Anti-virus utility AVZ is a direct analog of TrojanHunter programs and LavaSoft Ad-aware 6. The primary objective of the program is to remove spyware SpyWare and Trojans
Anti-virus utility AVZ is designed to detect and remove:
• SpyWare and AdWare modules — this is the main purpose utility
• Dialer completely (Trojan.Dialer)
• BackDoor modules
• Network and mail worms
• TrojanSpy, TrojanDownloader, TrojanDropper main features of the utility the AVZ
(in addition to the typical signature-based scanner)
• Firmware heuristic verification system .
Firmware conduct search known SpyWare and viruses on circumstantial evidence — based registry analysis files on disk and in memory.
• Upgradable base sound files .
It includes digital signatures of tens of thousands of system files and processes known safe files. The base is connected to all systems AVZ and works on the principle of «your / someone else» — files are made safe in quarantine, delete them locked and warnings, anti-rootkit base is used, the file search system, various analyzers. In particular, built-in process manager allocates safe processes and color services, search for files on the disk can be excluded from scanning files known (which is very useful when searching the Trojans drive);
• Built-Rootkit detection .
Search RootKit goes without signatures on the basis of research basic system library for interception of their functions. AVZ can not only detect RootKit, but also to produce the correct lock UserMode RootKit for its work process and KernelMode RootKit at the system level. Countering RootKit applies to all service functions AVZ, AVZ resulting scanner can detect masked processes, the search system in the register «sees» masked keys, etc. Anti-rootkit is provided with the analyzer, which carries out the process of discovering and services, masked RootKit. One of the key in my opinion features RootKit counter system is its operation in Win9X (rasprostranennnoe opinion about places without RootKit, working on Win9X Platform is deeply mistaken — Hundreds Trojans intercepting API functions to disguise its presence, to distort the operation of API functions or tracking thereof). Another feature is the universal detection and blocking system KernelMode RootKit, workable under Windows NT, Windows 2000 pro / server, XP, XP SP1 , XP SP2, Windows 2003 Server, Windows 2003 Server SP1
• The detector keyloggers (Keylogger) and Trojan DLL .
Search Keylogger and Trojan DLL is conducted on the basis of the analysis system without using signature databases, allowing confident enough in advance to detect unknown trojan DLL and Keylogger;
• Neyroanalizator .
Mention signature analyzer provides AVZ neyroemulyator, which enables the investigation of suspicious files using neural network. Currently, the neural network is used in the detector keyloggers.
• Built-in analyzer Winsock SPI / LSP settings .
Allows you to analyze the settings, diagnose possible errors in setting up and produce automatic treatment. The possibility of automatic diagnosis and treatment is useful for novice users (such as in utilities LSPFix automatic treatment is not available). To study the SPI / LSP manually in the program has a special manager LSP / SPI settings. At work Winsock SPI / LSP analyzer applies to anti-rootkit;
• Built-in manager processes, services and drivers .
It is intended for the study of running processes and loaded libraries, running services and drivers. In the Process Manager extends the work of anti-rootkit (as a consequence — it «sees» masked by the rootkit processes). Process Manager is linked to the base of safe files AVZ, identifies safety and system files are highlighted;
• Built-in utility for searching files on the disk .
Allows you to search files by various criteria search capabilities of the system are superior to the system search capabilities. At job search engines are subject to anti-rootkit (as a result — search «sees» masked by the rootkit files and may remove them), the filter allows you to exclude files from the search results, identified as safe AVZ. Search results are available in a text protocol and in tabular form, which you can mark a group of files for later removal or quarantine
• Built-in utility to search for data in the registry .
Allows you to search for keys and parameters for a given sample, the search results are available as a text protocol and a table, where you can point out a few keys to be exported or deleted. At job search engines are subject to anti-rootkit (as a result — search «sees» masked by the rootkit registry keys and can delete them)
• Built-in analyzer TCP / UDP open ports .
For it is subject to anti-rootkit in Windows XP for each port is displayed using the port process. The analyzer is based on the updated database of known ports Trojan / Backdoor programs and system services known. Search ports Trojans included in the basic algorithm verification system — when it detects suspicious ports warnings are displayed in the report, indicating how trojan programs tend to use this port
• Built-in analyzer shared resources, networking sessions, and open files on the network .
It works in Win9X and Nt / W2K / XP.
• Built-in analyzer Program the Files the Downloaded (DPF) — displays DPF elements connected to all ssitemam AVZ.
• The firmware recovery system .
The firmware is carried out recovery settings, Internet Explorer, run the program parameters and other system settings are damaged by malware. Restoring is started manually, the restored parameters are specified by the user.
• Heuristic deleting files .
Its essence lies in the fact that if in the course of treatment removes malicious files and this option is enabled, then the system performs automated research system, covering classes, the BHO, IE extensions and Explorer, all available AVZ startup types, Winlogon, SPI / LSP, etc. All found references to the deleted file will be automatically purged from entering in the protocol information that specifically and where it was cleaned. For this cleaning is actively used engine firmware treatment system;
• Validating backup archives .
Since version 3.60 AVZ supports the scanning of archives and compound files. Currently checked archives format ZIP, RAR, CAB, GZIP, TAR; writing e-mail and MHT files; CHM files
• Testing and treatment streams NTFS .
NTFS streams included Check in AVZ from version 3.75
• Control scripts .
These allow administrators to write a script that executes on the user’s PC set of defined operations. The scripts allow you to apply AVZ in the corporate network, including its start during system boot. <
• Analyzer .
The analyzer uses a neural network and firmware analysis, it turns on when you turn on advanced analysis at the maximum level heuristics and is designed to search for suspicious processes in memory.
• AVZGuard system .
It is designed to combat trudnoudalimymi malicious programs, except for AVZ can protect the user defined applications, for example, other anti-spyware and anti-virus programs.
• direct access to the disk to work with system locked files .
Works on FAT16 / FAT32 / NTFS, supported on all operating systems NT line, allows the scanner to analyze locked files and place them in quarantine.
• Driver monitoring processes and AVZPM drivers .
It is intended to track the start and stop processes and loading / unloading of drivers to find the masked drivers and detect distortions in describing the processes and drivers structures created DKOM rootkits.
• the Boot Driver Cleaner is .
Designed to perform system cleaning (deleting files, drivers and services, registry keys) from KernelMode. The operation of cleaning can be performed during a restart or during treatment.