Menu
homeWord

Guide to using AVZ antivirus. Review of the AVZ antivirus program

In this article I will tell you how to use avz - antivirus. I think many readers will be interested in how to cure your computer of viruses, because this is one of the most powerful tools, everyone uses it system administrators. Using avz antivirus is very simple.

First, a little history. Antivirus programs that are resident, that is, permanently located in memory (to monitor events, network traffic etc.) are very complex, take up more than a dozen megabytes, and are produced by large software companies. In turn, other programs, for which you do not need to “install” them, restart the computer, and which do not change Windows registry- This antivirus scanners, with which each user can check at any time: computer ( HDD, memory), flash drive (any external storage), or, only separate folder. Using them is easier: download, run the exe file, wait.

One of these programs has been created and constantly modernized since 2007 Russian programmer Oleg Zaitsev. Oleg currently works at Caspersky Lab. That doesn't stop you from creating and improving your own code.

The program (archived) can be downloaded here: http://z-oleg.com/secur/avz/download.php. In the right column of the page we see a “Zip file”, click on it and download (approximately 8 MB). The latest version now is AVZ 4.39.

How to use avz, first of all, is described in detail on the official website (in the “Documentation” section). The interface does not change from version to version, only the “power” of the program is added (other definitions of viruses).

So, in the folder where we unpacked the archive, we find and run the avz.exe file. The avz program can interactively update its definitions by clicking: “File – Database Update – Start”. Once the update is complete, click “Close”.

Now we are ready for the first launch. Go to the “Search Area” tab and check all the hard disks and flash drives that we need. We check the box that is not checked by default: “Perform treatment.” Although, for the first check, you can leave (and better yet, leave) without treatment (there will be no changes in the registry).

But if you still “treat”, then you need to enter “Delete” in the first four lines, only “Treat” in the penultimate line, and “Delete” in the last. Immediately check the boxes to “Copy suspicious ones to quarantine”, deleted ones to “Infected”. It should be like in the picture:

There are two other tabs: File Types and Search Options. In the first of them there are simply three options for work. We choose the one we want (“the longest” is, of course, better). And in “Search Options” it’s a little more complicated. “Heuristic analysis” slider – up. Let's check the boxes: “Advanced analysis”, “Block work...” and “RootKit Kerner-Mode”. Even lower - “Automatically fix...” and “Search for TCP ports...”, the same as “Search for keyboard hooks”. The result is in the picture shown here:

But this is not all, but almost all. Click AVZGuard (in the menu at the top) to “Enable AVZGuard” and “Install the process monitoring driver.”

Now that’s all, really. Feel free to click “Start”. We are waiting for the end of the first check.

Advice: if a reboot is required, in principle, you can agree (but you will have to do everything again point by point, excluding installing the AVZ driver).

What to do after removing viruses? Click AVZPM (in the menu), “Remove and unload monitoring driver.” In the “File” menu, click “Exit”, and reboot.

One last thing. If after checking “new equipment” appears, don’t pay attention, click on “cancel” its installation. And you can delete “non-existent” equipment, as usual, in the “Control Panel”, in the “System” folder. We hope that viruses will not bother you or your computer for a long time.

In this article you learned how to use avz - antivirus.

How to use the AVZ program

There are many programs that treat, or rather removing viruses. There are many paid varieties, and there are also free ones. Today we'll look at free program AVZ, I’ll tell you where you can download it, how to launch it, update it, and configure it.

The creator of the program is our Russian author - Oleg Zaitsev. The main purpose of antivirus AVZ utilities- to clean your computer from SpyWare and AdWare programs, various Backdoors and Trojans. She fits very well additional antivirus, it does not need to be installed, and it does not have to work all the time, it only needs to be run periodically to check.

Main features of AVZ (taken from the program reference data):

  • AV base. Allows you to diagnose known AVZ malware programs and remove them. Removal involves automatically clearing traces of a malicious program in the registry that are critical for system operation and INI files. AVZ databases are updated daily.
  • Operational automatic examination of a computer with the formation of a protocol in HTML format.
  • Automatic quarantine of files that do not have a Microsoft digital signature and are not described in the safe AVZ database for their subsequent study manually or with anti-virus programs.
  • Search for rootkits and other API interceptors with the function of searching for hidden processes. In addition to analyzing interceptions, AVZ has the functions of neutralizing UserMode and KernelMode interceptors.
  • Perform a system restore. AVZ contains firmware to automatically correct common damage Internet settings Explorer and Explorer, resetting desktop settings, neutralizing Policy rules installed by Trojan programs. These operations are not performed by antiviruses and very often after removing a Trojan program or SpyWare normal operation the system is not restored.
  • Automatic check SPI/LSP settings and error correction in automatic mode. Eliminates most typical problems with LSPs that appear after removing some AdWare. If it is impossible to restore the settings, they can be completely recreated;
  • Search for files on disk. The search is protected by the AVZ anti-rootkit and has a number of functions useful for searching for viruses/Trojans, in particular, excluding from the list of found files that have been scanned against the AVZ safe database and the Microsoft security catalog, which allows you to significantly narrow the search area;
  • Script language, allowing you to control AVZ. Scripts allow you to use AVZ in corporate network- in this case, AVZ can be launched from a logon script or autorun, and work according to a script created by the administrator. In addition, scripts allow you to automate most of the operations performed by AVZ.
  • Built-in disk auditor. The inspector creates databases containing information about files in accordance with user settings (directories and search masks are specified). Database data can be used to track changes on disk.
  • Analyzer running processes, which allows you to search for suspicious objects in maximum heuristic mode.
  • The AVZGuard system, which allows you to protect AVZ and any applications specified by it from malicious programs operating in the system and will limit the impact of malicious programs on the system.
  • Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, supported on all operating systems NT line, allows the scanner to analyze blocked files and quarantine them.
  • AVZPM process and driver monitoring driver. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
  • Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.
  • Search for potential vulnerabilities. Designed for search incorrect settings PCs that may adversely affect security.
  • Backup. Designed to do backup copies critical settings systems.
  • Troubleshooting Wizard. This system intended for automatic search and troubleshooting problems that arise after infection malware, as well as to eliminate traces of user activity and clean up garbage on the PC.

How to download the free AVZ program

To download AVZ, it is best to go to the manufacturer’s website: z-oleg.com and download from the link http://z-oleg.com/avz4.zip

Unzip the resulting archive and run the avz.exe application.

You can update the databases manually via the Internet. To do this, go to the menu File - Database update - Start.

AVZ. Features of the program

Search files

Why do we need another file search? After all, the OS has built-in search tools!

The fact is that virus programs specifically hide some files so that they cannot be detected. These hidden files can be detected using the RootKit anti-virus system built into AVZ.

Click to start Service - Search for files on disk

There is also a search service Cookies, called Service - Search cookies by data.

Process Manager

Call: Service - Process Manager

AVZ dispatcher:

  • collects additional information (for example, DLLs used),
  • calculates MD5 checksums for files (see tab Options),
  • checks files against the database safe files(see tab Options),
  • checks files against the Microsoft security directory (see tab Options),
  • uses the RootKit countermeasures system,
  • notes masking processes.

Services and Driver Manager

Call: Service - Service and Driver Manager

A special feature of this manager is the ability to connect the RootKit counteraction system.

System Research

Call: File - System Research

This module allows you to examine the system for the presence suspicious files and programs.

The checkboxes allow you to select what you want to explore.

System Restore

Call: File - System Restore

This AVZ module helps to restore various system settings, damaged by virus-like programs. A very useful thing for treating Windows.

  1. Restoring startup parameters of .exe, .com, .pif files. (If after removing the virus programs stop starting)
  2. Resetting protocol prefix settings Internet Explorer to standard ones. (When entering an address like website it is being replaced with something like www.aaaaa.ru/a123.php?url=site)
  3. Restoring the starting Internet pages Explorer (When replacing home page)
  4. Reset Internet search Explorer to standard. (If when you click the "Search" button in IE, you are accessing some third-party site)
  5. Restore desktop settings. (If the desktop settings are missing in the Display Properties menu, extraneous inscriptions or pictures are displayed on the desktop)
  6. Removing all Policies (restrictions) current user. (If user actions are limited by malware)
  7. Deleting a message displayed in during WinLogon(that is, during system boot)
  8. Restoring Explorer settings. (Resets a number of Explorer settings to standard)
  9. Removing Debuggers system processes. (If there is a problem starting system components, for example, when the desktop disappears after a reboot)
  10. Restoring boot settings in SafeMode ( safe mode)
  11. Unlocking Task Manager
  12. Clearing the ignore list of the HijackThis utility. (If you suspect that the HijackThis utility does not display all information about the system)
  13. Cleaning the Hosts file. (Removing all significant lines from it and adding standard string
  14. Automatic correction SPl/LSP settings. (If after deleting virus program Internet disappeared)
  15. Reset SPI/LSP and TCP/IP settings (XP+). (Only works on XP, Windows 2003 and Vista)
  16. Recovering the Explorer launch key. (If Explorer does not start during boot, but explorer.exe can be launched)
  17. Unlocking Registry Editor
  18. Complete re-creation of SPI settings. (If clauses 14 and 15 are not followed)
  19. Clear MountPoints database. (If, after being infected with a Flash virus, disks do not open in Explorer)
  20. Remove static routes. (If some sites are blocked using incorrect static routes)
  21. Replace the DNS of all connections with Google Public DNS. (If the Trojan program replaced the DNS with its own)

Standard scripts

Scripts are designed to automate basic operations that can be performed using AVZ programs. You can select several checkboxes and launch them using the button Execute the marked scripts.

Call: File - Standard scripts.

Backup

Designed to be preserved various settings operating system for subsequent recovery if these settings are violated for any reason.

Call: File - Backup.

As a result of copying, a REG file will be created. To restore saved settings, you need to run this file.

Troubleshooting Wizard

Created for automatic analysis your operating system, detecting any errors, deficiencies in security settings and so on. Eliminates detected settings.

Call: File - Troubleshooting Wizard.

To begin, select a problem category:

  • System problems. All possible mistakes in the operating system.
  • Browser settings and tweaks. Looks for browser settings that are dangerous from a security point of view.
  • Privacy. Removing traces of user work in browsers ( temporary files, cookies, logs).
  • Garbage cleaning. Removing all kinds of garbage accumulated as a result of browsers.

AVZGuard function

This function is intended to prohibit any actions Not trusted applications . Enabling it allows you to counteract malware that tries to interfere with the process of treatment and troubleshooting.

Inclusion: AVZGuard - Enable AVZGuard.

Before enabling the function, we recommend closing all other programs, since AVZ automatically considers them untrusted and can block their operation. If there is a need to run a program, this can be done through the menu AVZGuard - Run the application as trusted.

If you disinfected the system with the AVZGuard function enabled, then after disinfection, restart the computer, leaving it turned on, to eliminate the possibility of malware resuming.

AVZPM function

Designed to monitor the operation of processes, drivers, as well as processes and kernel space modules (not system ones).

Inclusion: AVZPM - Install the advanced process monitoring driver.

Auditor

Purpose:

  • Scan disk files and create a corresponding database.
  • Comparison of the current state of disk files and the previously created database.

Call: File - Inspector.

You can select the location of the files, their types, and Database creation mode: the standard checks file sizes and checksums(takes longer) fast mode It only checks file sizes (takes less time).

Subsequently, you can compare what changes have occurred in file system compared to the previously created database. To do this, go to the tab Drive comparison<>base

Select a file with a database, select a comparison mode and the option to exclude some files from scanning. Click Start. The results will be in the tabs Protocol And Deviations found.

In this review article, we looked at the basics of working with one of the free antivirus programs - AVZ. Its peculiarity is that it must be run periodically, it is needed as additional remedy to check your computer for SpyWare and AdWare, various Backdoors and Trojans.

There is a special program to remove viruses from browsers, see how to work with it.

Description:
AVZ- Free and fast antivirus utility. Includes AVZ itself and additional utilities AVZGuard/AVZPM/BootCleaner.
The main purpose is to detect and remove SpyWare and AdWare modules, as well as Dialer (Trojan.Dialer), Trojan programs, BackDoor modules, network and email worms, TrojanSpy, TrojanDownloader, TrojanDropper.
Essentially, AVZ is an analogue popular program Ad-aware (with its own characteristics, of course).
Additional options include heuristic system checks, embedded system Rootkit detection, Winsock SPI/LSP settings analyzer, built-in process, service and driver manager, TCP/UDP open port analyzer, detector keyloggers(Keylogger) and Trojan DLLs, which works without using signatures (an original neuroemulator is used, which allows you to examine suspicious files using a neural network).

Features of the AVZ utility:
Heuristic system check microprograms. The firmware searches for known SpyWare and viruses by indirect signs- based on analysis of the registry, files on disk and in memory.
Updated database of secure files. It includes digital signatures tens of thousands of system files and files of known safe processes. The base is connected to everyone AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
Built-in Rootkit detection system. Search RootKit goes without using signatures based on research of basic system libraries for interception of their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence and distort API work functions or monitoring their use). Another feature is universal system detecting and blocking KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. Opportunity automatic diagnostics and treatment is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;
Built-in utility for searching files on disk. Allows you to search for a file using various criteria; the search system’s capabilities are superior system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs typical use of this port
Built-in analyzer shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
Built-in analyzer Downloaded Program Files(DPF) - displays DPF elements, connected to all AVZ systems.
System recovery firmware. Firmware restores Internet Explorer settings, program launch parameters, and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.
Heuristic file deletion. Its essence is that if during treatment the malicious files and this option is enabled, an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. All found links to deleted file are automatically cleaned with information about what exactly was cleaned and where it was recorded in the protocol. For this cleaning, the system treatment firmware engine is actively used;
Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. On currently archives are checked ZIP format, RAR, CAB, GZIP, TAR; letters Email and MHT files; CHM archives
Checking and treating NTFS streams. Examination NTFS streams included in AVZ since version 3.75
Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.
Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled on maximum level heuristics and is designed to search for suspicious processes in memory.
AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.
AVZPM process and driver monitoring driver. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.

Note:
In case of problems with automatic update databases, you can download an archive containing the entire current database - avzbase.zip (the archive is updated twice a day)

Every user has encountered system problems related to viruses and malware. The problems they cause are very serious. Sometimes you have to completely reinstall the system, or the equipment may malfunction. But you don’t always need to turn to specialists for help. Many problems can be solved on their own. This is where AVZ antivirus comes to the rescue. Let's take a closer look at how to work with it.

What is this program

AVZ does not work in real time like antiviruses installed on a PC. You don't have to install it. The utility is in Russian. Does not conflict with antiviruses installed on the system. I have it Smart Security. In this case, the utility works great. There is no need to disable permanent antivirus.

When to use it

AVZ removes viruses such as AdWare, SpyWare and Trojans. If you notice that your PC is not working as usual: it freezes, the software loads slowly, it won’t turn off, try working with AVZ. Even if everything works as it should, periodically scan your PC with this utility.

How to download and install

Download the latest version from the official website: http://z-oleg.com/avz4.zip

IN latest version support included for windows 10

Extract the downloaded archive to the “avz4” folder. If you want, change her name to something else. Next, launch it by clicking on the avz.exe file.
Before starting work, update the databases. In the window that opens, find the “Update” icon.

For Windows 7/10, for AVZ to work correctly, run it as an administrator. To do this, click on the executable file avz.exe right click mice. Next, select the appropriate item.

What to do before work

AVZ is a utility for troubleshooting problems caused by viruses. So before you start, run for example: one-time utility. It will get rid of viruses, and AVZ will correct violations and delete files created by the virus. Will clean the system after removal.

How to use

Let's launch the utility. The main program window consists of three tabs:

On the first tab “Search Area”, select what to scan on the HDD. A little lower there will be three options. Check the boxes next to them. This will allow you to perform heuristic analysis, scan running processes, and identify malicious software.

File type

In this tab, select what to scan. If it happens simple check, check the box “Potentially dangerous”. If there are a lot of viruses - “All files”. The utility works with archives in addition to simple documents. In this tab, configure this check. Uncheck the checkbox next to archive checking.

Search options

A slider will appear at the top. Move it up to enable checking for keyboard hooks. Final result should be like in the picture.
Next, configure what action to perform if a virus is found:

The test will run and the result will be displayed in the area called “Protocol”. After a short period of time (depending on the amount of information being checked), the scanning will end. Next, the program will indicate the scanning time and the threats found.
If threats are found, look at them by clicking on the button marked in the figure below.
If there are suspicious objects, the program will write the path to them, description, and type. Here you can move it to quarantine or delete it.

System functions

In addition to checking for viruses and malware, AVZ performs many functions. Let's talk about the most useful ones. To access them, click on "File". A context menu with all functions will open.
Let's look at the most important ones.

System Research

The function will collect information about the system. This is the technical and hardware part. This includes: system files, protocols, processes. By clicking on the “Research” link, a new window will open, where you indicate to the utility what information you need to collect. Having installed everything you need, click on “Start”.
In a new window, the program will offer to save the document. It contains the selected information in html format. Opens in any browser. Next, click “Save”.
Scanning will begin. After its completion, you will be able to view the selected information.

Recovery

These functions can return OS elements to their original state and remove settings. The malware wants to deny access to the “Registry Editor” or “Manager”. Tries to add parameters to system file"hosts". The restore option will unlock these items. To start, click on it and check the boxes for the actions you want to perform. I checked the 11, 13, 17 option. Next, click on “Run”.

Scripts

The list of options found in the “File” menu includes functions that work with scripts. These are “Run”, “Standard”.
By clicking on “Standard” a window will appear with a list of ready-made scripts. Check the boxes as needed. Next, click on “Run”.
Another option will launch the editor. Write the script yourself, or download from your PC. Next, click the “Run” button.

Quarantine and Infected option

By clicking on this item, view the potentially dangerous elements detected by the utility during scanning.
Delete the files (if found), or restore if they are not dangerous.
To have potentially dangerous software quarantined, check the appropriate boxes in the settings.

Services

To view the list of services offered by the program, click on the corresponding “Service” line.
Let's look at the most used ones.

Process Manager

All are displayed here executable files, working in the system. In a new window, look at their description and the path to them.
End the process if necessary. Select it from the list and click on the button with a black cross. Located to the right of the window.

This is a replacement for the dispatcher installed in the system. It is of particular value if it is blocked by a virus.

Services and Driver Manager

The second service on the list. By clicking on it, a window will open where you select the service using the switch: services, drivers all. Select the desired item and then disable, stop or delete it.

Startup manager

Use it to configure settings for programs that start with the system. To disable, uncheck the box next to the selected item. The entry can be completely deleted. To do this, press the button with a black cross on it.

Once deleted, it cannot be restored. Therefore, check carefully so as not to erase important records.

Hosts File Manager

If a virus has written its own values ​​in this file and blocked access, use this option. A new window will display its contents. It won't be possible to add anything. Just delete. This is done using the button with a black cross.

Launching utilities

The program allows you to work with popular applications. To do this, go to “Service” - “System”. Pressing system utilities, you can:


AVZGuard

If you have a virus that cannot be removed, use the AVZGuard function. It adds malware to the list of untrusted software that cannot be operated on. To activate, click on the AVZGuard line.

I would like to note that this function and AVZPM do not work for me, since these technologies are not supported by 64-bit versions of Windows operating systems. Read more about this in the official technical documentation by the address: http://z-oleg.com/secur/avz_doc/index.html?t_install.htm.

Conclusion

I recommend that all users download AVZ. Run the virus scan utility periodically. Its main task is to remove spyware, Trojans and SpyWare. But this does not mean that you do not need to use antiviruses that protect your PC in real time.