Junior Moderator
AVZ - AVZ antivirus utility is designed to detect and remove: SpyWare and AdWare modules - this is the main purpose of the utility; Dialer (Trojan.Dialer); Trojans; BackDoor modules; Network and mail worms; TrojanSpy, TrojanDownloader, TrojanDropper
Features of the AVZ utility (in addition to the typical signature scanner) are:
- Firmware heuristic check of the system. Firmware searches for known SpyWare and viruses by indirect signs - based on the analysis of the registry, files on disk and in memory.
- Updatable database of safe files. It includes digital signatures of tens of thousands of system files and files of known secure processes. The database is connected to all AVZ systems and works on the principle of "friend / foe" - safe files are not quarantined, they are blocked from deleting and displaying warnings, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services in color, searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojans on the disk);
- Built-in Rootkit detection system. The search for RootKit is carried out without the use of signatures based on the study of the basic system libraries for the interception of their functions. AVZ can not only detect the RootKit, but also correctly block the UserMode RootKit for its process and the KernelMode RootKit at the system level. The RootKit counteraction applies to all AVZ service functions, as a result, the AVZ scanner can detect masked processes, the registry search system "sees" masked keys, etc. One of the main features of the RootKit counteraction system, in my opinion, is its performance in Win9X (the widespread opinion about the absence of RootKits, working on the Win9X platform, is deeply erroneous - there are hundreds of Trojans that intercept API functions to mask their presence, to distort the operation of API functions or monitor their use). Another feature is the universal detection and blocking system KernelMode RootKit, which works under Windows NT, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
- Detector of keyloggers (Keylogger) and Trojan DLLs. The search for Keylogger and Trojan DLLs is carried out on the basis of system analysis without using a database of signatures, which allows you to confidently detect previously unknown Trojan DLLs and Keylogger;
- Neuroanalyzer. In addition to the signature analyzer, AVZ contains a neural emulator that allows you to study suspicious files using a neural network. Currently, the neural network is used in the keylogger detector.
- Built-in Winsock SPI/LSP settings analyzer. Allows you to analyze the settings, diagnose possible errors in the settings and perform automatic treatment. The ability to automatically diagnose and disinfect is useful for novice users (there is no automatic disinfection in utilities such as LSPFix). To study SPI/LSP manually, the program has a special LSP/SPI settings manager. The operation of the Winsock SPI/LSP analyzer is covered by an anti-rootkit;
- Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The operation of the process manager is subject to the action of the anti-rootkit (as a result, it "sees" the processes masked by the rootkit). The process manager is associated with the AVZ safe file database, identified safe and system files are highlighted;
- Built-in utility to search for files on the disk. Allows you to search for a file according to various criteria, the capabilities of the search system exceed the capabilities of the system search. The operation of the search system is covered by the anti-rootkit (as a result, the search "sees" files masked by the rootkit and can delete them), the filter allows you to exclude files identified by AVZ as safe from the search results. The search results are available in the form of a text protocol and in the form of a table in which you can mark a group of files for later deletion or quarantine
- Built-in utility to search for data in the registry. Allows you to search for keys and parameters according to a given sample, the search results are available in the form of a text protocol and in the form of a table in which you can mark several keys for their export or deletion. The operation of the search system is subject to the anti-rootkit (as a result, the search "sees" the registry keys masked by the rootkit and can delete them)
- Built-in TCP/UDP open port analyzer. It is covered by an anti-rootkit, and in Windows XP, the process that uses the port is displayed for each port. The analyzer relies on an up-to-date database of ports of well-known Trojan/Backdoor programs and well-known system services. The search for Trojan ports is included in the main system scan algorithm - if suspicious ports are detected, warnings are displayed in the protocol indicating which Trojans are characteristic of using this port
- Built-in analyzer of shared resources, network sessions, and files opened over the network. Works in Win9X and in Nt/W2K/XP.
- Built-in analyzer Downloaded Program Files (DPF) - displays DPF elements, connected to all AVZ systems.
- System Recovery Firmware. Firmware restores Internet Explorer settings, program launch settings, and other system settings that are damaged by malware. Recovery is started manually, and the parameters to be restored are specified by the user.
- Heuristic deletion of files. Its essence lies in the fact that if malicious files were deleted during the treatment and this option is enabled, then an automatic system study is performed, covering classes, BHO, IE and Explorer extensions, all types of autorun available AVZ, Winlogon, SPI / LSP, etc. For this cleaning, the system treatment firmware engine is actively used;
- Checking archives. Supports scanning archives and compound files. At the moment, archives of ZIP, RAR, CAB, GZIP, TAR format are checked; e-mails and MHT files; CHM archives
- Checking and disinfecting NTFS threads. NTFS stream validation is enabled in AVZ since version 3.75
- Management scripts. Allow the administrator to write a script that performs a set of specified operations on the user's PC. Scripts allow you to use AVZ on the corporate network, including its launch during the system boot.
- Process Analyzer. The analyzer uses neural networks and analysis firmware, it is enabled when advanced analysis is enabled at the maximum level of heuristics and is designed to search for suspicious processes in memory.
- AVZGuard system. Designed to combat hard-to-remove malicious software, it can, in addition to AVZ, protect user-specified applications, for example, other anti-spyware and anti-virus programs.
- Direct disk access system for working with locked files. It works on FAT16/FAT32/NTFS, is supported on all NT operating systems, allows the scanner to analyze locked files and quarantine them.
- AVZPM Process Monitoring and Driver Driver. It is designed to track the start and stop of processes and loading/unloading of drivers to search for masked drivers and detect distortions in the structures describing processes and drivers created by DKOM rootkits.
- Boot Cleaner driver. Designed to clean the system (delete files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during the restart of the computer and during the disinfection.
OS: Windows XP and Windows 2003 (SP1), Windows Vista (SP1, SP2), Windows 7, Windows 8, Windows 10, Windows 11
