What’s new:
* New function in heuristic system cleaning – in addition to standard cleaning there’s now a possibility to run scripts from updateable base, which will make possible to automatically clean the malware traces in extraordinary cases and correct critical system errors.
* Anti-Rootkit – search for IRP interceptions in main drivers.
* Added new commands to the scripting language.
* AVZGuard – added blocking of creating autorun.* files, which will easier deleting some worms.
* Added an option to activate automatic correcting of system errors and problems, found on step 9 of the analysis.
* Auto-quarantining NTFS streams and EXE files from CHM (executed if auto-quarantine is turned on)
* Sorting by any column in Infected and Quarantine windows.
* Automatic restart of all AV bases after successful AVZ update (localization’s bases in particular)
* Corrected errors in reviser’s work
* Corrected some minor localization defects and errors.
AVZ Toolkit is a small stand-alone all-in-one program for detecting and deleting Trojans, malware/spyware, worms, viruses and rootkits. As if that wasn’t enough it also has an astonishing array of useful utilities. Some of these utilities are as follows: Port Viewer (with trojan detection), Winsock SPI/LSP fixer, Process Manager, Services & Drivers Manager, Kernel Space Modules Viewer, Injected DLLs Manager, Registry Search, File Search, Cookies Search, Autoruns Manager, IE Extensions Manger (BHOs Toolbars), Control Panel Applets Manager, Hosts File Manager, MD5 Hasher, Troubleshooting Wizard etc etc. The list is almost endless. The program was developed by Oleg Zaitsev who also works with Kaspersky – surprise surprise! Those who remember good old Kaspersky v4.5, which I’m still using here, will be fairly familiar with a setup that allows you to ‘play’ with the various utilities and which encourages user input. Like Kaspersky v4.0 it also features a Disk Inspector (called KAV Inspector in Kaspersky) which builds a database of contents for either the whole disk/s or files & folders you select. These can be compared with later scans for deviations and changes.
The Toolkit has been successfully tested on thousands of computers under Win9x, WinNT, Win2000 Professional and Server, WinXP Home/Professional and WinVista
NOTE:
The original information here was in Russian so forgive any language quirks. I’ve done my best to add correct grammar to the contents. Any mistakes or errors are down to myself and the translation engine ;o) The programs help file is at present only in Russian (though see attached english HTML Help file which explains the options concisely) though the program is fairly straight forward and easy enough to understand. Kaspersky ownership of this neat program speaks for itself.
AVZ has been incorporated within Kaspersky Anti-Virus and Internet Security Suite 2009 although you don’t get to play with the utilities or the settings. It also uses virus signatures and detection algorithms based on Kaspersky. The primary objective of the program is the detection and removal of:
* Virus infections
* SpyWare and AdWare modules
* Dialers
* Trojans
* BackDoor modules
* Network and mail worms
* TrojanSpys, TrojanDownloaders, TrojanDroppers
* Rootkits
* Keyloggers
Features:
* Heuristic Firmware Verification System: This system searches for known SpyWare and viruses on the basis of analysis of registry files, hard drives and in memory.
* Database Updates: Database updates include digital signatures of tens of thousands of system files and files of known safe processes. An embedded controller process provides for safe color processes and services.
* Definitions: The latest database from 6.04.2008 contains the following: 157571 signatures, 2 neural net profiles, 55 healing scripts, 370 heuristic scripts, 9 vulnerability search scripts, 115 scripts for searching and solving problems, 70476 Trusted Objects Database items.
* Rootkit Analyzer: The Rootkit analyzer doesn’t use signatures and is based on studying how basic system library functions are intercepted. AVZ can not only detect RootKits, but also produce a valid work UserMode and a lock for your process and KernelMode at the system level. Countering RootKits applies to all service functions, as a result the scanner can detect masquerading processes in the registry search engine. One of the main features to counter RootKits is its efficiency in Win9X where it can identify API function intercepts which are used to distort the work of API’s or to track their use. Another feature is a universal system to detect and block KernelMode RootKits, functioning under WinNT, Win2000 Pro/Server, XP, XP SP1/SP2, Win2003 Server and Win2003 Server SP1.
* Keylogger Analyzer: The search for Trojan Keylogger DLL’s is conducted on the basis of analysis of the system and doesn’t use signatures. The analyzer is advanced enough to confidently detect any unknown DLL or Trojan Keylogger.
* Neural Emulator: The signature analyzer contains a neural emulator which allows the study of suspicious files using neural networks. Currently, neural networks are used in the detection of keyloggers.
* Winsock SPI/LSP Analyzer: The analyzer can diagnose possible errors in configuration and automatically fix any problems (LSPFix). The possibility for automatic diagnosis and treatment is useful for novice users.
* Processes, Services and Driver Analyzer: Running processes, services and drivers are compared to known files in the database. Those which are considered safe are allocated a color so that they are easier to see in the listing.
* File Search: This option allows you to search for files with various criteria and a further option allows you to filter or exclude file types from the search. Search results are available as a text file or in tabular form.
* Registry Analyzer: You can search keys and parameters for a given model and search results can either be displayed as a text file or in tabular form. The search engine checks for masquerading rootkits in registry keys and can delete them. All details can be exported to file.
* TCP/UDP Analyzer: The Port Viewer can show all open ports along with the process attached to each. It can analyze ports based on its database of known trojan ports and Backdoor programs and services. A basic algorithm and verification system is used when searching ports for Trojans and when it detects suspicious ports a warning is displayed. It will also indicate how the Trojan managed to make use of the port.
* Built In Analyzer: This option can scan and analyze general resources, network communication sessions and open files on the network. It works in Win9X and NT/W2K/XP.
* Downloaded Program Files (DPF): AVZ has a built in analyzer for Downloaded Program Files (DPF) and can display the elements of any DPF. These are files downloaded to the computer by sites that use ActiveX technology.
* Internet Ex
plorer Firmware Fixes: AVZ can restore the default settings for Internet Explorer with the correct launch parameters and other system settings damaged by malware. Restoring runs manually and implements the parameters specified by the user.
* Heuristic Files Deletion: The Heuristic File Deletion checkbox enables the smart deletion of malware files. After the file is deleted, the system is scanned for traces of this file (registry keys, classes, SPI / LSP elements, etc), and these traces are deleted as well. Thus the malware is deleted in the most proper way, so it is recommended that you enable this option.
* Archive Checking: AVZ supports the verification of files and archives in the following formats: ZIP, RAR, CAB, GZIP, TAR; MHT and CHM.
* NTFS Streams Analyzer: This option will test and verify NTFS streams on your computer.
* Scripts Management. Administrator scripts that perform on a PC with a set of user defined operations can be applied in a corporate network, including its launch during loading time.
* Process Analyzer: The analyzer uses neural networks and firmware analysis and operates at the highest level. It is designed to search for suspicious processes in memory.
* AVZGuard: AVZGuard is designed to combat malicious programs and can protect other user applications like anti-spyware and anti-virus software.
* The system of direct access to the disk works with locked files on all systems – FAT16/FAT32/NTFS/NT – and allows such files to be placed in quarantine.
* AVZPM: This service is for monitoring processes and drivers and is designed to track starting and stopping processes and the loading/unloading of drivers. It searches and detects hidden drivers and functions including those caused by DKOM rootkits.
* Boot Cleaner: The driver Boot Cleaner is designed to perform system cleaning (deleting files, drivers, services and registry keys) from KernelMode. The operation may be performed as a cleansing in the process of rebooting the computer or in the course of disinfection and is performed by means of scripting.
Why is Boot Cleaner better than Delayed File Deleting?
1. Boot Cleaner may create a log, reporting there all operations and status codes (0 –successful, >0 – error code).
2. Boot Cleaner is more effective because its operations are performed at the very beginning of system startup.
3. Boot Cleaner can delete not only files, like DFD, but also registry items, including the registration of services and drivers.
Similar Posts:
- Top Free Anti-Rootkit Software to protect your computer
- Free Kaspersky Virus Removal Tool
- FileASSASSIN : Deleting Impossible to Delete Files
- Kaspersky Anti-Virus for Windows 7
- Search files over LAN / Network free with LAN Search Pro
- Download jv16 PowerTools 2009 (worth $29.95) for Free
- Delete Locked files, folders and unlock locked processes
- Protect Files from Copy, Delete & Rename with M File Anti-Copy
- Kaspersky Internet Security and Antivirus offline update
- Teracopy:Copy your files faster and easier
Avinashtech is a Revenue Sharing blog, Write for us and earn money. Read here for more info. Need help with your Laptop or desktop? Want to Share something or give feedback Use the FORUM
Comments on this entry are closed.