manager

This service will allow you to fully customize autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on the line with the same name, you will see the following.

In order to disable the selected element, you only need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button at the top of the window in the form of a black cross.

Please note that a deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

Hosts File Manager

We mentioned a little above that the virus sometimes writes its own values into the system file "Hosts". And in some cases, malware also blocks access to it so that you cannot correct the changes made. This service will help you in such situations.

By clicking on the line shown in the image above in the list, you will open a manager window. You cannot add your own values here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of the work area.

After this, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".

When the selected line is deleted, you just need to close this window.

Be careful not to delete lines whose purpose you don't know. To file "Hosts" Not only viruses, but also other programs can write their values.

System utilities

With AVZ you can also launch the most popular system utilities. You can see their list if you hover your mouse over the line with the corresponding name.

By clicking on the name of a particular utility, you will launch it. After this, you can make changes to the registry (regedit), configure the system (msconfig) or check system files (sfc).

These are all the services we wanted to mention. Beginner users are unlikely to need a protocol manager, extensions, or other additional services. Such functions are more suitable for more advanced users.

AVZGuard

This function was developed to combat the most cunning viruses that using standard methods do not delete. It simply adds malware to a list of untrusted software that is prohibited from performing its operations. To enable this function you need to click on the line "AVZGuard" in the upper AVZ area. In the drop-down window, click on the item "Enable AVZGuard".

Be sure to close everything third party applications before enabling this feature, otherwise they will also be included in the list of untrusted software. The operation of such applications may be disrupted in the future.

All programs that are marked as trusted will be protected from deletion or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After this, you should disable AVZGuard back. To do this, click again on a similar line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology indicated in the name will monitor all started, stopped and modified processes/drivers. To use it, you must first enable the corresponding service.

Click on the AVZPM line at the top of the window.
In the drop-down menu, click on the line “Install the advanced process monitoring driver”.

Within a few seconds, the necessary modules will be installed. Now, when changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down window. This will unload all AVZ processes and remove previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have an x64 operating system installed. Unfortunately, the mentioned utilities do not work on an OS with this bit depth.

This brings this article to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will be happy to pay attention to each question and try to give the most detailed answer.

System Restore is a special feature of AVZ that allows you to restore a number of system settings damaged by malware.

System recovery firmware is stored in antivirus database and updated as needed.

Recommendation: Use system recovery only in a situation where there is a clear understanding that it is required. Before using it, it is recommended to do backup copy or system rollback point.

Note: system restore operations write automatic backup data as REG files in the Backup directory of the AVZ working folder.

Currently the database contains the following firmware:

1.Restoring startup parameters of .exe, .com, .pif files

This firmware restores the system's response to exe, com, pif, scr files.

Indications for use: After the virus is removed, programs stop running.

Possible risks: are minimal, but it is recommended to use

2. Reset Internet Explorer protocol prefix settings to standard

This firmware restores protocol prefix settings in Internet Explorer

Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

Possible risks: minimal

3.Restoring the Internet Explorer start page

This firmware restores the start page in Internet Explorer

Indications for use: replacing the start page

Possible risks: minimal

4.Reset Internet Explorer search settings to standard

This firmware restores search settings in Internet Explorer

Indications for use: When you click the "Search" button in IE, you are directed to some third-party site

Possible risks: minimal

5.Restore desktop settings

This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

Indications for use: The desktop settings tabs in the "Display Properties" window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

Possible risks: user settings will be deleted, the desktop will appear as default

6.Deleting all Policies (restrictions) of the current user

Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.

Indications for use: Explorer functions or other system functions are blocked.

Possible risks: Operating systems of different versions have default policies, and resetting policies to certain standard values is not always optimal. To fix policies that are frequently modified by malicious problems, you should use the Troubleshooting Wizard, which is safe in terms of possible system failures.

7.Deleting the message displayed during WinLogon

Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

Indications for use: An extraneous message is entered during system boot.

Possible risks: No

8.Restoring Explorer settings

This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

Indications for use: Explorer settings changed

Possible risks: are minimal, the most typical damage to settings for malware is found and corrected by the Troubleshooting Wizard.

9.Removing system process debuggers

Registering a system process debugger will allow you to hidden launch application, which is used by a number of malware

Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

Possible risks: minimal, possible disruption of programs that use the debugger for legitimate purposes (for example, replacing the standard task manager)

10.Restoring boot settings in SafeMode

Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode. This firmware restores boot settings in protected mode.

Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode.

Possible risks: high, since restoring the standard configuration does not guarantee that SafeMode will be fixed. In Security Captivity, the Troubleshooting Wizard finds and fixes specific broken SafeMode configuration entries

11.Unlock task manager

Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

Possible risks: troubleshooting wizard

12.Clearing the ignore list of the HijackThis utility

The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to disguise itself from HijackThis malware, it is enough to register your executable files in the list of exceptions. IN currently A number of malicious programs are known that exploit this vulnerability. AVZ firmware clears the HijackThis utility's exception list

Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

Possible risks: minimal, please note that the settings to ignore HijackThis will be deleted

13. Cleaning the Hosts file

Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard "127.0.0.1 localhost" line.

Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms - blocking updates antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

Possible risks: average, please note that the Hosts file may contain useful entries

14. Automatic correction of SPl/LSP settings

Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session

Indications for use: After removing the malicious program, I lost access to the Internet.

Possible risks: average, it is recommended to create a backup before starting

15. Reset SPI/LSP and TCP/IP settings (XP+)

This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows. You can read more about resetting settings in the Microsoft knowledge base - http://support.microsoft.com/kb/299357

Indications for use: After removing the malicious program, access to the Internet was lost and running the firmware "14. Automatic correction of SPl/LSP settings" does not produce any results.

Possible risks: high, it is recommended to create a backup before starting

16. Recovering the Explorer launch key

Restores system registry keys responsible for launching Explorer.

Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

Possible risks: minimum

17. Unlocking the registry editor

Unblocks the Registry Editor by removing the policy that prevents it from running.

Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

Possible risks: minimal, a similar check is performed by the Troubleshooting Wizard

18. Complete re-creation of SPI settings

Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15.

Note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!Use this operation only if necessary, in cases where other SPI recovery methods have not helped !

Possible risks: very high, it is recommended to create a backup before starting!

19. Clear MountPoints database

Cleans up the MountPoints and MountPoints2 database in the registry.

Indications for use: This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

Possible risks: minimum

20.Remove static routes

Performs removal of all static routes.

Indications for use: This operation helps if some sites are blocked using incorrect static routes.

Possible risks: average. It is important to note that for some services to work on some Internet providers, static routes may be necessary and after such deletion they will have to be restored according to the instructions on the Internet provider’s website.

21.Replace the DNS of all connections with Google Public DNS

Replaces in setting up all network adapters DNS servers to public DNS from Google. Helps if a Trojan program has replaced the DNS with its own.

Indications for use: DNS spoofing by malware.

Possible risks: average. Please note that not all providers allow you to use a DNS other than their own.

To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

On a note:

Recovery is useless if the system is running a Trojan program that performs such reconfigurations - you must first remove malware and then restore system settings

On a note:

To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore Internet Explorer start page", "Reset Internet Explorer protocol prefix settings to standard"

On a note:

Any of the firmware can be executed several times in a row without significant damage to the system. Exceptions are "5. Restoring desktop settings" (this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting into safe mode), as well as 15 and 18 (resetting and recreating SPI settings).

An excellent program for removing viruses and restoring the system is AVZ (Zaitsev Anti-Virus). You can download AVZ by clicking on the orange button after generating links.And if a virus blocks the download, then try downloading the entire anti-virus set!

The main capabilities of AVZ are virus detection and removal.

AVZ antivirus utility is designed to detect and remove:

SpyWare and AdWare modules are the main purpose of the utility
Dialer (Trojan.Dialer)
Trojans
BackDoor modules
Network and mail worms
TrojanSpy, TrojanDownloader, TrojanDropper

The utility is a direct analogue of the TrojanHunter and LavaSoft Ad-aware 6 programs. The primary task of the program is to remove SpyWare and Trojan programs.

Features of the AVZ utility (in addition to the standard signature scanner) are:

Heuristic system check microprograms. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.
Updated database of secure files. It includes digital signatures of tens of thousands of system files and files of known secure processes. The base is connected to everyone AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
Detector keyloggers(Keylogger) and Trojan DLLs. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;
Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them); the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port
Built-in analyzer shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
Built-in Downloaded Program Files (DPF) analyzer - displays DPF elements, connected to all AVZ systems.
System recovery firmware. Firmware restores Internet Explorer settings, program launch parameters, and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.
Heuristic file deletion. Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. . All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used;
Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; letters Email and MHT files; CHM archives
Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75
Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ in corporate network, including its launch during system boot.
Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.
AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, supported on all operating systems NT line, allows the scanner to analyze blocked files and quarantine them.
Driver for monitoring processes and drivers AVZPM. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.