AVZ for Windows

5.14

Description
AVZ is a powerful AVZ antivirus utility. Designed to detect and remove:

SpyWare and AdWare modules, – Dialer (Trojan.Dialer);
Trojan programs;
BackDoor modules;
Network and mail worms;
TrojanSpy, TrojanDownloader, TrojanDropper.
The features of the AVZ utility (in addition to a typical signature scanner) are
Heuristic system check firmware;
Firmware searches for known SpyWare and viruses by indirect signs – based on the analysis of the registry, files on disk and in memory;
Updated database of safe files. It includes digital signatures of tens of thousands of system files and files of known safe processes. The database is connected to all AVZ systems and works on the “friend/foe” principle – safe files are not quarantined, deletion and warnings are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services with color, the search for files on the disk can exclude known files from the search (which is very useful when searching for Trojans on the disk);
Built-in Rootkit detection system. The search for RootKit goes without the use of signatures based on the study of basic system libraries in order to intercept their functions. AVZ can not only detect RootKit, but also correctly block the operation of UserMode RootKit for its process and KernelMode RootKit at the system level. RootKit countermeasures apply to all AVZ service functions, as a result, the AVZ scanner can detect masked processes, the registry search system “sees” masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. In my opinion, one of the main features of the RootKit countermeasure system is its performance in Win9X (the widespread opinion about the absence of RootKit running on the Win9X platform is deeply erroneous – hundreds of Trojans are known to intercept API functions to mask their presence, to distort the operation of API functions or monitor their use). Another feature is the universal KernelMode RootKit detection and blocking system, which works under Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1 – Keylogger and Trojan DLL detector. The search for Keylogger and Trojan DLLs is based on the analysis of the system without using the signature database, which makes it possible to reliably detect previously unknown Trojan DLLs and Keylogger;

Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neuroemulator that allows you to analyze suspicious files using a neural network. Currently, the neural network is used in the keylogger detector. – Built-in analyzer of Winsock SPI/LSP settings. Allows you to analyze the settings, diagnose possible errors in the settings and perform automatic treatment. The possibility of automatic diagnostics and treatment is useful for novice users (there is no automatic treatment in utilities like LSPFix). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The operation of the Winsock SPI/LSP analyzer is affected by an anti-rootkit; – Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The operation of the process manager is affected by the anti-rootkit (as a result, it “sees” the processes masked by the rootkit). The process manager is linked to the AVZ safe files database, recognized safe and system files are highlighted in color;
Built-in utility for searching files on a disk. Allows you to search for a file by various criteria, the capabilities of the search system are superior to those of the system search. The operation of the search system is affected by the anti-rootkit (as a result, the search “sees” the files masked by the rootkit and can delete them), the filter allows you to exclude from the search results files identified by AVZ as safe. Search results are available in the form of a text log and in the form of a table in which you can mark a group of files for subsequent deletion or quarantine;
Built-in utility for searching data in the registry. Allows you to search for keys and parameters according to a given pattern, the search results are available in the form of a text protocol and in the form of a table in which several keys can be marked for export or deletion. The operation of the search system is affected by the anti-rootkit (as a result, the search “sees” the registry keys masked by the rootkit and can delete them).
Built-in analyzer of open TCP/UDP ports. It is affected by the anti-rootkit, in Windows XP, for each port, the process using the port is displayed. The analyzer relies on an updated database of known Trojan/Backdoor ports and known system services;
The search for Trojan ports is included in the main system check algorithm – when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojans tend to use this port;
Built-in analyzer of shared resources, network sessions and files opened over the network. Works in Win9X and Nt/W2K/XP. – Built-in analyzer Downloaded Program Files (DPF) – displays DPF elements, connected to all AVZ systems;
System recovery firmware. Firmware restores Internet Explorer settings, program launch options, and other system settings corrupted by malware. Restoration is started manually, parameters to be restored are specified by the user;
Heuristic file deletion. Its essence is that if malicious files were removed during the treatment and this option is enabled, then an automatic examination of the system is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available to AVZ, Winlogon, SPI / LSP, etc. . – All found links to a deleted file are automatically cleaned up with the entry into the protocol of information about what exactly and where was cleaned up. For this cleaning, the system treatment microprogram engine is actively used;
Checking archives. Starting from version 3.60 AVZ supports scanning of archives and compound files. At the moment, ZIP, RAR, CAB, GZIP, TAR archives are checked; emails and MHT files; CHM archives – Checking and treating NTFS streams. Checking NTFS streams is included in AVZ since version 3.75 – Control scripts. Allows the administrator to write a script that performs a set of specified operations on the user’s PC. Scripts allow you to use AVZ in a corporate network, including its launch during system boot;
Process Analyzer. The analyzer uses neural networks and analysis firmware, it is enabled when advanced analysis is enabled at the maximum heuristic level and is designed to search for suspicious processes in memory. – AVZGuard system. Designed to fight hard-to-remove malware, in addition to AVZ, it can protect user-specified applications, such as other anti-spyware and anti-virus programs;

Direct disk access system for working with locked files. Works on FAT16/FAT32/NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and place them in quarantine. – Process monitoring driver and AVZPM drivers. Designed to track the start and stop of processes and load / unload drivers to search for drivers in disguise and detect distortions in the structures describing processes and drivers created by DKOM rootkits;
Boot Cleaner driver. Designed to clean up the system (remove files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both in the process of restarting the computer, and during the treatment.