Menu
homeWindows 10

Antivirus utility avz 4.45. AVZ - antivirus from Zaitsev


Interface language: Russian English
Treatment: not required

System requirements :

Description :
AVZ - Free, fast working antivirus utility. Includes AVZ itself and additional utilities AVZGuard/AVZPM/BootCleaner.
The main purpose is to detect and remove SpyWare and AdWare modules, as well as Dialer (Trojan.Dialer), Trojan programs, BackDoor modules, network and email worms, TrojanSpy, TrojanDownloader, TrojanDropper.
Essentially, AVZ is an analogue popular program Ad-aware (with its own characteristics, of course).
Additional options include heuristic system checks, embedded system Rootkit detection, Winsock SPI/LSP settings analyzer, built-in process, service and driver manager, TCP/UDP open port analyzer, detector keyloggers(Keylogger) and Trojan DLLs, working without using signatures (an original neuroemulator is used, which allows for research suspicious files using a neural network).

Additional Information:

Heuristic system check microprograms. The firmware searches for known SpyWare and viruses by indirect signs- based on analysis of the registry, files on disk and in memory.
Updated database safe files. It includes digital signatures tens of thousands of system files and files of known safe processes. The base is connected to everyone AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
Built-in Rootkit detection system. Search RootKit goes without using signatures based on research of basic system libraries for interception of their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence and distort API work functions or monitoring their use). Another feature is universal system detecting and blocking KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings and diagnose possible mistakes in settings and perform automatic treatment. Opportunity automatic diagnostics and treatment is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
Built-in manager of processes, services and drivers. Designed for learning running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database, identified safe and system files highlighted in color;
Built-in utility for searching files on disk. Allows you to search for a file using various criteria; the search system’s capabilities are superior system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs typical use of this port
Built-in analyzer shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
Built-in analyzer Downloaded Program Files(DPF) - displays DPF elements, connected to all AVZ systems.
System recovery firmware. Firmware performs recovery Internet settings Explorer, program launch options and others system parameters, damaged malware. Restoration is started manually, the parameters to be restored are specified by the user.
Heuristic file deletion. Its essence is that if during treatment the malicious files and this option is enabled, an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. All found links to deleted file are automatically cleaned with information about what exactly was cleaned and where it was recorded in the protocol. For this cleaning, the system treatment firmware engine is actively used;
Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. On currently archives are checked ZIP format, RAR, CAB, GZIP, TAR; letters Email and MHT files; CHM archives
Checking and treating NTFS streams. Examination NTFS streams included in AVZ since version 3.75
Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ in corporate network, including its launch during system boot.
Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled on maximum level heuristics and is designed to search for suspicious processes in memory.
AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, supported on all operating systems NT line, allows the scanner to analyze blocked files and quarantine them.
Driver for monitoring processes and drivers AVZPM. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.


Program version: 4.46
Interface language: Russian, English
Treatment: not required
System requirements: windows 10, 8.1, 8, 7, vista, xp

Description: AVZ - Free, fast working antivirus utility. Includes AVZ itself and additional utilities AVZGuard/AVZPM/BootCleaner.
The main purpose is to detect and remove SpyWare and AdWare modules, as well as Dialer (Trojan.Dialer), Trojan programs, BackDoor modules, network and email worms, TrojanSpy, TrojanDownloader, TrojanDropper.
In fact, AVZ is an analogue of the popular Ad-aware program (with its own characteristics, of course).
Additional options include a heuristic system check, built-in Rootkit detection system, Winsock SPI/LSP settings analyzer, built-in process, service and driver manager, TCP/UDP open port analyzer, Keylogger and Trojan DLL detector that works without using signatures (an original neuroemulator is used, which allows you to examine suspicious files using a neural network).

Help for working with the program http://z-oleg.com/secur/avz_doc/

Additional Information:

Heuristic system check microprograms. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.
Updated database of secure files. It includes digital signatures of tens of thousands of system files and files of known secure processes. The database is connected to all AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;
Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port
Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
Built-in Downloaded Program Files (DPF) analyzer - displays DPF elements, connected to all AVZ systems.
System recovery firmware. Firmware restores settings Internet Explorer, program launch settings and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.
Heuristic file deletion. Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. . All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used;
Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; emails and MHT files; CHM archives
Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75
Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.
Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.
AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.
Driver for monitoring processes and drivers AVZPM. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.
changelog 4.46: Improvements and modifications for compatibility with Windows 10

Download torrent

AVZ - free antivirus program, which is designed to clean your computer from Spyware and Adware programs, various Backdoor and Trojan components and other things malicious code(Trojan downloaders, Dialer, etc.).

Besides standard scanners(with a heuristic analyzer) and the auditor includes a number of tools for automating the removal of malicious code, some of which are atypical (for 2007) and provide a fairly competent user with advanced control tools.

The program was developed by Oleg Zaitsev. Since 2007, Oleg has been working at Kaspersky Lab and remains the only developer of AVZ. The developments and technologies used in AVZ were included in the main products of Kaspersky Lab - Kaspersky Internet Security 2009/2010 and Kaspersky for Windows Workstations 6 MP4.

Purpose of AVZ

The AVZ program is used to find and remove:

  • Spyware and Adware
  • Trojan programs
  • Backdoor
  • Viruses
  • Network worms
  • Mail worms
  • Rootkits
  • Keyloggers

The program is also used to create logs, useful when requesting help on antivirus forums.

Tools built into AVZ

  • Heuristic system check firmware

Firmware searches for known Spyware and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.

  • Updated database of safe files

It includes digital signatures of tens of thousands of system files and files of known safe processes. The database is connected to all AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk).

  • Rootkit detector (built-in)

The search for rootkits is carried out without the use of signatures, based on the study of basic system libraries to intercept their functions. AVZ can not only detect rootkits, but also correctly block rootkits. Countering rootkits extends to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by rootkits. A special feature of the anti-rootkit system is its functionality in Windows 9x. Another feature is the universal system for detecting and blocking KernelMode rootkits, operable under Microsoft Windows NT, Microsoft Windows 2000 pro/server, Microsoft Windows XP/XP SP1/XP SP2/XP SP3, Microsoft Windows 2003 Server, Microsoft Windows 2003 Server SP1.

  • Keylogger and Trojan DLL detector

The search for keyloggers and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and keyloggers.

  • Neuroanalyzer

In addition to the signature analyzer, AVZ contains a neuroemulator that allows you to examine suspicious files using neural network. Currently, the neural network is used in a keylogger detector.

  • Winsock SPI/LSP settings analyzer (built-in)

Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit.

  • Manager of processes, services and drivers (built-in)

Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color.

  • Utility for searching files on disk (built-in)

Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine.

  • Utility for searching data in the registry (built-in)

Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them).

  • TCP/UDP open port analyzer (built-in)

It is covered by an anti-rootkit; in Microsoft Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port.

  • Analyzer of shared resources, network sessions and files opened over the network (built-in)

Works in Microsoft Windows 9x and Microsoft Windows NT/2000/XP.

  • Downloaded Program Files (DPF) analyzer (built-in)

Displays DPF elements, connected to all AVZ systems.

  • System recovery firmware

Firmware restores settings, program launch parameters and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.

  • Heuristic file deletion

Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, extensions and Explorer, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used.

  • Checking archives

Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, tar formats are checked; emails and MHT files; CHM archives.

  • Checking and treating NTFS streams

Checking NTFS streams is included in AVZ starting from version 3.75.

  • Control scripts

Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.

  • Process Analyzer

The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.

  • AVZGuard system

Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.

  • Direct disk access system for working with locked files

Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.

  • AVZPM Process Monitoring and Driver Driver

Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures that describe processes and drivers created by DKOM rootkits.

  • Boot Cleaner Driver

Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.

AVZ is an effective and popular antivirus program among users. AVZ has wide functionality, which make it possible to detect and subsequently neutralize various dangerous elements. These include viruses, email and network worms, rootkits, Trojans and the like. The appendix contains great amount important means to ensure guaranteed protection from viruses. It is also necessary to note the database of secure, updated files.

Purpose of the free antivirus utility AVZ

The main purpose of the AVZ antivirus utility is to detect and remove:

Dialer (Trojan.Dialer).

AdWare and SpyWare modules.

Trojan programs.

Mail and network worms.

BackDoor modules.

TrojanDropper, TrojanDownloader, TrojanSpy.

Key Features

Firmware that provides heuristic system checks. Firmware action is based on search known viruses and SpyWare based on available indirect evidence - based on analysis of files, the registry in memory and on disk.

Updated database of system and secure files. IN this database Digital signatures for thousands of secure process and system files are included. The database is connected to each of the systems of the AVZ anti-virus utility, and its functioning is carried out on the “friend/foe” principle - entering safe files into quarantine is not provided, warnings and deletion are blocked for them, the database is used by an anti-rootkit, various analyzers, and a file search system. The built-in process manager, in particular, allocates safe services and processes a certain color, and the file search can use the exclusion of known files from the search (which is very important and useful when searching for Trojan programs on the disk).

Built-in Rootkit discovery system. RootKit detection is carried out based on a study of the main system libraries for the possibility of intercepting their functions without using signatures. Antivirus utility is capable of detecting not only RootKit, but also correctly blocking UserMode RootKit actions in its process, as well as KernelMode RootKit at the system level. The RootKit anti-root function is available in all AVZ service functions; as a result, the AVZ scanner is able to detect masked processes, and the search system in the registry easily finds masked keys and the like.

The anti-rootkit is equipped with an analyzer that searches for services and processes where RootKit is disguised. One of main features AVZ system anti-RootKit utility lies in its functionality in Win9X (many rootkits also work in Win9X systems, intercepting API functions to disguise themselves). Next feature AVZ will be a universal system for finding and blocking KernelMode RootKit.

Keylogger and Trojan DLL detector. Search for Trojan DLLs, as well as keyboard shortcuts Keylogger spies is performed without using a signature database based on system analysis, which allows you to very confidently detect previously unknown Keylogger and Trojan DLLs.

Neuroanalyzer. AVZ for Windows, in addition to a signature analyzer, includes a neuroemulator that can examine suspicious files using a neural network. Today, the neural network is effectively used in the keylogger detector.

Winsock SPI/LSP Settings Analyzer. The built-in Winsock analyzer makes it possible to analyze the settings, diagnose possible errors in the settings, and then perform automatic treatment. Having the possibility of automatic diagnosis and subsequent treatment will be extremely useful for beginners and inexperienced users(there is no automatic treatment in programs like LSPFix). For manual SPI/LSP research, the utility operates specialized manager LSP/SPI settings. And on Winsock, an anti-rootkit action is performed, which stops the operation of malicious code.

Built-in manager of services, processes and drivers. The built-in dispatcher provided is designed to study loaded libraries, running processes, drivers and services. The work of the process manager is also covered by the anti-rootkit (as a result, it can “see” processes that are masked by the rootkit). The process manager has a close relationship with the database of safe files of the AVZ utility; recognized system and safe files are highlighted special color;

Built-in utility that searches for files on disk. This utility allows you to search for files using a variety of criteria, while the capabilities of the search system are an order of magnitude higher than the capabilities of the system search. The anti-rootkit also extends to the search system, so the search quickly detects files masked by the rootkit and can delete them. At the same time, files identified as safe can be screened out using a filter that excludes these files from search results. Search results can be available in table form or as a text log, where you can mark the listed files for quarantine or subsequent deletion.

Built-in utility for finding data in the registry. This utility allows you to search for parameters and keys according to a given pattern; the results will be available in the form of a table or as a text protocol, where you can immediately mark a group of keys for deleting or exporting them. Anti-rootkit quickly detects files masked by a rootkit and can easily delete them.

TCP/UDP open port analyzer. It is also protected by an anti-rootkit, in Windows system XP even lists each port for the process that is using it. The analyzer is based on a timely updated database of ports of known system services and Trojan/Backdoor programs. The search for Trojan pest ports is included in the basic system scanning algorithm - if suspicious ports are detected, a warning is indicated in the protocol indicating which Trojan programs are capable of using this port for malicious purposes.

Analyzer of network sessions, shared resources open files over the network. It works in Nt/W2K/XP and Win9X.

DPF Analyzer (Downloaded Program Files)– shows DPF elements, has a connection to AVZ systems.

Heuristic file deletion. If enabled this option and during the treatment, dangerous files were deleted, then an automatic system scan is performed, which includes IE extensions, classes, BHO, Winlogon, startup types, and the like. Detected links to dangerous file are cleared, and this is noted in the protocol. System treatment microprograms are actively used for cleaning.

System recovery firmware. They restore program launch settings, Internet Explorer, and other settings damaged by malware. You can start recovery manually; the user specifies the parameters to be restored.

Checking archives. Since version 3.60 AVZ archives and components are checked. Archives in TAR, GZIP, RAR, ZIP formats are being checked; MHT files and CHM emails; archives.

Control scripts. The administrator can write a script that will perform a set of specified operations on the user's PC. Such scripts are convenient to use on a corporate network.

Checking and curing NTFS stream.

Process Analyzer. Applies firmware analysis and neural networks. Used for advanced analysis, designed to locate suspicious processes in memory.

AVZGuard function. Provides control against difficult to remove dangerous programs, is also capable of protecting applications that the user specifies.

Boot Cleaner Driver. Used to clean the system (registry keys, drivers, files) from KernelMode.

Process monitoring driver, as well as AVZPM drivers. Used to track startup, loading/unloading of drivers, stopping processes, to find masquerading drivers and to find changes in driver structures that create DKOM rootkits.

Direct access function for working with locked files. Allows the scanner to analyze blocked files and send them to quarantine.

Antivirus utility AVZ designed to detect and remove:

  • SpyWare and AdWare modules are the main purpose of the utility
  • Dialer (Trojan.Dialer)
  • Trojan programs
  • BackDoor modules
  • Network and mail worms
  • TrojanSpy, TrojanDownloader, TrojanDropper

Main features of the AVZ utility (in addition to the standard signature scanner)

Heuristic system check firmware. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.

Updated database of safe files. It includes digital signatures of tens of thousands of system files and files of known secure processes. The database is connected to all AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);

Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1

Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;

Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.

Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;

Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;

Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine

Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)

Built-in TCP/UDP open port analyzer. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port

Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.

Built-in Downloaded Program Files (DPF) analyzer- displays DPF elements, connected to all AVZ systems.

System recovery firmware. Firmware restores Internet Explorer settings, program launch settings, and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.

Heuristic file deletion. Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. . All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used;

Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; emails and MHT files; CHM archives

Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75

Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.

Process Analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.

AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.

Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.

AVZPM Process Monitoring and Driver Driver. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.

Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.