Menu
homeMicrosoft

Script for removing viruses in avz. An indispensable “software” for a lazy system administrator, or How to use the AVZ anti-virus utility? The main features of AVZ are virus detection and removal

An excellent program for removing viruses and restoring the system is AVZ (Zaitsev Anti-Virus). You can download AVZ by clicking on the orange button after generating links.And if a virus blocks the download, then try downloading the entire anti-virus set!

The main capabilities of AVZ are virus detection and removal.

AVZ antivirus utility is designed to detect and remove:

  • SpyWare and AdWare modules are the main purpose of the utility
  • Dialer (Trojan.Dialer)
  • Trojan programs
  • BackDoor modules
  • Network and mail worms
  • TrojanSpy, TrojanDownloader, TrojanDropper

The utility is a direct analogue of the TrojanHunter and LavaSoft Ad-aware 6 programs. The primary task of the program is to remove SpyWare and Trojan programs.

Features of the AVZ utility (in addition to the standard signature scanner) are:

  • Heuristic system check microprograms. Firmware searches for known SpyWare and viruses based on indirect signs - based on analysis of the registry, files on disk and in memory.
  • Updated database of secure files. It includes digital signatures of tens of thousands of system files and files of known safe processes. The database is connected to all AVZ systems and works on the “friend/foe” principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color; searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojan programs on the disk);
  • Built-in Rootkit detection system. The RootKit search is carried out without the use of signatures, based on a study of basic system libraries to intercept their functions. AVZ can not only detect RootKit, but also correctly block UserMode RootKit for its process and KernelMode RootKit at the system level. The RootKit countermeasures apply to all AVZ service functions; as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasures system is its functionality in Win9X (the widespread opinion about the absence of RootKit working on the Win9X platform is deeply erroneous - hundreds of Trojan programs are known that intercept API functions to mask their presence, to distort the operation of API functions or to monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, compatible with Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
  • Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is carried out based on system analysis without using a signature database, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
  • Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator, which allows you to examine suspicious files using a neural network. Currently, the neural network is used in a keylogger detector.
  • Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze settings, diagnose possible errors in settings and perform automatic treatment. The ability to automatically diagnose and treat is useful for novice users (utilities like LSPFix do not have automatic treatment). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The Winsock SPI/LSP analyzer is covered by the anti-rootkit;
  • Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The work of the process manager is covered by the anti-rootkit (as a result, it “sees” processes masked by the rootkit). The process manager is linked to the AVZ safe file database; identified safe and system files are highlighted in color;
  • Built-in utility for searching files on disk. Allows you to search a file using various criteria; the capabilities of the search system exceed those of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” files masked by the rootkit and can delete them); the filter allows you to exclude files identified by AVZ as safe from the search results. Search results are available as a text log and as a table in which you can mark a group of files for later deletion or quarantine
  • Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern; search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is covered by the anti-rootkit (as a result, the search “sees” registry keys masked by the rootkit and can delete them)
  • Built-in analyzer of open TCP/UDP ports. It is covered by an anti-rootkit; in Windows XP, the process using the port is displayed for each port. The analyzer is based on an updated database of ports of known Trojan/Backdoor programs and known system services. The search for Trojan program ports is included in the main system scanning algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojan programs are likely to use this port
  • Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
  • Built-in Downloaded Program Files (DPF) analyzer - displays DPF elements, connected to all AVZ systems.
  • System recovery firmware. Firmware restores Internet Explorer settings, program launch settings, and other system parameters damaged by malware. Restoration is started manually, the parameters to be restored are specified by the user.
  • Heuristic file deletion. Its essence is that if malicious files were deleted during treatment and this option is enabled, then an automatic system scan is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI/LSP, etc. . All found links to a deleted file are automatically cleared, with information about what exactly was cleared and where it was recorded in the log. For this cleaning, the system treatment firmware engine is actively used;
  • Checking archives. Starting from version 3.60, AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are checked; emails and MHT files; CHM archives
  • Checking and treating NTFS streams. Checking NTFS streams is included in AVZ starting from version 3.75
  • Control scripts. Allow the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ on a corporate network, including its launch during system boot.
  • Process analyzer. The analyzer uses neural networks and analysis firmware; it is turned on when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.
  • AVZGuard system. Designed to combat hard-to-remove malware, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
  • Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and quarantine them.
  • Driver for monitoring processes and drivers AVZPM. Designed to monitor the start and stop of processes and loading/unloading of drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
  • Boot Cleaner Driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the process of restarting the computer and during treatment.

Restoring system parameters.

  • Restoring startup parameters.exe .com .pif
  • Reset IE settings
  • Restoring desktop settings
  • Remove all user restrictions
  • Deleting a message in Winlogon
  • Restoring File Explorer settings
  • Removing system process debuggers
  • Restoring Safe Mode boot settings
  • Unblocking the task manager
  • Cleaning the host file
  • Correcting SPI/LSP settings
  • Resetting SPI/LSP and TCP/IP settings
  • Unlocking Registry Editor
  • Cleaning MountPoints Keys
  • Replacing DNS servers
  • Removing the proxy setting for the IE/EDGE server
  • Removing Google Restrictions


Program tools:

  • Process Manager
  • Services and Driver Manager
  • Kernel space modules
  • Internal DLL Manager
  • Search the registry
  • Search files
  • Search by Coocie
  • Startup Manager
  • Browser Extension Manager
  • Control Panel Applet Manager (cpl)
  • Explorer Extensions Manager
  • Print Extension Manager
  • Task Scheduler Manager
  • Protocol and Handler Manager
  • DPF Manager
  • Active Setup Manager
  • Winsock SPI Manager
  • Hosts File Manager
  • TCP/UDP Port Manager
  • Network Shares and Network Connections Manager
  • A set of system utilities
  • Checking a file against the database of safe files
  • Checking a file against the Microsoft Security Catalog
  • Calculating MD5 sums of files

Here is a rather large kit to save your computer from various infections!

Good day, dear blog readers. In the first part of the article, we discussed some of their types and common methods of removing them without an antivirus.

But since in this way it is basically possible to remove viruses, not the most harmful purpose, then today we will take on more serious viral threats that are better able to hide, do harm and multiply.

To remove viruses from your computer we will use an excellent utility AVZ. The program itself is not an antivirus that can perform, but only serves as a powerful utility with which you can remove viruses.

To start this procedure, you will need to download the AVZ () utility and run it.

By the way, the utility does not require installation, which means viruses will not have time to calculate it as an installed application. This is another one + to so useful to the point of disgrace AVZ utility🙂

Have you downloaded AVZ? Great. Let's launch AVZ and press file - database update.



Then press start and wait for this window to appear.



If it appears, then everything is not so bad for you. In the case of a large abundance of different species viruses on a computer, they can easily prevent you from accessing the Internet.

If it hasn’t been updated, it’s okay, we just continue to do everything as written below.

2 How to remove a virus

Certainly It won't be possible in less than a day. But believe me, it's worth it. Moreover, such a check needs to be performed only once.

All subsequent checks (as mentioned above) can be carried out in a simplified mode, which means the procedure itself will not take you more than 30 minutes.

The last tab is the search options. Everything is simple here, we set everything to maximum and check all the boxes except error correction.



In a nutshell, we use the slider to set the most thorough analysis. And by checking the boxes we select blocking rootkits (more details later) and searching for and eliminating keyloggers (more details later).


And install the process monitoring driver AVZPM.



The final touch - click "Start". Until the end of the check, no further intervention is required.



After cleaning, remove the monitoring driver that we recently installed. Click file exit🙂



After checking, we reboot and enjoy a clean computer. By the way, after a reboot, a window about a new found device may pop up.

Go to the device manager (for more information about the manager, read the article about how to find a driver for), and remove the unknown device with a question mark.

AVZ is a vital program for every computer with an operating system Windows. Its advantages are:

- speed.

- does not require installation.

— does not conflict with the installed antivirus.

— cleans out viruses completely.

There are also completely hopeless situations when viruses are not allowed into the computer, but we will talk about this later, we will also look at the most dangerous viruses separately. so as not to miss.

Now you know how to remove a virus from your computer. The cleaning procedure took an entire article. And it seems complicated, but at first, after two or three cleanings, you yourself will notice how you do everything automatically, like me🙂 AND viruses will become much smaller.

By the way, after cleaning, your system may be damaged. To troubleshoot possible problems, I recommend reading the article about

So, how to carry out treatment and how and how to quickly and extremely accurately kill these evil non-biological creatures of electronic origin that have settled on your computer and are causing you harm.

An antivirus utility will help us with this task. AVZ, which, by the way, is not a full-fledged antivirus (which is very useful for us, because it does not conflict with what is already installed), but just a utility, and does not require installation, but it helps even in the most difficult cases. It is with the help AVZ, perhaps it is possible to let the system breathe freely enough again to at least install a normal antivirus and destroy all other defects with its help.

Removing viruses using AVZ

Attention: We do everything exactly as described below.


Attention! During the scan, most likely, you will not be able to run almost any program on the computer, or access the system drive (usually C:\). It is better to leave the computer alone during the test. The fact is that AVZ thus blocks all possible movements of viruses, programs, spyware, etc., i.e. any attempts to deceive the scanner (to run away, hide, pretend to be something else, etc.) or to cause harm with the last breath.

Actions after removing AVZ viruses

Click AVZPM -> “Remove and unload the advanced process monitoring driver“. Then " File” -> “Exit” and be sure to restart your computer.

After the reboot, you may be prompted to install unknown hardware found - do not be alarmed and cancel the offer. It shouldn't bother you anymore. If it still continues to appear, then do the following:


Start - Settings - Control Panel - System - Hardware - Device Manager. Find something there with a yellow question mark and delete it.


If it doesn’t help, then the same AVZ, try the following File- Standard Scripts- check the box “ Removing All AVZ Drivers and Registry Keys" and press " Execute marked scripts“.

If you still can’t remove it yourself, you can contact me.

The AVZ anti-virus utility is a system research and recovery tool, and is designed to automatically or manually search and remove:

  • SpyWare and AdWare modules are the main purpose of the utility
  • Dialer (Trojan.Dialer)
  • Trojan programs
  • BackDoor modules
  • Network and mail worms
  • TrojanSpy, TrojanDownloader, TrojanDropper
    • This utility is not a full-fledged antivirus program (which, by the way, is good, because it does not conflict with what is already installed). AVZ is a utility that does not require installation and is a good helper in the most unpredictable cases. Often, it is with the help of AVZ that it is possible to let the system breathe wide enough again to at least revive/install a normal antivirus and finish off any riffraff with it.
    Anyway, let's get started.

    We do everything strictly as described. Deviations from the instructions may result in poor cleaning.

  • Download the AVZ antivirus utility from here or via search engine.
  • We unpack the archive wherever it is convenient for you.
  • We go to the folder where we unpacked the program and run avz.exe there. In the program window select File –> Database update.

    • At the end of the line Settings: button with three dots, clicking on it takes you to the settings window.

    When the database update process is complete, click Close.On the tab, check all hard drives and flash drives (if not inserted, then insert).

  • Place a checkmark on the right - Carry out treatment.
  • In the first four lines we select Delete, in the penultimate Treat, and in the last one too Delete.
  • Also check the boxes Copy deleted files to Infected And Copy suspicious files to quarantine.

    • Go to the tab

  • very long: put a circle All files uncheck the box.
  • long: put a circle All files do not uncheck the box Do not scan archives larger than 10MB.
  • quick: put a circle Potentially dangerous files do not uncheck the box Do not scan archives larger than 10MB.
    • What is the difference? The difference is in the quality of the check - the longer, the more thorough and the greater the chance that all viruses will be removed.

    Go to the tab.

    Heuristic analysis
  • Slider Heuristic analysis move to the top
  • put a tick Advanced Analysis
    • Anti-RootKit
  • put a tick Detect API interceptors And RootKit
  • put a tick Block RootKit User-Mode
  • put a tick RootKit Kerner-Mode
    • This is necessary so that not a single virus can escape anywhere or launch anything that interferes with the operation of the antivirus.
    Winsock Service Provider
  • put a tick Check SPI/LSP settings
  • put a tick Automatically correct errors in SPI/LSP
    • Check the boxes even lower Search for keyboard loggers Keyloggers And Search for TCP/UDP ports of Trojan programs.

    Next click

    Enable AVZGuard

    Next, click AVZPM

    Install the advanced process monitoring driver. If a reboot is required, agree, but keep in mind that you will have to do everything except install the driver again.
    That's it. Click the “Start” button and wait for the test to complete.

    Attention! During the check, most likely, you will not be able to run almost any program on the computer, or enter the system drive (usually C:\). It's better to leave the computer alone.
    The fact is that AVZ thus blocks all possible movements of viruses, programs, spyware, etc., i.e. any attempts to deceive the scanner (to run away, hide, pretend to be something else, etc.) or to make a dirty trick with their last breath.

    Actions after removing AVZ viruses

    Click AVZPM -> Remove and unload the advanced process monitoring driver. Then File ->Exit and be sure to restart your computer.
    After the reboot, you may be prompted to install unknown hardware found - do not be alarmed and cancel the offer. It shouldn't bother you anymore. If it still appears, then do:
    Start – Settings – Control Panel – System – Hardware – Device Manager. There, find something with a yellow question mark and delete it.
    If it doesn’t help, then in the same AVZ, try doing File - Standard Scripts– check the box Removing All AVZ Drivers and Registry Keys and press Execute marked scripts

    Don’t panic if, during the scan, the utility found those that work with the network, are able to make calls, or are programs registered in the startup. It is likely that this is not a virus, but something from utility software. As for suspicious files found but not deleted: after such a scan (even a quick one), most likely, most of the serious (or not so serious) viruses that lived on you up to this point have not survived on your computer, but I strongly recommend that you will be checked by some full-fledged large Anti-Virus.

    In addition to the above actions, AVZ can restore and clean the system. (