AVZ is a virus treatment and system recovery utility. Restoring normal operation with AVZ Restoring windows with avz

System Restore is a special feature of AVZ that allows you to restore a number of system settings corrupted by malware.

System recovery firmware is stored in the anti-virus database and updated as needed.

Recommendation: System Restore should be used only in a situation where there is an exact understanding that it is required. Before using it, it is recommended to backup or system rollback point.

Note: System restore operations write automatic backup data as REG files in the Backup directory of the AVZ working folder.

The database currently contains the following firmware:

1.Restore launch options.exe, .com, .pif files

This firmware restores the system's response to .exe files, com, pif, scr.

Indications for use: After removing the virus, the programs stop running.

Possible risks: minimal, but recommended

2. Reset prefix settings Internet protocols Explorer to Standard

This firmware restores the protocol prefix settings in Internet Explorer

Indications for use: when you enter an address like www.yandex.ru, it is replaced by something like www.seque.com/abcd.php?url=www.yandex.ru

Possible risks: minimal

3.Recovery start page Internet Explorer

This firmware restores the start page in Internet Explorer

Indications for use: start page change

Possible risks: minimal

4.Reset Internet Explorer search settings to default

This firmware restores search settings in Internet Explorer

Indications for use: When you click the "Search" button in IE, there is a call to some extraneous site

Possible risks: minimal

5.Restore desktop settings

This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpapers, removing locks on the menu responsible for desktop settings.

Indications for use: The desktop settings tabs in the "Properties: display" window have disappeared, extraneous inscriptions or drawings are displayed on the desktop

Possible risks: user settings will be deleted, the desktop will return to the default view

6.Removing all Policies (restrictions) of the current user

Windows provides a user action restriction mechanism called Policies. This technology is used by many malware because the settings are stored in the registry and are easy to create or modify.

Indications for use: File Explorer functions or other system functions are blocked.

Possible risks: for operating systems various versions there are default policies, and resetting policies to some standard values not always optimal. To fix policies that are frequently changed by malware problems, you should use the troubleshooting wizard that is safe from possible system failures.

7. Removing the message displayed during WinLogon

Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. This is used by a number malware, and the destruction of the malicious program does not lead to the destruction of this message.

Indications for use: An extraneous message is introduced during system boot.

Possible risks: No

8.Restore explorer settings

This firmware resets a number of File Explorer settings to default settings (the settings changed by malware are the first to be reset).

Indications for use: Explorer settings changed

Possible risks: are minimal, the most characteristic for malware damage to settings is found and fixed by the Troubleshooting Wizard.

9.Removing system process debuggers

Debugger Registration system process allow you to launch the application hidden, which is used by a number of malicious programs

Indications for use: AVZ detects unrecognized debuggers for system processes, problems with launching system components, in particular, the desktop disappears after a reboot.

Possible risks: are minimal, it is possible to disrupt the operation of programs that use the debugger for legitimate purposes (for example, replacing the standard task manager)

10.Restore boot settings in SafeMode

Some malware, such as the Bagle worm, corrupts the system boot settings in Protected Mode. This firmware restores boot settings in protected mode.

Indications for use: The computer does not boot in safe mode (SafeMode). This firmware must be used only in case of problems booting in protected mode.

Possible risks: high, since restoring the default configuration does not guarantee that SafeMode will be fixed. In Security Captivity, the Troubleshooting Wizard finds and fixes specific corrupted SafeMode setting entries

11.Unlock Task Manager

Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, the execution of this microprogram removes the lock.

Indications for use: Task manager blocked, when you try to call the task manager, the message "Task manager has been blocked by the administrator" is displayed.

Possible risks: troubleshooting wizard

12. Clearing HijackThis Ignore List

The HijackThis utility stores a number of its settings in the registry, in particular, a list of exclusions. Therefore, in order to disguise itself from HijackThis, the malware only needs to register its executable files in the exclusion list. V currently A number of malicious programs are known to exploit this vulnerability. AVZ Firmware cleans up HijackThis utility exclusion list

Indications for use: Suspicions that the HijackThis utility does not display all information about the system.

Possible risks: minimal, note that HijackThis ignore settings will be removed

13. Cleaning up the Hosts file

Cleaning the Hosts file comes down to finding the Hosts file, removing all significant lines from it, and adding the standard string "127.0.0.1 localhost".

Indications for use: Suspicions that hosts file modified by malware. Typical symptoms - update blocking antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

Possible risks: medium, note that the Hosts file may contain useful entries

14. Automatic correction of SPl/LSP settings

Performs analysis of SPI settings and, if errors are found, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. It is recommended that you restart your computer after running this firmware. Note! This firmware cannot be run from a terminal session

Indications for use: Internet access was lost after the malware was removed.

Possible risks: medium, before starting it is recommended to create a backup copy

15. Reset SPI/LSP and TCP/IP settings (XP+)

This firmware only works on XP, Windows 2003 and Vista. Its principle of operation is based on resetting and recreating SPI/LSP and TCP/IP settings using the standard netsh utility included with Windows. Details about resetting settings can be found in the Microsoft Knowledge Base - http://support.microsoft.com/kb/299357

Indications for use: After the removal of the malicious program, Internet access was lost and the execution of the firmware "14. Automatic correction of SPl/LSP settings" does not work.

Possible risks: high, before starting it is recommended to create a backup

16. Restoring the Explorer launch key

Restores the system registry keys responsible for launching File Explorer.

Indications for use: Explorer does not start during system boot, but it is possible to start explorer.exe manually.

Possible risks: minimal

17. Unlock Registry Editor

Unlocks Registry Editor by removing the policy that prevents it from running.

Indications for use: Unable to start Registry Editor, when trying, a message is displayed stating that its launch has been blocked by the administrator.

Possible risks: minimal, a similar check is made by the troubleshooting wizard

18. Full re-creation of SPI settings

Performs backup SPI / LSP settings, after which it destroys them and creates them according to the standard that is stored in the database.

Indications for use: Severe damage to SPI settings, unrepairable by scripts 14 and 15.

Note! You should only use a factory reset if necessary if you have unrecoverable problems with Internet access after removing malware!Apply this operation only if necessary, in the case when other SPI recovery methods did not help !

Possible risks: very high, before starting it is recommended to create a backup copy!

19. Clear base MountPoints

Cleans up the MountPoints and MountPoints2 database in the registry.

Indications for use: This operation often helps in the case when, after infection with a Flash virus, disks cannot be opened in Explorer

Possible risks: minimal

20.Remove Static Routes

Deletes all static routes.

Indications for use: This operation helps if some sites are blocked by incorrect static routes.

Possible risks: medium. It is important to note that some ISPs may require static routes for some services to work, and after such a deletion, they will have to be restored according to the instructions on the ISP's website.

21.Replace DNS of all connections with Google Public DNS

Replaces all network adapters in configuration DNS servers to public DNS from Google. Helps if the Trojan has replaced DNS with its own.

Indications for use: DNS spoofing by malware.

Possible risks: medium. Please note that not all providers allow you to use a DNS other than their own.

To perform recovery, you must select one or more items and click the "Perform selected operations" button. Clicking the "OK" button closes the window.

On a note:

Recovery is useless if a Trojan program is running on the system that performs such reconfigurations - you must first remove the malicious program, and then restore the system settings

On a note:

To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to default", "Restore the start Internet pages Explorer", "Reset Internet Explorer protocol prefix settings to default"

On a note:

Any of the microprograms can be executed several times in a row without significant damage to the system. The exceptions are "5. Restoring Desktop Settings" (this firmware will reset all desktop settings and you will have to reselect desktop coloring and wallpaper) and "10. Restoring Boot Settings in SafeMode" (this firmware recreates the registry keys responsible for booting to safe mode), as well as 15 and 18 (reset and recreate SPI settings).

A simple, easy and convenient way to restore performance even without qualifications and skills is possible thanks to the AVZ anti-virus utility. The use of so-called "firmware" (the terminology of the AVZ anti-virus utility) allows you to reduce the entire process to a minimum.

In order for everything to function in your laptop, this will provide a battery for asus laptop, and for the correct functioning of all the "cogs" operating system will not be the last functionality of AVZ.

Help is available for most common user problems. All firmware functionality is called from the menu "File -> System Restore".

1. Restore startup options for .exe, .com, .pif files
   Restoring the standard system reaction to files with the extension exe, com, pif, scr.
   after treatment for the virus, any programs and scripts stopped running.
2. Reset Internet Explorer protocol prefix settings to default
   Recovery default settings protocol prefixes in Internet browser explorer
   Recommendations for use: when entering a web address, for example, www.yandex.ua, it is replaced with an address like www.seque.com/abcd.php?url=www.yandex.ua
3. Restoring the Internet Explorer Start Page
   Just return the start page in Internet Explorer browser
   Recommendations for use: if you changed the start page
4. Reset Internet Explorer search settings to default
   Restore search settings in Internet Explorer
   Recommendations for use: The "Search" button leads to the "left" sites
5. Restoring Desktop Settings
   Removes all active ActiveDesktop items and wallpapers, unlocks the desktop customization menu.
   Recommendations for use: displaying third-party inscriptions and (or) drawings on the desktop
6. Removing all Policies (restrictions) of the current user
   removal of restrictions on user actions caused by changing Policies.
   Recommendations for use: the functionality of the explorer or other functionality of the system was blocked.
7. Removing the message displayed during WinLogon
   Restoring a standard message at system startup.
   Recommendations for use: A third-party message is observed during the system boot process.
8. Restoring File Explorer Settings
   Restores all explorer settings to their default form.
   Recommendations for use: Inadequate explorer settings
9. Removing system process debuggers
   System process debuggers are launched secretly, which is very beneficial for viruses.
   Recommendations for use: for example, after loading, the desktop disappears.
10. Restoring boot settings in safe mode (SafeMode)
    Reanimates the effects of worms such as Bagle, etc.
    Recommendations for use: problems with booting into protected mode (SafeMode), in otherwise use is not recommended.
11. Unlock Task Manager
    Removes the blocking of any attempts to call the task manager.
    Recommendations for use: if instead of the task manager you see the message "Task manager has been blocked by the administrator"
12. Clearing HijackThis Ignore List
    The HijackThis utility saves its settings in the system registry, in particular, a list of exclusions is stored there. Viruses masquerading as HijackThis are registered in this exclusion list.
    Recommendations for use: You suspect that the HijackThis utility does not display all information about the system.
13. 
    All uncommented lines are removed and the only significant line "127.0.0.1 localhost" is added.
    Recommendations for use: changed hosts file. You can check the Hosts file using the Hosts file manager built into AVZ.
14. Automatic correction of SPl/LSP settings
    The SPI settings are analyzed and, if necessary, the errors found are automatically corrected. The firmware can be safely re-run many times. After completion, you need to restart your computer. Attention!!! Firmware must not be used from a terminal session
    Recommendations for use: After the treatment of the virus lost access to the Internet.
15. Reset SPI/LSP and TCP/IP settings (XP+)
    The firmware works exclusively on XP, Windows 2003 and Vista. The regular utility "netsh" from Windows is used. Described in detail in the Microsoft Knowledge Base - http://support.microsoft.com/kb/299357
    Recommendations for use: After the virus was cured, Internet access was lost and firmware No. 14 did not help.
16. Restoring the Explorer Launch Key
    Restoring the system registry keys responsible for launching File Explorer.
    Recommendations for use: After the system boots, explorer.exe can only be started manually.
17. Unlock Registry Editor
    Unlocking the Registry Editor by removing the policy that prevents it from running.
    Recommendations for use: When you try to start the Registry Editor, you get a message that your administrator has blocked it from starting.
18. Complete re-creation of SPI settings
    Makes a backup of all SPI / LSP settings, then creates them to the standard, which is in the database.
    Recommendations for use: When restoring the SPI settings, firmware #14 and #15 did not help you. Dangerous, use at your own peril and risk!
19. Clear the MountPoints database
    The base in the system registry for MountPoints and MountPoints2 is cleared.
    Recommendations for use: for example, you can't open drives in File Explorer.
20. Change DNS of all connections to Google Public DNS
    We change everything DNS addresses used servers on 8.8.8.8

Some useful tips:

• Most of the problems with Hijacker are treated with three firmware - #4 "Reset Internet Explorer search settings to default", #3 "Restore Internet Explorer start page" and #2 "Reset Internet Explorer protocol prefix settings to default".
• All firmware except #5 and #10 can be safely executed multiple times.
• And of course it is useless to fix anything without first removing the virus.

Modern antiviruses have acquired various additional functionality so much that some users have questions in the process of using them. In this lesson, we will tell you about all key features work of AVZ antivirus.

Let's take a closer look at practical examples of what AVZ is. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus should be able to detect malware on the computer and deal with it (treat or remove). It is natural that given function present in AVZ. Let's see in practice what such a check is.

1. We start AVZ.
2. A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. All of them relate to the process of searching for vulnerabilities on a computer and contain different options.



3. On the first tab "Search area" you need to tick those folders and sections of the hard drive you want to scan. A little lower you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will allow you to perform a special heuristic analysis, scan additional running processes and identify even potentially dangerous software.



4. After that, go to the tab "File Types". Here you can choose which data the utility should scan.
5. If you are doing an ordinary check, then it is enough to check the item "Potentially dangerous files". If the viruses have taken root deeply, then you should choose "All files".
6. AVZ, in addition to ordinary documents, easily scans archives, which many other antiviruses cannot boast of. In this tab, it just turns on or off this check. We recommend that you uncheck the box next to the line for checking large archives if you want to achieve the maximum result.
7. In total, your second tab should look like this.



8. Let's move on to the last section. "Search Options".
9. At the very top you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking API and RootKit interceptors, searching for keyloggers, and checking SPI/LSP settings. General form last tab you should have something like this.



10. Now you need to configure the actions that AVZ will take when a particular threat is detected. To do this, you must first check the box next to the line "Perform treatment" v right area window.



11. Opposite each type of threat, we recommend setting the parameter "Delete". The only exceptions are threats of the type hack tool. Here we recommend leaving the parameter "Treat". Also, check the boxes next to the two lines that are located below the list of threats.



12. The second parameter will allow the utility to copy the unsafe document to a designated location. You can then view all the contents, and then safely delete. This is done so that you can exclude from the list of infected data those that are not actually infected (activators, key generators, passwords, and so on).
13. When all the settings and search parameters are set, you can start scanning itself. To do this, click the appropriate button. "Start".



14. The verification process will begin. Her progress will be displayed in a special area "Protocol".
15. After some time, which depends on the amount of data being checked, the scan will end. A message will appear in the log indicating the completion of the operation. The total time spent on the analysis of files, as well as the statistics of the scan and detected threats, will also be indicated here.



16. By clicking on the button, which is marked in the image below, you can see in a separate window all suspicious and dangerous objects that were detected by AVZ during the scan.



17. The path to the dangerous file, its description and type will be indicated here. If you put a checkmark next to the name of such software, you can move it to quarantine or even remove it from your computer. Upon completion of the operation, press the button OK at the bottom.



18. After cleaning the computer, you can close the program window.

System functions

In addition to the standard malware check, AVZ can perform a host of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File". The result will be context menu, which contains all the available helper functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogues of the corresponding buttons in the main menu of AVZ.

System research

This feature will allow the utility to collect all the information about your system. I mean not the technical part, but the hardware. This information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. In it, you can specify what information AVZ should collect. After checking all the necessary checkboxes, you should click the button "Start" at the bottom.


This will open the save window. In it you can choose the location of the document with detailed information, as well as specify the name of the file itself. Please note that all information will be saved as an HTML file. It opens with any web browser. After specifying the path and name for the saved file, you need to click the button "Save".


As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be prompted to immediately view all the information collected.

System Restore

Via this set functions, you can return elements of the operating system to their original appearance and reset various settings. Most often, malware tries to block access to the Registry Editor, Task Manager and prescribe its values ​​​​in the Hosts system document. You can unlock such elements using the option "System Restore". To do this, just click on the name of the option itself, and then tick off the actions that need to be performed.


After that, you need to press the button "Perform marked operations" at the bottom of the window.

A window will appear on the screen asking you to confirm the action.


After a while, you will see a message about the completion of all tasks. Just close this window by clicking the button OK.

Scripts

There are two lines in the list of parameters related to working with scripts in AVZ - "Standard Scripts" and "Run Script".

Clicking on a line "Standard Scripts", you will open a window with a list of already ready-made scripts. All you have to do is tick the ones you want to run. Then click on the button at the bottom of the window. "Run".


In the second case, you will launch the script editor. Here you can write it yourself or download one from your computer. Do not forget to press the button after writing or downloading "Run" in the same window.

Database update

This item is the most important of the list. By clicking on the corresponding line, you will open the AVZ database update window.

We do not recommend changing the settings in this window. Leave everything as it is and press the button "Start".


After a while, a message will appear on the screen stating that the database update has been completed. You just have to close this window.

Viewing the Contents of the Quarantine and Infected Folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ found during the scan of your system.

In the windows that open, you can permanently delete such files or restore them if they do not really pose a threat.


Please note that in order for suspicious files to be placed in these folders, you must check the appropriate checkboxes in the system scan settings.

This is the last option from this list, which may be needed by an ordinary user. As the name implies, these options allow you to save the antivirus's preliminary configuration (search method, scan mode, and so on) to your computer, and also download it back.

When saving, you will only need to specify the file name, as well as the folder in which you want to save it. When loading a configuration, simply select the desired file with settings and click the button "Open".

Exit

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - upon detection of a particularly dangerous software- AVZ blocks all methods of its own closing, except for this button. In other words, you will not be able to close the program with a keyboard shortcut. "Alt+F4" or by clicking on the banal cross in the corner. This is done so that viruses cannot interfere with the correct operation of AVZ. But by clicking this button, you can close the antivirus if necessary for sure.

In addition to the options described, there are also others in the list, but they are most likely not needed. ordinary users. Therefore, we did not focus on them. If you still need help with the use of functions not described, write about it in the comments. And we are moving on.

List of services

To see complete list services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the previous section, we will only go over those that may be useful to the average user.

Process Manager

By clicking on the very first line from the list, you will open a window "Process Manager". In it you can see a list of all executable files that are running on a computer or laptop in this moment time. In the same window, you can read the description of the process, find out its manufacturer and the full path to the executable file itself.


You can also terminate a particular process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.


This service is an excellent replacement for the standard Task Manager. The service acquires special value in situations where it "Task Manager" blocked by a virus.

Service and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.


You can select the desired item, after which you will have the options of enabling, disabling or complete removal service/driver. These buttons are located at the top of the workspace.

Autostart manager

This service will allow you to fully configure autorun settings. Moreover, unlike standard managers, this list includes system modules. By clicking on the line with the same name, you will see the following.


In order to disable the selected element, you only need to uncheck the box next to its name. In addition, it is possible to completely delete the necessary entry. To do this, simply select the desired line and click on the button in the form of a black cross at the top of the window.

Please note that the deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup entries.

Host File Manager

We mentioned a little above that the virus sometimes writes its own values ​​​​to the system file Hosts. And in some cases, malware also blocks access to it so that you cannot correct the changes you have made. This service will help you in such situations.

By clicking in the list on the line shown in the image above, you will open the manager window. You cannot add your own values ​​here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then click the delete button, which is located in the upper area of ​​​​the working area.


After that, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".


When the selected line is deleted, you only need to close this window.

Be careful not to delete those lines whose purpose you do not know. To file Hosts can prescribe their values ​​not only viruses, but also other programs.

System Utilities

With AVZ, you can also run the most requested system utilities. You can see their list if you hover your mouse over the line with the corresponding name.


By clicking on the name of a particular utility, you will launch it. After that, you can make changes in the registry (regedit), configure the system (msconfig) or check system files (sfc).

These are all the services we wanted to mention. Novice users are unlikely to need a protocol manager, extensions, etc. additional services. Such functions are more suitable for more advanced users.

AVZGuard

This feature has been designed to fight the most cunning viruses that in standard ways do not delete. It simply adds malware to the list of untrusted software, which is prohibited from performing its operations. To enable this feature, you need to click on the line AVZGuard in the upper region of AVZ. In the drop-down box, click on the item "Enable AVZGuard".

Be sure to close everything third party applications before enabling this feature, as otherwise they will also be included in the list of untrusted software. In the future, the operation of such applications may be disrupted.

All programs that are marked as trusted will be protected from removal or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After that, you should disable AVZGuard back. To do this, again click on the same line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology mentioned in the name will monitor all started, stopped and modified processes/drivers. To use it, you must first enable the corresponding service.

Click on the line AVZPM at the top of the window.
In the dropdown menu, click on the line "Install Advanced Process Monitoring Driver".


Within a few seconds, the necessary modules will be installed. Now, when changes are detected in any processes, you will receive a notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down box. This will unload all AVZ processes and remove previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be gray and inactive. This means that you have an x64 operating system installed. Unfortunately, the mentioned utilities do not work on OS with this bit depth.

This article has come to its logical conclusion. We have tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We are happy to pay attention to each question and try to give the most detailed answer.

The main features of AVZ are virus detection and removal.

The AVZ anti-virus utility is designed to detect and remove:

• SpyWare and AdWare modules - this is the main purpose of the utility
• Dialer (Trojan.Dialer)
• Trojans
• BackDoor modules
• Network and mail worms
• TrojanSpy, TrojanDownloader, TrojanDropper

The utility is a direct analog of TrojanHunter and LavaSoft Ad-aware 6 programs. The primary task of the program is to remove SpyWare and Trojans.

The features of the AVZ utility (in addition to the typical signature scanner) are:

• Heuristic system check firmware. Firmware searches for known SpyWare and viruses by indirect signs - based on the analysis of the registry, files on disk and in memory.
• Updated database of safe files. It includes digital signatures of tens of thousands of system files and files of known safe processes. The database is connected to all AVZ systems and works on the "friend/foe" principle - safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services with color, the search for files on the disk can exclude known files from the search (which is very useful when searching for Trojans on the disk);
• Built-in Rootkit detection system. The search for RootKit goes without the use of signatures based on the study of basic system libraries in order to intercept their functions. AVZ can not only detect RootKit, but also correctly block the operation of UserMode RootKit for its process and KernelMode RootKit at the system level. RootKit opposition extends to everything service functions AVZ, as a result, the AVZ scanner can detect masked processes, the registry search system "sees" masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasure system is its performance in Win9X (the widespread opinion about the absence of RootKits running on the Win9X platform is deeply erroneous - hundreds of Trojans are known that intercept API functions to mask their presence, to distort the operation of API functions or monitor their use). Another feature is the universal KernelMode RootKit detection and blocking system, which works under Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
• Detector keyloggers(Keylogger) and Trojan DLLs. The search for Keylogger and Trojan DLLs is based on system analysis without the use of a signature database, which makes it possible to reliably detect previously unknown Trojan DLLs and Keyloggers;
• Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator that allows you to analyze suspicious files using a neural network. Currently, the neural network is used in the keylogger detector.
• Built-in analyzer of Winsock SPI/LSP settings. Allows you to analyze settings, diagnose possible mistakes in setup and perform automatic treatment. The possibility of automatic diagnostics and treatment is useful for novice users (there is no automatic treatment in utilities like LSPFix). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The operation of the Winsock SPI/LSP analyzer is affected by an anti-rootkit;
• Built-in manager of processes, services and drivers. Designed to be explored running processes and loaded libraries, running services and drivers. The operation of the process manager is affected by the anti-rootkit (as a result, it "sees" the processes masked by the rootkit). The process manager is linked to the AVZ safe files database, recognized safe and system files are highlighted in color;
• Built-in utility for searching files on a disk. Allows you to search for a file by various criteria, the capabilities of the search system are superior to those of the system search. The operation of the search system is affected by the anti-rootkit (as a result, the search "sees" the files masked by the rootkit and can delete them), the filter allows you to exclude from the search results files identified by AVZ as safe. Search results are available as a text log and as a table where you can mark a group of files for later deletion or quarantine
• Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern, the search results are available in the form of a text protocol and in the form of a table in which several keys can be marked for export or deletion. The operation of the search system is affected by the anti-rootkit (as a result, the search "sees" the registry keys masked by the rootkit and can delete them)
• Built-in analyzer of open TCP/UDP ports. It is affected by the anti-rootkit, in Windows XP, for each port, the process using the port is displayed. The analyzer relies on an updated database of known Trojan/Backdoor ports and known system services. The search for Trojan ports is included in the main system check algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojans tend to use this port
• Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP.
• Built-in analyzer Downloaded Program Files (DPF) - displays DPF elements, connected to all AVZ systems.
• System recovery firmware. Firmware performs restores Internet settings Explorer, program launch settings, and other system settings corrupted by malware. Restoration is started manually, parameters to be restored are specified by the user.
• Heuristic file deletion. Its essence is that if malicious files were removed during the treatment and this option is enabled, then an automatic examination of the system is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI / LSP, etc. . All found references to a deleted file are automatically purged, and information about what exactly was purged and where was entered into the log. For this cleaning, the system treatment microprogram engine is actively used;
• Checking archives. Starting from version 3.60 AVZ supports scanning of archives and compound files. At the moment, ZIP, RAR, CAB, GZIP, TAR archives are checked; letters Email and MHT files; CHM archives
• Checking and treating NTFS streams. Checking NTFS streams is included in AVZ since version 3.75
• Control scripts. Allows the administrator to write a script that performs a set of specified operations on the user's PC. Scripts allow you to use AVZ in corporate network, including its launch during system boot.
• Process Analyzer. The analyzer uses neural networks and analysis firmware, it is enabled when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory.
• AVZGuard system. Designed to fight against hard-to-remove malware, in addition to AVZ, it can protect user-specified applications, such as other anti-spyware and anti-virus programs.
• Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and place them in quarantine.
• AVZPM process and driver monitoring driver. Designed to track the start and stop of processes and loading / unloading drivers to search for masquerading drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
• Boot Cleaner driver. Designed to clean up the system (remove files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both in the process of restarting the computer, and during the treatment.

Restoring system settings.

• Repair launch options.exe .com .pif
• Reset IE settings
• Restoring Desktop Settings
• Removing all user restrictions
• Deleting a message in Winlogon
• Restoring File Explorer Settings
• Removing system process debuggers
• Restoring Safe Mode Boot Settings
• Unlock Task Manager
• Cleaning up the host file
• Fixing SPI/LSP Settings
• Reset SPI/LSP and TCP/IP settings
• Unlocking the Registry Editor
• Clearing MountPoints keys
• Replacing DNS servers
• Removing the proxy setting for the IE/EDGE server
• Removing Google Restrictions

Program tools:

• Process Manager
• Service and Driver Manager
• Kernel space modules
• Internal DLL Manager
• Registry Search
• File search
• Search by cookie
• Startup manager
  
• Browser extension manager
• Control Panel Applet Manager (cpl)
• File Explorer Extension Manager
• Print Extension Manager
• Task Scheduler Manager
• Protocol and handler manager
• DPF manager
• Active Setup Manager
• Winsock SPI Manager
• Host File Manager
• TCP/UDP port manager
• General Manager network resources and network connections
• A set of system utilities
• Checking a file against the safe files database
• Checking a file against the Microsoft Security Catalog
• Calculating MD5 sums of files
  

Here is such a rather big set to save your computer from various infections!

You may need to launch the AVZ utility when contacting Kaspersky Lab technical support.
With the AVZ utility you can:

• receive a report on the results of the study of the system;
• execute the script provided by the expert technical support"Kaspersky Lab"
  to create a Quarantine and delete suspicious files.

The AVZ utility does not send statistics, does not process information, and does not transfer it to Kaspersky Lab. The report is saved on the computer in the form of HTML and XML files, which are available for viewing without the use of special programs.

The AVZ utility can automatically create a Quarantine and place copies of suspicious files and their metadata into it.

Objects placed in Quarantine are not processed, are not transferred to Kaspersky Lab, and are stored on the computer. We do not recommend restoring files from Quarantine, they can harm your computer.

What data is contained in the AVZ utility report

The AVZ utility report contains:

• Information about the version and release date of the AVZ utility.
• Information about anti-virus databases AVZ utility and its main settings.
• Information about the version of the operating system, the date it was installed, and the user rights with which the utility was launched.
• Search results for rootkits and programs intercepting the main functions of the operating system.
• Search results for suspicious processes and details about those processes.
• Search results for common malware by their characteristic properties.
• Information about errors found during validation.
• Search results for hooks for keyboard, mouse, or window events.
• Search results for open TCP and UDP ports used by malware.
• Information about suspicious keys system registry, file names on the disk, and system settings.
• Search results for potential operating system vulnerabilities and security issues.
• Information about corrupted operating system settings.

How to execute a script using the AVZ utility

Use the AVZ utility only under the guidance of a Kapersky Lab technical support specialist as part of your request. Doing it yourself can damage the operating system and cause data loss.

1. Download the AVZ utility executable file.
2. Run avz5.exe on your computer. If Windows Defender SmartScreen prevented avz5.exe from running, click More → Run anyway in the window Windows system protected your computer.
3. Go to section File→ Run script.

1. Paste in the input field the script that you received from the technical support specialist of Kapersky Lab.
2. Click Run.

1. Wait for the utility to finish and follow the further recommendations of the Kapersky Lab technical support specialist.