AVZ Antiviral Toolkit is a system analysis and repair solution designed for automatic or manual search and removal of the following:
- Spyware, adware programs, and modules (a key function of this application).
- Rootkits and malware that hide their processes.
- Network and email worms.
- Trojans (all varieties, in particular Trojan-PSW, Trojan-Downloader, and Trojan-Spy) and back doors (programs used for stealthy remote control of computers).
- Deceptive dialers (Dialer, Trojan.Dialer, Porn-Dialer).
- Keystroke loggers and other applications that spy on the user.
The toolkit is a direct analog of such applications as Trojan Hunter and LavaSoft Ad-aware 6. Its primary task is removal of adware, spyware and trojans.
It should be noted from the outset that spyware and adware applications are not viruses or trojans by definition. They spy on the user and download data and program code to the infected computer mainly for marketing purposes. This means that the information they upload does not contain critical data, such as passwords, credit card numbers, or the like, while the downloaded data contains only ads or program updates. Yet very often the dividing line between spyware and trojans is very thin, complicating precise classification. Classification methods and criteria are described in these help files.
A feature of AVZ is that it enables the user to configure the way the application responds to every category of malware. For example, you can configure it to remove any viruses or trojans detected, while blocking the removal of adware.
Another feature of AVZ is multiple heuristic checks that are not based on signature-based search. These checks include searching for rootkits, keyloggers, and various backdoor exploits against a database of standard TCP/UDP ports. Such search methods make it possible to detect new varieties of malware.
In addition to the signature-based file search capability that is standard for programs in its class, AVZ incorporates a database of digital signatures of tens of thousands of system files. This database helps to minimize the number of false positives returned by the heuristics analyzer while also serving a number of other purposes. In particular, the file search system has a filter for excluding known files from search results. Trusted processes are color-coded in the manager of running processes and SPI settings. When files are being quarantined, AVZ prevents known files from being added to quarantine.
Practice shows that very often a spyware application can be categorized as adware and the other way around, for the simple reason that targeted advertising is the purpose of spying in most cases. For such eventualities, a common category called “spy” was introduced to include both adware and spyware. The term “spy” provides the most fitting description for this class of programs.
The purpose of the application is as follows:
- AV database — Helps diagnose malware known to AVZ and removes it. Removal involves automatic cleanup of malware traces in the registry and in the INI files that are critical to system operation. In this regard, AVZ is convenient for a quick cleanup of an infected PC before bringing in “heavy artillery” – installing a powerful anti-virus package and using it to run a scan. The scanner can scan archives of common types, email files, and NTFS streams.
- The AV scanner can be integrated with The Bat by using a plug-in. The AVZ database is updated daily.
- Quick automatic PC scan with the results displayed in the html log file. During the scan, files found in the AVZ Trusted Objects Database and the Microsoft Security Catalog are filtered out, which considerably reduces the size of logs. This mode is convenient for a quick scan of a suspicious computer by the administrator, and for a remote scan of the system. The ability to run system analysis and to quarantine objects by using a script makes it possible to automate this operation fully. By this means, the local user’s involvement is reduced to running a *.bat file.
- Automatic quarantining of files that do not have a Microsoft digital signature and are not described in the AVZ Trusted Objects Database. To make these files subsequently analyzed manually or by using anti-virus applications. Additionally, AVZ supports list-based quarantine and quarantine commands in scripts, which simplifies remote collection of suspicious files from PCs being scanned.
- Search for rootkits and other API hooks, with the ability to search for hidden processes. Besides analysis of hooks, AVZ has the functionality to neutralize UserMode and KernelMode rootkits.
- System Restore. AVZ contains microprograms that automatically fix common corruptions of Internet Explorer and Windows Explorer settings, reset desktop settings, and neutralize policy rules set by trojans. Anti-virus applications do not normally perform these operations, which is why normal system operation is not restored after a trojan or spyware has been removed.
- Automatic checking of SPI/LSP settings and automatic fixing of errors. This eliminates most of the LSP problems encountered after the removal of some adware types. If settings cannot be restored, the toolkit will fully recreate them.
- File search. The search function is protected by the AVZ Rootkit Block (antirootkit), which offers a number of useful virus and trojan search functions. For example, antirootkit filters out files that have been cleared through the AVZ Trusted Objects Database and the Microsoft Security Catalog, allowing the search scope to be narrowed considerably.
- A script language for controlling AVZ. Scripts make it possible to use AVZ in a corporate network. In this case, AVZ can be launched from a logon script or autorun and run according to an administrator-developed script. Scripts also make it possible to automate the majority of AVZ operations.
- Built-in disk inspector. The disk inspector creates databases containing file information that corresponds to the user settings (by specifying folders and search masks). These databases can be used for keeping track of disk changes.
- Process Manager, which makes it possible to run a search for suspicious objects in maximum heuristics mode.
- The AVZGuard system, which protects AVZ and legitimate applications from malware affecting the system and limits the impact of malware on the system.
- A system providing direct access to the disk for handling blocked files. It operates on FAT16/FAT32/NTFS systems and is supported by all Windows NT operating systems, enabling the scanner to analyze blocked files and quarantine them.
- The AVZPM processes and drivers monitor. It keeps track of processes that are started and stopped and drivers that are loaded and unloaded in order to locate hidden drivers and detect corruptions created by DKOM rootkits in structures that describe processes and drivers.
- Boot Cleaner driver. Designed for cleaning the system (removing files, drivers, services, and registry keys) from KernelMode. The cleanup operation can be performed both during PC rebooting and while the toolkit repairs the system.
- Vulnerability search. Designed for locating invalid PC settings that can adversely affect security.
- Backup. Designed for backing up critical system settings. Backup is carried out upon user command or automatically while the toolkit repairs and restores the system.
- Troubleshooting wizard. This system automatically locates and eliminates issues that result from infection by malware and clears traces of user activity and trash from the PC.
Download AVZ (English Help included): http://z-oleg.com/avz4en.zip
How to scan your computer, save the log and run a script using the AVZ utility?
Before start the utility, perform the following actions:
Updating anti-virus databases and logging scan:
- close your Kaspersky Lab product. In order to do so, right-click the application icon in the taskbar notification area in the right lower corner of the screen and select Exit from the menu that will open
- disable Windows Firewall. In order to do this, perform the following actions:
- select Start - Control Panel - Security Center - Windows Firewall
- in the Windows Firewall window, select the Off (not recommended) option and click OK
- open all the internet browsers installed on your computer (for example, Internet Explorer, Mozilla Firefox, Opera, Safari)
- close all other run programs.
- Download the avz4 archive
- Unpack the downloaded archive (for example, using WinZip)
- Open the unpacked folder avz4
- Run the avz.exe file
In Windows 7 / Vista you need to run the AVZ utility under a user account with administrator rights. For this, right-click the avz.exe file and select Run as administrator.
- In the AVZ Antiviral Toolkit window, click File
- Select the Standard scripts item from the menu that will open
- In the Standard scripts window, check the box Databases update and system analysis. Kaspersky Lab
- Click the Execute selected scripts button
- In the Confirmation window click the Yes button
- During this script execution the computer will be restarted. Save your documents and then click OK in the Confirmation window
- Wait until the process is complete
- In the Information window, click the Ok button
Once the script has been executed, your computer restarts. The results are logged in two files which are saved in the LOG folder located in the avz4 folder:
Once the script has been executed, perform the following actions:
- KL_syscure.htm
- avz_sysinfo.htm in the subfolder of the archive KL_syscure.zip
Create a request to Kaspersky Lab Technical Support and attach the file KL_syscure.zip to your request
- Enable Windows Firewall, if it was enabled before working with the utility. For this:
- Go to Start > Control Panel > Security Center > Firewall
- In the Windows Firewall window on the General tab check the On (recommended) and click OK
- Restart your computer