AVZ Antiviral Toolkit v4.34 [Free], Anti-Virus, Spyware/Adware, Trojan, Rootkit Detector with many options Options

[BinkyBot3]

AVZ Antiviral Toolkit 2008 v4.30

(IMG:http://img301.imageshack.us/img301/4762/avzaboutlt4.jpg)

v4.30 (6.04.2008)

What's new:

* New function in heuristic system cleaning - in addition to standard cleaning there's now a possibility to run scripts from updateable base, which will make possible to automatically clean the malware traces in extraordinary cases and correct critical system errors.
* Anti-Rootkit - search for IRP interceptions in main drivers.
* Added new commands to the scripting language.
* AVZGuard ¨C added blocking of creating autorun.* files, which will easier deleting some worms.
* Added an option to activate automatic correcting of system errors and problems, found on step 9 of the analysis.
* Auto-quarantining NTFS streams and EXE files from CHM (executed if auto-quarantine is turned on)
* Sorting by any column in Infected and Quarantine windows.
* Automatic restart of all AV bases after successful AVZ update (localization’s bases in particular)
* Corrected errors in reviser’s work
* Corrected some minor localization defects and errors.

AVZ Toolkit is a small stand-alone all-in-one program for detecting and deleting Trojans, malware/spyware, worms, viruses and rootkits. As if that wasn't enough it also has an astonishing array of useful utilities. Some of these utilities are as follows: Port Viewer (with trojan detection), Winsock SPI/LSP fixer, Process Manager, Services & Drivers Manager, Kernel Space Modules Viewer, Injected DLLs Manager, Registry Search, File Search, Cookies Search, Autoruns Manager, IE Extensions Manger (BHOs Toolbars), Control Panel Applets Manager, Hosts File Manager, MD5 Hasher, Troubleshooting Wizard etc etc. The list is almost endless. The program was developed by Oleg Zaitsev who also works with Kaspersky - surprise surprise! Those who remember good old Kaspersky v4.5, which I'm still using here, will be fairly familiar with a setup that allows you to 'play' with the various utilities and which encourages user input. Like Kaspersky v4.0 it also features a Disk Inspector (called KAV Inspector in Kaspersky) which builds a database of contents for either the whole disk/s or files & folders you select. These can be compared with later scans for deviations and changes.

The Toolkit has been successfully tested on thousands of computers under Win9x, WinNT, Win2000 Professional and Server, WinXP Home/Professional and WinVista

NOTE:
The original information here was in Russian so forgive any language quirks. I've done my best to add correct grammar to the contents. Any mistakes or errors are down to myself and the translation engine ;o) The programs help file is at present only in Russian (though see attached english HTML Help file which explains the options concisely) though the program is fairly straight forward and easy enough to understand. Kaspersky ownership of this neat program speaks for itself.

(IMG:http://img356.imageshack.us/img356/8048/avzfiletypesdh8.jpg)

AVZ has been incorporated within Kaspersky Anti-Virus and Internet Security Suite 2009 although you don't get to play with the utilities or the settings. It also uses virus signatures and detection algorithms based on Kaspersky. The primary objective of the program is the detection and removal of:

* Virus infections
* SpyWare and AdWare modules
* Dialers
* Trojans
* BackDoor modules
* Network and mail worms
* TrojanSpys, TrojanDownloaders, TrojanDroppers
* Rootkits
* Keyloggers

(IMG:http://img356.imageshack.us/img356/8438/avzsearchparadb3.jpg)

Features:

* Heuristic Firmware Verification System: This system searches for known SpyWare and viruses on the basis of analysis of registry files, hard drives and in memory.
* Database Updates: Database updates include digital signatures of tens of thousands of system files and files of known safe processes. An embedded controller process provides for safe color processes and services.
* Definitions: The latest database from 6.04.2008 contains the following: 157571 signatures, 2 neural net profiles, 55 healing scripts, 370 heuristic scripts, 9 vulnerability search scripts, 115 scripts for searching and solving problems, 70476 Trusted Objects Database items.

* Rootkit Analyzer: The Rootkit analyzer doesn't use signatures and is based on studying how basic system library functions are intercepted. AVZ can not only detect RootKits, but also produce a valid work UserMode and a lock for your process and KernelMode at the system level. Countering RootKits applies to all service functions, as a result the scanner can detect masquerading processes in the registry search engine. One of the main features to counter RootKits is its efficiency in Win9X where it can identify API function intercepts which are used to distort the work of API's or to track their use. Another feature is a universal system to detect and block KernelMode RootKits, functioning under WinNT, Win2000 Pro/Server, XP, XP SP1/SP2, Win2003 Server and Win2003 Server SP1.

* Keylogger Analyzer: The search for Trojan Keylogger DLL's is conducted on the basis of analysis of the system and doesn't use signatures. The analyzer is advanced enough to confidently detect any unknown DLL or Trojan Keylogger.

(IMG:http://img301.imageshack.us/img301/4831/avzfileoptiondq4.jpg)

* Neural Emulator: The signature analyzer contains a neural emulator which allows the study of suspicious files using neural networks. Currently, neural networks are used in the detection of keyloggers.
* Winsock SPI/LSP Analyzer: The analyzer can diagnose possible errors in configuration and automatically fix any problems (LSPFix). The possibility for automatic diagnosis and treatment is useful for novice users.
* Processes, Services and Driver Analyzer: Running processes, services and drivers are compared to known files in the database. Those which are considered safe are allocated a color so that they are easier to see in the listing.

* File Search: This option allows you to search for files with various criteria and a further option allows you to filter or exclude file types from the search. Search results are available as a text file or in tabular form.
* Registry Analyzer: You can search keys and parameters for a given model and search results can either be displayed as a text file or in tabular form. The search engine checks for masquerading rootkits in registry keys and can delete them. All details can be exported to file.

* TCP/UDP Analyzer: The Port Viewer can show all open ports along with the process attached to each. It can analyze ports based on its database of known trojan ports and Backdoor programs and services. A basic algorithm and verification system is used when searching ports for Trojans and when it detects suspicious ports a warning is displayed. It will also indicate how the Trojan managed to make use of the port.
* Built In Analyzer: This option can scan and analyze general resources, network communication sessions and open files on the network. It works in Win9X and NT/W2K/XP.

(IMG:http://img376.imageshack.us/img376/6775/avzsystemanalysispc8.jpg)

* Downloaded Program Files (DPF): AVZ has a built in analyzer for Downloaded Program Files (DPF) and can display the elements of any DPF. These are files downloaded to the computer by sites that use ActiveX technology.
* Internet Explorer Firmware Fixes: AVZ can restore the default settings for Internet Explorer with the correct launch parameters and other system settings damaged by malware. Restoring runs manually and implements the parameters specified by the user.

* Heuristic Files Deletion: The Heuristic File Deletion checkbox enables the smart deletion of malware files. After the file is deleted, the system is scanned for traces of this file (registry keys, classes, SPI / LSP elements, etc), and these traces are deleted as well. Thus the malware is deleted in the most proper way, so it is recommended that you enable this option.
* Archive Checking: AVZ supports the verification of files and archives in the following formats: ZIP, RAR, CAB, GZIP, TAR; MHT and CHM.

* NTFS Streams Analyzer: This option will test and verify NTFS streams on your computer.

* Scripts Management. Administrator scripts that perform on a PC with a set of user defined operations can be applied in a corporate network, including its launch during loading time.
* Process Analyzer: The analyzer uses neural networks and firmware analysis and operates at the highest level. It is designed to search for suspicious processes in memory.

* AVZGuard: AVZGuard is designed to combat malicious programs and can protect other user applications like anti-spyware and anti-virus software.
* The system of direct access to the disk works with locked files on all systems - FAT16/FAT32/NTFS/NT - and allows such files to be placed in quarantine.

(IMG:http://img356.imageshack.us/img356/4572/avzserviceoptiondz1.jpg)

* AVZPM: This service is for monitoring processes and drivers and is designed to track starting and stopping processes and the loading/unloading of drivers. It searches and detects hidden drivers and functions including those caused by DKOM rootkits.

* Boot Cleaner: The driver Boot Cleaner is designed to perform system cleaning (deleting files, drivers, services and registry keys) from KernelMode. The operation may be performed as a cleansing in the process of rebooting the computer or in the course of disinfection and is performed by means of scripting.
Why is Boot Cleaner better than Delayed File Deleting?
1. Boot Cleaner may create a log, reporting there all operations and status codes (0 ¨Csuccessful, >0 ¨C error code).
2. Boot Cleaner is more effective because its operations are performed at the very beginning of system startup.
3. Boot Cleaner can delete not only files, like DFD, but also registry items, including the registration of services and drivers.

* Troubleshooting Wizard: This utility searches for system, browser or privacy issues based on either medium or dangerous severity issues although it can be set to scan for all of the above simultaneously.

(IMG:http://img376.imageshack.us/img376/4788/avztroubleshoothw9.jpg)

System Requirements:
The Toolkit has been successfully tested on thousands of computers under Win9x, WinNT, Win2000 Professional and Server, WinXP Home/Professional and WinVista.
The Toolkit does not exchange data with network and / or Internet (does not send and receive data, does not listen on ports), thus no special firewall settings are required. The only exception is the database update launched by the user.

More Info:
http://z-oleg.com/secur/avz/

Goggle webpage translation:
http://66.102.9.104/translate_c?hl=en&sl=ru&tl=en&u=http://z-oleg.com/secur/avz/index.php

Forum:
http://virusinfo.info/forum.php?referrerid=775
http://virusinfo.info/forumdisplay.php?f=95

Download page:
http://z-oleg.com/secur/avz/download.php

Direct Download:
http://z-oleg.com/avz4.zip

Manual database download:
http://z-oleg.com/secur/avz_up/avzbase.zip

I've managed to track down an english Help file which is attached below (IMG:http://bbs.betabbs.com/style_emoticons/default/kiss.gif)

... or it can be downloaded here:
http://rapidshare.com/files/127722630/AVZ_Help.zip.html



(IMG:http://bbs.betabbs.com/style_emoticons/default/rolleyes.gif)

---

This post has been edited by BinkyBot3: Jul 10 2008, 01:19 PM

Attached File(s)

 AVZHelp.zip ( 63.49K ) Number of downloads: 319

 

[TheDutchJewel]

Great tool, BinkyBot3. (IMG:http://bbs.betabbs.com/style_emoticons/default/thumbsup.gif)

Just missed this direct download link:

CODE

http://z-oleg.com/avz4.zip

[BinkyBot3]

Great tool, BinkyBot3. (IMG:http://bbs.betabbs.com/style_emoticons/default/thumbsup.gif)

Just missed this direct download link:
CODE
http://z-oleg.com/avz4.zip

Cheers mate (IMG:http://bbs.betabbs.com/style_emoticons/default/ohmy.gif)

I've added it and made yet more corrections (IMG:http://bbs.betabbs.com/style_emoticons/default/smile.gif)
Twas a struggle for sure

Keep up the great work!

If there is a better Freeware forum on the internet - I have yet to see it (IMG:http://bbs.betabbs.com/style_emoticons/default/smile.gif)



(IMG:http://bbs.betabbs.com/style_emoticons/default/rolleyes.gif)

[TheDutchJewel]

AVZ Antiviral Toolkit 2008 v4.30 for U3
2008-11-13

Download

CODE

http://www.box.net/shared/xaib5o10cd#1:20436910

[TheDutchJewel]

AVZ Antiviral Toolkit v4.32
2009-08-21

Changelog

Distribution package includes the database updated on August 21, 2009, containing 237871 malware signatures, 2 NN profiles, 56 malware removal microprograms, 374 heuristic microprograms, 9 PVS microprograms, 115 TSW microprograms, 135522 Trusted Objects Database entries. The new version has considerably been improved.

Major modifications:
[+++] AVZ Scripting Language: ExecuteSysClean function was improved, a set of new commands is now available (IsWow64, GetAttr, SetAttr, GetFileVersion, RegKeyResetSecurity ...)
[+++] Autoruns Manager: new non-standard startup locations and methods were added
[+++] XML logfiles: information represented in XML format was extended and optimized, automatic processing will now be easier
[+++] Troubleshooting Wizard: new subsystem (CleanUp) was added. The subsystem would clear various logfiles, caches, temporary files etc.
[++] Autoruns Manager: startup keys and folders will now be displayed for all user accounts that exist in the operating system
[++] IE Extensions Manager: new extension types are now processed, script-based BHO removal was improved, information displayed in XML logfiles was extended
[++] Windows Explorer Extensions Manager: new extension types are now supported
[++] HTML logfiles: new interactive functions were added (Terminate process, Delete BHO, Delete Autoruns item)
[++] Open TCP/UDP Ports Viewer: Windows Vista, 2008, 7 are supported now
[++] New file and registry key removal policy: if removal fails, AVZ would attempt resetting the object's access privileges and try again
[++] System Analysis: extended SA with XML logging is now available. ESA procedures are described in AVZ database
[++] Windows 7 is now basically supported
[+] Quarantine: file description now includes information about its attributes
[+] Registry Search tool: "Open in Regedit" function was added. Right-click any item to see this function
[+] Command Line keys: new key was introduced - AM (=Y). The key would prevent other applications from recognizing AVZ GUI window
[-] AVZ Scripting Language: DeleteFileMask and DeleteService commands were corrected. Previously the functions did not add filenames they have processed to the list of deleted files, thus making them unavailable for ExecuteSysClean and Boot Cleaner imports
[-] BC-quarantined files' actual extension and extension described in their INI files has been unified. Previously these were different (DTA/DAT)
[-] Troubleshooting Wizard: "Undo changes" function has been fixed
[-] Registry-exporting functions were corrected. Previously there were certain mistakes in resulting REG files.

Download

Standalone:
http://z-oleg.com/avz4.zip

Database:
http://z-oleg.com/secur/avz_up/avzbase.zip

[TheDutchJewel]

AVZ Antiviral Toolkit v4.34
2010-07-07

Changelog

[+++] New subsystem advanced heuristic research of the system. Starts at the end of the study system code stored in the updated research base that allows you to add new procedures research without updating of the AVZ
[+++] New subsystem heuristic cleansing system based on the updated database
[+++] XML Protocol: a protocol derived data manager protocol analyzer and handlers, manager of SPI / LSP, improved a number of existing logs, the XML data displayed on the system
[+++] Script language: new commands: ClearLog (treatment protocol), ExecuteScript (loading and execution of the script)
QuarantineFileF (extended quarantine for a set of conditions), ClearQuarantineEx (enhanced cleaning krantina)
SysCleanGetFilesList (request a list of files scheduled for heuristic cleaning)
SysCleanSetFilesList (task list file for Heuristic cleaning)
DownloadFile (download a file from the Internet), FTPSendFile (sending a file to an FTP server)
[+++] Support x64 (Manager Processes shows the type of process, file search is conducted in the light of digits of the process,
Quarantine is based file redirector (if you have identical files for x32 and x64, then quarantine both files)
[+] Autorun Manager - added control of a number of new keys
[+] Added startup mode on a separate desktop (command-line switch NewDsk = Y) to facilitate the fight against Blocker extortionist
[+] Added command line switch QrOnlyEXE - to activate the filter, allowing for placement in quarantine only EXE files
[+] HTML protocol - added additional interactivity in different points of protocol
[+] Heuristics ISP - added record data about the found potential vulnerabilities in the XML
[-] Fixed crash antikeyloggera on Win7
[-] Fixed error in the analysis of key startup (allowing multiple values parameters with a single value analyzed incorrectly)
[-] Scripts - Fixed function DeleteService (had problems with the removal of key services in the registry)
[-] BootCleaner - deleting files with ReadOnly attribute does not work as intended
[-] Fixed function ClearQuarantine
[-] Fixed minor bugs in the parser file names

Download

Standalone:
http://z-oleg.com/avz4.zip

Database:
http://z-oleg.com/secur/avz_up/avzbase.zip