Menu
homeWindows 7

The process of restoring a personal computer system after a virus attack. AVZ - restore system settings and remove viruses

Read how to recover files deleted as a result of a virus attack using built-in Windows solutions or third-party programs. How to recover files encrypted by a virus. Has your computer been attacked by a virus? Do you want to recover files deleted due to malicious attacks? We will try to talk about standard ways to correct an unexpected situation and various options for recovering deleted files in this article.

Content:

Introduction

With the development of electronic technologies and means of communication, the range and volume of information involved by users when performing various actions, directly related to both professional and production activities, and aimed at providing communication, communication, games and entertainment for the latter, has significantly expanded.

Computer devices of various designs help to fully exercise full control over incoming and outgoing data flows, carry out instant processing, regardless of the final volume, and ensure secure storage.

Stationary personal computers and laptops, including any of their variable combinations (ultrabooks, netbooks, convertible laptops, nettops), tablets, smartphones and communicators, etc. fully comply with the ever-increasing needs of users when working with information, and meet the latest information standards.

The most widely represented electronic devices among users are personal computers and laptops. The rich internal content of computer devices (ultra-fast processors, highly functional motherboards, progressive memory sticks, capacitive storage devices, etc.), and modern high-performance software rightfully allows them to occupy a leading position in processing and storing information , in the world.

In terms of the breadth of distribution and the number of devices used, smartphones and communicators are approaching them. Thanks to a high degree of mobility, miniature size, fairly high functionality, and an extensive range of available applications, smartphones tend to match and, if possible, replace computers and laptops when performing certain actions.

Development of an international information computer network "Internet" accelerated the spread and use of a variety of computer devices by users to solve any problem without necessarily being tied to a specific device or workplace. The use of an extensive database, remote use and processing of information have significantly popularized computer devices and accelerated the process of transition to storing information in digital mode.

With the widespread transition to digital information, most types of user data (personal, social, public and business) are stored, processed, transferred and served by various computer devices. In this regard, the most important requirement for all devices is a mandatory high degree of data security and their protection from unauthorized actions of third parties.

One of the most common types of malicious effects on user data include virus attacks from malicious software.

The range of action and functionality of such programs is unusually wide, and thanks to the international information network "Internet", their distribution has reached a global scale.

Infecting a user's computer device with a virus can lead to undesirable consequences, the most common of which is the deletion of user files. How to restore files after exposure to virus programs will be discussed further in our article.


Most computer users have heard, and many have directly experienced, the consequences of the negative impact of computer viruses, their impact on user files and the overall performance of the personal computer as a whole. Intentional deletion or damage of user files, blocking access to individual elements of the operating system or computer, selective encryption of files and changing their structure, erasing or deleting the partition table, transferring control of a personal computer to attackers, using the capabilities of the user’s computer for remote hacking or other malicious actions, identity theft, sending spam messages, etc. – only a part of all the actions that can result from infection of a computer device with a virus.

The program was developed to recover data from hard and external drives, as well as any other storage devices. It combines a set of advanced algorithms that allow you to analyze and search for deleted information for its subsequent recovery, return data after system failures and various system errors, read information from damaged, unreadable, non-working or corrupted disks with subsequent provision of access to lost or inaccessible files. supports the full range of file systems used in the operating system"Windows"

and corrects any errors in the logical structure of the hard drive to safely return lost content.

A separate advantage of the program is the ability to restore information damaged, damaged or blocked as a result of virus attacks. Thanks to a set of innovative algorithms, it is possible to return files after any malicious virus attack that leads to the destruction of user data or lack of access to it. Download the program installation file from the company’s official website Hetman Software

and start its execution. A step-by-step software installation wizard, after setting individual parameters, such as specifying the installation path or creating a shortcut on the desktop, will allow you to quickly and successfully install the program on the user’s personal computer for further use.


Select a hard disk partition or an entire physical drive by double-clicking its icon in the program window. The program activates the launch of the file recovery wizard, which will prompt users to decide on the type of system analysis required at a particular moment. In case of file loss due to a virus attack, select the full analysis option to search and restore all possible information on the selected disk by placing an indicator (dot) opposite the corresponding cell “Full analysis (searching for all possible information)”. After selecting the analysis, click the button "Further" and begin the recovery process.


Depending on the internal capacity of the drive, the degree of damage to the information, the file system and a number of other additional parameters, the procedure for analyzing and searching for deleted files can take varying amounts of time: from several minutes to several hours. A linear progress bar will notify users of the percentage completion of the overall recovery process, and additionally display the estimated total completion time.


At the end of the recovery process, the entire list of detected files and folders will be presented in the program window, the user interface of which is as close as possible to the appearance of the file explorer supports the full range of file systems used in the operating system for the convenience of end users. By clicking on each file, users will be able to view its contents, which will be displayed in a preview window. Selecting the necessary files and placing them in the window "Recovery List" by normal dragging, you need to press the button "Restore", located on the ribbon of the main menu of the program and presented in the form of a lifebuoy, for subsequent saving of the marked data.


The File Recovery Assistant will prompt users to choose one of four possible ways to save selected items: saving to a hard drive or any other permanent or removable storage media, burning to an optical disc, creating "ISO image" recovered files or upload data to "FTP protocol". By specifying several additional necessary parameters, for example, the path to save the recovered files, users will be able to save their data according to the selected conditions.


Now you can open the folder with the recovered files and check their full functionality.


Today, when the development of information technology is proceeding at a tremendous pace, almost every computer user knows about the danger of becoming infected with a virus, the importance of eliminating it and maintaining the system at the proper level of security. However, there are some nuances when it comes to cleaning the system from malicious infection.

When the system is infected with a virus, it begins to multiply and harm user data and the operating system as a whole, negatively affecting its performance. Therefore, the best solution would be to prevent the virus from entering the system and use an antivirus program that has a powerful level of protection against the malicious penetration of malware.

However, if infection has already occurred, then the natural desire to immediately clean the operating system of the virus can also have negative consequences. When removing a virus, an antivirus program can also remove some useful files from the user’s computer, in accordance with the algorithm used. As a result, this may lead to additional damage and the deletion of more files from the user’s computer or permanent loss of some data. Therefore, it would be better to completely complete the data recovery process before starting the disk cleaning procedure for viruses.

Conclusion

The widespread use of computer devices, their ease of use and wide functionality provide them with a leading position in the field of processing and storing various information. Considering the high popularity of computer devices together with the development of the information computer network "Internet" and the mandatory transfer of most types of data into digital format, the risk of being subject to the harmful effects of malicious programs aimed at damaging user data or stealing it for fraudulent purposes increases significantly.

Viruses are being developed every day, their number is growing at a tremendous pace and causing significant harm to users and their data. The use of powerful, advanced anti-virus programs significantly reduces the possible risk of infection of computer devices, but due to the wide range of searches for system vulnerabilities used by virus algorithms, it does not provide a full guarantee of the safety of data safety. As a result, user information may be damaged or completely lost.

However, the operating system supports the full range of file systems used in the operating system has built-in backup and system recovery tools, which in most cases will help users recover lost data.

In some cases, system security tools supports the full range of file systems used in the operating system not enough. Therefore, it is important to have professional file recovery software available that can recover any user information lost due to virus infection and various other reasons.

Dedicated AVZ, I want to share with you some more knowledge on the capabilities of this wonderful utility.

Today we will talk about system recovery tools, which can often save your computer’s life after being infected with viruses and other horrors of life, as well as solve a number of system problems that arise as a result of certain errors.
It will be useful for everyone.

Introductory

Before we begin, traditionally, I want to offer you two formats of material, namely: video format or text. Here's the video:

Well, the text below. See for yourself which option is closer to you.

General description of the program functionality

What kind of recovery means are these? This is a set of firmware and scripts that help return certain system functions to working condition. Which for example? Well, let's say, return either the registry editor, clear the hosts file or reset IE settings. In general, I give it in full and with a description (so as not to reinvent the wheel):

  • 1. Restoring startup parameters of .exe, .com, .pif files
    This firmware restores the system's response to exe, com, pif, scr files.
    Indications for use: after removing the virus, programs stop running.
  • 2. Reset Internet Explorer protocol prefix settings to standard
    This firmware restores protocol prefix settings in Internet Explorer
    Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru
  • 3. Restoring the Internet Explorer start page
    This firmware restores the start page in Internet Explorer
    Indications for use: replacing the start page
  • 4. Reset Internet Explorer search settings to default
    This firmware restores search settings in Internet Explorer
    Indications for use: When you click the "Search" button in IE, you are accessing some third-party site
  • 5. Restore desktop settings
    This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.
    Indications for use: The desktop settings tabs in the "Properties: Screen" window have disappeared, extraneous inscriptions or pictures are displayed on the desktop
  • 6. Removing all Policies (restrictions) current user.
    Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.
    Indications for use: Conductor functions or other system functions are blocked.
  • 7. Removing the message displayed during WinLogon
    Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.
    Indications for use: During system boot, an extraneous message is entered.
  • 8. Restore File Explorer settings
    This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).
    Indications for use: Changed conductor settings
  • 9. Removing system process debuggers
    Registering a system process debugger will allow you to launch an application hidden, which is what is used by a number of malicious programs
    Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.
  • 10. Restoring boot settings in SafeMode
    Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode. This firmware restores boot settings in protected mode.
    Indications for use: The computer does not boot in SafeMode. Use this firmware only if you have problems booting into protected mode.
  • 11. Unlock task manager
    Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.
    Indications for use: Blocking the task manager; when you try to call the task manager, the message “Task manager is blocked by the administrator” is displayed.
  • 12. Clearing the ignore list of the HijackThis utility
    The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list. There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list
    Indications for use: Suspicions that the HijackThis utility does not display all information about the system.
  • 13. Cleaning the Hosts file
    Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard "127.0.0.1 localhost" line.
    Indications for use: Suspicion that the Hosts file has been modified by a malicious program. Typical symptoms are blocking the update of antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.
  • 14. Automatic correction of SPl/LSP settings
    Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session
    Indications for use: After removing the malicious program, access to the Internet was lost.
  • 15. Reset SPI/LSP and TCP/IP settings (XP+)
    This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows. You can read more about resetting settings in the Microsoft knowledge base - Please note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!
    Indications for use: After removing the malicious program, access to the Internet was lost and running the firmware “14. Automatic correction of SPl/LSP settings” does not produce results.”
  • 16. Recovering the Explorer launch key
    Restores system registry keys responsible for launching Explorer.
    Indications for use: During system boot, Explorer does not start, but launching explorer.exe manually is possible.
  • 17. Unlocking the registry editor
    Unblocks the Registry Editor by removing the policy that prevents it from running.
    Indications for use: It is impossible to start the registry editor; when you try, a message is displayed stating that its launch is blocked by the administrator.
  • 18. Complete re-creation of SPI settings
    Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.
    Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15. Use only if necessary!
  • 19. Clear MountPoints database
    Cleans up the MountPoints and MountPoints2 database in the registry.
    Indications for use: This operation often helps when, after infection with a Flash virus, disks do not open in Explorer
  • On a note:
    Restoration is useless if the system is running a Trojan program that performs such reconfigurations - you must first remove the malicious program and then restore the system settings
    On a note:
    To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore Internet Explorer start page", "Reset Internet Explorer protocol prefix settings to standard"
    On a note    :
    Any of the firmware can be executed several times in a row without damaging the system. The exceptions are "5. Restoring desktop settings" (this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting into safe mode).

Useful, isn't it?
Now about how to use it.

Loading, starting, using

Actually, everything is simple.

  1. Download from here(or from somewhere else) antivirus utility AVZ.
  2. Unpack the archive with it somewhere convenient for you
  3. Go to the folder where we unpacked the program and run it there avz.exe.
  4. In the program window select "File" - "System Restore".
  5. We tick the necessary items and press the button " Perform the marked operations".
  6. We are waiting and enjoying the result.

That's how things are.

Afterword

I must say that it works like a charm and eliminates a number of unnecessary movements. So to speak, everything is at hand, fast, simple and effective.

Thank you for your attention;)

Like

Like

Tweet

There are programs that are as universal as a Swiss Army knife. The hero of my article is just such a “station wagon”. His name is AVZ(Zaitsev Antivirus). With the help of this free Antivirus and viruses can be caught, the system can be optimized, and problems can be fixed.

AVZ capabilities

I already talked about the fact that this is an antivirus program in. The work of AVZ as a one-time antivirus (more precisely, an anti-rootkit) is well described in its help, but I will show you another side of the program: checking and restoring settings.

What can be “fixed” with AVZ:

  • Restore startup of programs (.exe, .com, .pif files)
  • Reset Internet Explorer settings to default
  • Restore desktop settings
  • Remove rights restrictions (for example, if a virus has blocked programs from launching)
  • Remove a banner or window that appears before you log in
  • Remove viruses that can run along with any program
  • Unblock the task manager and registry editor (if the virus has prevented them from running)
  • Clear file
  • Prohibit autorun of programs from flash drives and disks
  • Remove unnecessary files from your hard drive
  • Fix desktop problems
  • And much more

You can also use it to check Windows settings for security (in order to better protect against viruses), as well as optimize the system by cleaning startup.

The AVZ download page is located.

The program is free.

First, let's protect your Windows from careless actions.

The AVZ program has Very many functions affecting the operation of Windows. This dangerous, because if there is a mistake, disaster can happen. Please read the text and help carefully before doing anything. The author of the article is not responsible for your actions.

In order to be able to “return everything as it was” after careless work with AVZ, I wrote this chapter.

This is a mandatory step, essentially creating an “escape route” in case of careless actions - thanks to the restore point, it will be possible to restore settings and the Windows registry to an earlier state.

Windows Recovery System is a required component of all versions of Windows, starting with Windows ME. It’s a pity that they usually don’t remember about it and waste time reinstalling Windows and programs, although you could just click a couple of times and avoid all the problems.

If the damage is serious (for example, some system files have been deleted), then System Restore will not help. In other cases - if you configured Windows incorrectly, messed around with the registry, installed a program that prevents Windows from booting, or used the AVZ program incorrectly - System Restore should help.

After work, AVZ creates subfolders with backup copies in its folder:

/Backup- backup copies of the registry are stored there.

/Infected- copies of deleted viruses.

/Quarantine- copies of suspicious files.

If problems started after running AVZ (for example, you thoughtlessly used the AVZ System Restore tool and the Internet stopped working) and Windows System Restore did not roll back the changes made, you can open registry backups from the folder Backup.

How to create a restore point

Let's go to Start - Control Panel - System - System Protection:

Click “System Protection” in the “System” window.

Click the “Create” button.

The process of creating a restore point can take ten minutes. Then a window will appear:

A restore point will be created. By the way, they are automatically created when installing programs and drivers, but not always. Therefore, before dangerous actions (setting up, cleaning the system), it is better to once again create a restore point, so that in case of trouble you can praise yourself for your foresight.

How to restore your computer using a restore point

There are two options for launching System Restore - from under running Windows and using the installation disc.

Option 1 - if Windows starts

Let's go to Start - All Programs - Accessories - System Tools - System Restore:

Will start Select a different restore point and press Further. A list of restore points will open. Select the one you need:

The computer will automatically restart. After downloading, all settings, its registry and some important files will be restored.

Option 2 - if Windows does not boot

You need an “installation” disk with Windows 7 or Windows 8. I wrote in where to get it (or download it).

Boot from the disk (how to boot from boot disks is written) and select:

Select "System Restore" instead of installing Windows

Repairing the system after viruses or inept actions with the computer

Before all actions, get rid of viruses, for example, using. Otherwise, there will be no point - the running virus will “break” the corrected settings again.

Restoring program launches

If a virus has blocked the launch of any programs, then AVZ will help you. Of course, you still need to launch AVZ itself, but it’s quite easy:

First we go to Control Panel- set any type of viewing, except Category - Folders settings - View- uncheck Hide extensions for registered file types - OK. Now you can see for each file extension- several characters after the last dot in the name. This is usually the case with programs. .exe And .com. To run AVZ antivirus on a computer where running programs is prohibited, rename the extension to cmd or pif:

Then AVZ will start. Then in the program window itself, click File - :

Points to note:

1. Restoring startup parameters of .exe, .com, .pif files(actually, it solves the problem of launching programs)

6. Removing all Policies (restrictions) of the current user(in some rare cases, this item also helps solve the problem of starting programs if the virus is very harmful)

9. Removing system process debuggers(it is very advisable to note this point, because even if you checked the system with an antivirus, something could remain from the virus. It also helps if the Desktop does not appear when the system starts)

, confirm the action, a window appears with the text “System restoration completed.” Afterwards, all that remains is to restart the computer - the problem with launching programs will be solved!

Restoring the Desktop launch

A fairly common problem is that the desktop does not appear when the system starts.

Launch Desktop you can do this: press Ctrl+Alt+Del, launch Task Manager, there press File - New task (Run...) - enter explorer.exe:

OK- The desktop will start. But this is only a temporary solution to the problem - the next time you turn on the computer you will have to repeat everything again.

To avoid doing this every time, you need to restore the program launch key explorer(“Explorer”, which is responsible for standard viewing of the contents of folders and the operation of the Desktop). In AVZ click File- and mark the item

Perform the marked operations, confirm the action, press OK. Now when you start your computer, the desktop will launch normally.

Unlocking Task Manager and Registry Editor

If a virus has blocked the launch of the two above-mentioned programs, you can remove the ban through the AVZ program window. Just check two points:

11. Unlock task manager

17. Unlocking the registry editor

And press Perform the marked operations.

Problems with the Internet (VKontakte, Odnoklassniki and antivirus sites do not open)

Cleaning the system from unnecessary files

Programs AVZ knows how to clean your computer from unnecessary files. If you don’t have a hard drive cleaning program installed on your computer, then AVZ will do, since there are many possibilities:

More details about the points:

  1. Clear system cache Prefetch- cleaning the folder with information about which files to load in advance for quick launch of programs. The option is useless, because Windows itself quite successfully monitors the Prefetch folder and cleans it when required.
  2. Delete Windows Log Files- you can clear various databases and files that store various records of events occurring in the operating system. The option is useful if you need to free up a dozen or two megabytes of space on your hard drive. That is, the benefit from using it is negligible, the option is useless.
  3. Delete memory dump files- when critical errors occur, Windows interrupts its operation and displays BSOD (blue screen of death), at the same time saving information about running programs and drivers to a file for subsequent analysis by special programs to identify the culprit of the failure. The option is almost useless, since it allows you to win only ten megabytes of free space. Clearing memory dump files does not harm the system.
  4. Clear list of Recent documents- oddly enough, the option clears the Recent Documents list. This list is located in the Start menu. You can also clear the list manually by right-clicking on this item in the Start menu and selecting “Clear list of recent items.” The option is useful: I noticed that clearing the list of recent documents allows the Start menu to display its menus a little faster. It won't harm the system.
  5. Clearing the TEMP folder- The Holy Grail for those who are looking for the reason for the disappearance of free space on the C: drive. The fact is that many programs store files in the TEMP folder for temporary use, forgetting to “clean up after themselves” later. A typical example is archivers. They will unpack the files there and forget to delete them. Clearing the TEMP folder does not harm the system; it can free up a lot of space (in particularly advanced cases, the gain in free space reaches fifty gigabytes!).
  6. Adobe Flash Player - clearing temporary files- "flash player" can save files for temporary use. They can be removed. Sometimes (rarely) this option helps in dealing with Flash Player glitches. For example, with problems playing video and audio on the VKontakte website. There is no harm from use.
  7. Clearing the terminal client cache- as far as I know, this option clears temporary files of a Windows component called “Remote Desktop Connection” (remote access to computers via RDP). Option it seems does no harm, frees up a dozen megabytes of space at best. There is no point in using it.
  8. IIS - Deleting HTTP Error Log- it takes a long time to explain what it is. Let me just say that it is better not to enable the IIS log clearing option. In any case, it does no harm, and no benefit either.
  9. Macromedia Flash Player- item duplicates "Adobe Flash Player - clearing temporary files", but affects rather ancient versions of Flash Player.
  10. Java - clearing cache- gives you a gain of a couple of megabytes on your hard drive. I don't use Java programs, so I haven't checked the consequences of enabling the option. I don't recommend turning it on.
  11. Emptying the Trash- the purpose of this item is absolutely clear from its name.
  12. Remove system update installation logs- Windows keeps a log of installed updates. Enabling this option clears the log. The option is useless because there is no gain in free space.
  13. Remove Windows Update Protocol- similar to the previous point, but other files are deleted. Also a useless option.
  14. Clear MountPoints database- if when you connect a flash drive or hard drive, icons with them are not created in the Computer window, this option can help. I advise you to enable it only if you have problems connecting flash drives and disks.
  15. Internet Explorer - clearing cache- cleans Internet Explorer temporary files. The option is safe and useful.
  16. Microsoft Office - clearing cache- cleans temporary files of Microsoft Office programs - Word, Excel, PowerPoint and others. I can't check the security options because I don't have Microsoft Office.
  17. Clearing the CD burning system cache- a useful option that allows you to delete files that you have prepared for burning to disks.
  18. Cleaning the system TEMP folder- unlike the user TEMP folder (see point 5), cleaning this folder is not always safe, and usually frees up little space. I don't recommend turning it on.
  19. MSI - cleaning the Config.Msi folder- This folder stores various files created by program installers. The folder is large if the installers did not complete their work correctly, so cleaning the Config.Msi folder is justified. However, I warn you - there may be problems with uninstalling programs that use .msi installers (for example, Microsoft Office).
  20. Clear task scheduler logs- Windows Task Scheduler keeps a log where it records information about completed tasks. I don’t recommend enabling this item, because there is no benefit, but it will add problems - Windows Task Scheduler is a rather buggy component.
  21. Remove Windows Setup Logs- winning a place is insignificant, there is no point in deleting.
  22. Windows - clearing icon cache- useful if you have problems with shortcuts. For example, when the Desktop appears, icons do not appear immediately. Enabling this option will not affect system stability.
  23. Google Chrome - clearing cache- a very useful option. Google Chrome stores copies of pages in a designated folder to help open sites faster (pages are loaded from your hard drive instead of downloaded over the Internet). Sometimes the size of this folder reaches half a gigabyte. Cleaning is useful because it frees up space on your hard drive; it does not affect the stability of either Windows or Google Chrome.
  24. Mozilla Firefox - Cleaning up the CrashReports folder- every time a problem occurs with the Firefox browser and it crashes, report files are created. This option deletes report files. The gain in free space reaches a couple of tens of megabytes, that is, the option is of little use, but it is there. Does not affect the stability of Windows and Mozilla Firefox.

Depending on the installed programs, the number of items will differ. For example, if the Opera browser is installed, you can clear its cache too.

Cleaning the list of startup programs

A surefire way to speed up your computer's startup and speed is to clean the startup list. If unnecessary programs do not start, then the computer will not only turn on faster, but also work faster - due to the freed up resources that will not be taken up by programs running in the background.

AVZ can view almost all loopholes in Windows through which programs are launched. You can view the autorun list in the Tools - Autorun Manager menu:

The average user has absolutely no need for such powerful functionality, so I urge don't turn everything off. It is enough to look at only two points - Autorun folders And Run*.

AVZ displays autorun not only for your user, but also for all other profiles:

In chapter Run* It’s better not to disable programs located in the section HKEY_USERS- this may disrupt the operation of other user profiles and the operating system itself. In chapter Autorun folders you can turn off everything you don't need.

The lines identified by the antivirus as known are marked in green. This includes both Windows system programs and third-party programs that have a digital signature.

All other programs are marked in black. This does not mean that such programs are viruses or anything like that, just that not all programs are digitally signed.

Don't forget to make the first column wider so that the program name is visible. Simply unchecking the checkbox will temporarily disable the program's autorun (you can then check the box again), highlighting the item and pressing the button with a black cross will delete the entry forever (or until the program registers itself in autorun again).

The question arises: how to determine what can be turned off and what cannot? There are two solutions:

Firstly, there is common sense: you can make a decision based on the name of the .exe file of the program. For example, Skype, when installed, creates an entry to automatically start when you turn on the computer. If you don't need this, uncheck the box ending with skype.exe. By the way, many programs (including Skype) can remove themselves from startup; just uncheck the corresponding item in the settings of the program itself.

Secondly, you can search the Internet for information about the program. Based on the information received, it remains to make a decision: to remove it from autorun or not. AVZ makes it easy to find information about items: just right-click on the item and select your favorite search engine:

By disabling unnecessary programs, you will significantly speed up your computer startup. However, it is not advisable to disable everything - this risks losing the layout indicator, disabling the antivirus, etc.

Disable only those programs that you know for sure - you don’t need them at startup.

Bottom line

In principle, what I wrote about in the article is akin to hammering nails with a microscope - the AVZ program is suitable for optimizing Windows, but in general it is a complex and powerful tool suitable for performing a wide variety of tasks. However, to use AVZ to its fullest, you need to know Windows thoroughly, so you can start small - namely, what I described above.

If you have any questions or comments, there is a comment section under the articles where you can write to me. I am monitoring the comments and will try to respond to you as quickly as possible.

Related posts:

Like

Like

Recovering encrypted files- this is a problem faced by a large number of personal computer users who have become victims of various encryption viruses. The number of malware in this group is very large and is increasing every day. Only recently we have come across dozens of ransomware variants: CryptoLocker, Crypt0l0cker, Alpha Crypt, TeslaCrypt, CoinVault, Bit Crypt, CTB-Locker, TorrentLocker, HydraCrypt, better_call_saul, crittt, etc.

Of course, you can restore encrypted files simply by following the instructions that the creators of the virus leave on the infected computer. But most often, the cost of decryption is very significant, and you also need to know that some ransomware viruses encrypt files in such a way that it is simply impossible to decrypt them later. And of course, it's just annoying to pay to restore your own files.

Ways to recover encrypted files for free

There are several ways to recover encrypted files using absolutely free and proven programs such as ShadowExplorer and PhotoRec. Before and during recovery, try to use the infected computer as little as possible, this way you increase your chances of successful file recovery.

The instructions described below must be followed step by step, if anything does not work out for you, then STOP, ask for help by writing a comment on this article or creating a new topic on ours.

1. Remove ransomware virus

Kaspersky Virus Removal Tool and Malwarebytes Anti-malware can detect different types of active ransomware viruses and will easily remove them from your computer, BUT they cannot recover encrypted files.

1.1. Remove ransomware using Kaspersky Virus Removal Tool

Click on the button Scan to run a scan of your computer for the presence of a ransomware virus.

Wait for this process to complete and remove any malware found.

1.2. Remove ransomware using Malwarebytes Anti-malware

Download the program. After the download is complete, run the downloaded file.

The program update procedure will start automatically. When it ends press the button Run scan. Malwarebytes Anti-malware will begin scanning your computer.

Immediately after scanning your computer, Malwarebytes Anti-malware will open a list of found components of the ransomware virus.

Click on the button Delete selected to clean your computer. While malware is being removed, Malwarebytes Anti-malware may require you to restart your computer to continue the process. Confirm this by selecting Yes.

After the computer starts again, Malwarebytes Anti-malware will automatically continue the cleaning process.

2. Recover encrypted files using ShadowExplorer

ShadowExplorer is a small utility that allows you to restore shadow copies of files that are created automatically by the Windows operating system (7-10). This will allow you to restore your encrypted files to their original state.

Download the program. The program is in a zip archive. Therefore, right-click on the downloaded file and select Extract all. Then open the ShadowExplorerPortable folder.

Launch ShadowExplorer. Select the disk you need and the date the shadow copies were created, numbers 1 and 2 in the figure below, respectively.

Right-click on the directory or file you want to restore a copy of. From the menu that appears, select Export.

And lastly, select the folder where the recovered file will be copied.

3. Recover encrypted files using PhotoRec

PhotoRec is a free program designed to recover deleted and lost files. Using it, you can restore original files that ransomware viruses deleted after creating their encrypted copies.

Download the program. The program is in the archive. Therefore, right-click on the downloaded file and select Extract all. Then open the testdisk folder.

Find QPhotoRec_Win in the list of files and run it. A program window will open showing all the partitions of the available disks.

In the list of partitions, select the one on which the encrypted files are located. Then click on the File Formats button.

By default, the program is configured to recover all file types, but to speed up the work, it is recommended to leave only the file types that you need to recover. When you have completed your selection, click OK.

At the bottom of the QPhotoRec program window, find the Browse button and click it. You need to select the directory where the recovered files will be saved. It is advisable to use a disk that does not contain encrypted files that require recovery (you can use a flash drive or external drive).

To start the procedure for searching and restoring original copies of encrypted files, click the Search button. This process takes quite a long time, so be patient.

When the search is complete, click the Quit button. Now open the folder you have chosen to save the recovered files.

The folder will contain directories named recup_dir.1, recup_dir.2, recup_dir.3, etc. The more files the program finds, the more directories there will be. To find the files you need, check all directories one by one. To make it easier to find the file you need among a large number of recovered ones, use the built-in Windows search system (by file contents), and also do not forget about the function of sorting files in directories. You can select the date the file was modified as a sort option, since QPhotoRec attempts to restore this property when restoring a file.

My best friend brought me a netbook to look at, which was seriously infected with viruses, and asked me to help clean the system from the zoo. For the first time I saw with my own eyes a funny branch in the development of malware: “ransomware.” Such programs block some functions of the operating system and require you to send an SMS message to receive an unlock code. The treatment turned out to be not entirely trivial, and I thought that perhaps this story would save someone some nerve cells. I tried to provide links to all sites and utilities that were needed during treatment.

In this case, the virus posed as an Internet Security antivirus program and required sending SMS K207815200 to number 4460. On the Kaspersky Lab website there is a page that allows you to generate ransomware response codes: support.kaspersky.ru/viruses/deblocker

However, after entering the code, the OS functions remained blocked, and launching any antivirus program led to the instantaneous opening of a virus window that carefully emulated the operation of the antivirus:

Attempts to boot into safe modes led to exactly the same result. The matter was also complicated by the fact that the passwords for all administrator accounts were empty, and login to the computer over the network for administrators with an empty password was blocked by default by policy.
I had to boot from a USB Flash drive (a netbook, by definition, does not have a disk drive). The easiest way to make a bootable USB drive:
1. Format the disk to NTFS
2. Make the partition active (diskpart -> select disk x -> select partition x -> active)
3. Use the \boot\bootsect.exe utility from the Vista/Windows 2008/Windows 7 distribution: bootsect /nt60 X: /mbr
4. Copy all the files of the distribution (I had the Windows 2008 distribution on hand) to a usb disk. That's it, you can boot.

Since we don’t need to install the OS, but treat viruses, we copy to disk a set of free treatments (AVZ, CureIt) and auxiliary utilities (looking ahead, I needed Streams from Mark Russinovich) and Far. We reboot the netbook, set the BIOS to boot from USB.

The Windows 2008 installation program is loaded, agree to the choice of language, Install now and then press Shift+F10. A command line window appears, from which we can launch our antivirus tools and search for infection on the system drive. Here I encountered a difficulty, CureIt dropped the system into the blue screen of death with curses about an error in working with NTFS, and AVZ, although it worked, could not find anything. Apparently the virus is very, very fresh. The only clue is a message from AVZ that executable code was detected in an additional NTSF stream for one of the files in the Windows directory. This seemed strange and suspicious to me, since additional NTFS streams are used in very specific cases and nothing executable there should be stored on normal machines.

Therefore, I had to download the Streams utility (http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx) from Mark and delete this stream. Its size was 126,464 bytes, just like the dll files that the virus laid out on flash drives inserted into the system.

After that, I used Far to search the entire system disk for files of the same size and found another 5 or 6 suspicious files created over the last 2-3 days. They were deleted in the same way. After that, CureIt was able to work (apparently it stumbled on additional threads) and successfully cleaned out two more Trojans :)

After the reboot, everything worked; additional runs of anti-virus scanners did not find anything. With the help of AVZ, policies that limited OS functions were restored. A friend was given a strict instruction about how important it is to use antiviruses, especially since there are many free ones (