-{ Quote: "The AVZ antivirus utility is intended for searching and deleting the following malicious programs:

· Spyware and Adware programs and modules (this is the main goal of this utility)
· Network and mail worms
· Trojan horses (including all their variations, in particular, Trojan-PSW, Trojan-Downloader, and Trojan-Spy) and backdoor programs (programs intended for remote control over the infected computer)
· Trojan horses intended for dialing purposes (Dialer, Trojan.Dialer, Porn-Dialer)
· Keyloggers and other programs that can be used for tracking user activities

This utility is a direct analogue of such programs as Trojan Hunter and LavaSoft Ad-aware 6. Its main goal is finding and removing adware and spyware modules, as well as Trojan horses.

It is necessary to mention that programs belonging to Spyware and Adware categories by definition are not viruses or Trojan horses. The track user activities and download information and program code to the infected computer mainly for the marketing goals. This means that the information being transmitted does not contain critical data, such as passwords, credit card numbers, etc. At the same time, the information that they download is mainly made up of promotion materials and updates. Nevertheless, the difference between Spyware and Trojan roses is very subtle, because of which accurate classification is hardly possible. My approach to malware classification and criteria used for this purpose are described in this on-line Help system.

The main feature of AVZ is the possibility of configuring the program reaction to the presence of any types of malicious programs. For example, it is possible to choose the mode in which the program will destroy viruses and Trojans detected, but deletion of Adware programs will be blocked.

Another specific feature of AVZ consists of multiple heuristic system checks, which are not based on the signature search mechanism. These include searching for rootkits, keyloggers, and various backdoors based on typical TCP/UDP ports. Such techniques of searching allow for finding new variants of malicious programs.

In addition to typical signature-based file searching, AVZ provides the built-in database containing digital signatures of tens of thousands of system files. Using this database allows for reducing the number of false actuations of heuristics and allows for solving a range of other problems. In particular, the file searching system provides a filter for excluding known files from the search results, the manager of running process and SPI settings highlights known processes with color, and when adding files to quarantine addition of trusted files known to AVZ is blocked.

As my experience has shown, Spyware programs can often be classified as Adware and vice versa. The reason for this is straightforward, because in most cases espionage aims at targeted promotion. Especially for such cases, I have introduced a generalized Spy category, which can be interpreted as Adware+Spyware. This is a convenient approach when dealing with programs of this class.

Program limitations:

1.Because the utility is mainly intended for eliminating Adware and Spyware modules, it currently does not support check of several types of archives, PE packers and documents. When eliminating Spyware these features are simply unneeded. Nevertheless, this utility is constantly being improved, and I plan to implement such functions.
2.The utility does not heal programs infected with computer viruses. For high quality and correct healing of infected programs specialized antivirus programs are needed (such as, for example, Kaspersky Antivirus Monitor, DrWeb, Norton Antivirus, Panda, etc.). I do not intend to re-invent the wheel trying to implement direct analogues of such programs. This is even truer, if you recall that viruses of this type are gradually becoming rare." }-

http://img161.imageshack.us/img161/9874/screen1ye5.png

http://img211.imageshack.us/img211/8899/screen2bh9.png

http://img158.imageshack.us/img158/8912/screen3lc6.png

http://img158.imageshack.us/img158/7645/screen4hc4.png

-{ Quote: "The main goals of the AVZ utility are as follows:
1. AV database. It allows for diagnosing malware programs known to AVZ and deleting them. Removal of malicious programs assumes automatic clean-up of all traces of the malware activity in the system registry and in INI files. In this respect, AVZ is convenient for express cleanup of the infected computer before using powerful antivirus products and scanning the computer using them.
2. Automatic scanning of the target computer and forming the scanning log in the HTML format. During system investigation, the files that were recognized as secure in the course of checking by the AVZ trusted objects database and Microsoft's security catalogue. This considerably reduces the log size. This mode is very convenient for on-line study of suspicious computer by the administrator, as well as for remote system investigation. The possibility of starting system scanning and quarantine by means of scripts allows for full automation of this operation. All that the end-user needs to do is starting the batch file.

3. Automatic quarantine of files that are not digitally signed by Microsoft and are not described in the AVZ trusted objects database for further investigation (manually or using powerful specialized antivirus software). This operating mode is convenient for qucikly collecting all unrecognized files for further analysis. In addition, AVZ provides quarantine by the list, and commands for adding files to quarantine in scripts. This simplifies the procedure of collecting suspicious files from remote computers.

4. Searching for rootkits and other API hooks supplied with the function of searching for hidden processes. In addition to analysis of hooks, AVZ provides the function for neutralizing user-mode and kernel-mode rootkits.
5. System recovery. AVZ includes microprograms for automatic correction of most typical Internet Explorer and Windows Explorer settings, resetting desktop settings to the default ones, neutralization of policies installed by Trojan horses. Antivirus programs do not carry out these operations. Because of this, normal operation of the system cannot be restored even after removal of Trojan horses or Spyware programs.

6. Automatic checking of SPI/LSP settings and correcting errors in automatic mode. This function allows to eliminate most typical LSP problems that take place after removal of certain Adware programs.
7. Searching files on the hard disk. The searching procedure is protected by the AVZ antirootkit. It provides several functions, useful for searching viruses and Trojan horse. In particular, this mechanism allows for excluding the files recognized as trusted by AVZ or digitally signed by Microsoft from the list of files found. This allows for considerable reduction of the search range.

8. Built-in scripting language that allows for controlling AVZ operation. Scripts provide the possibility to use AVZ in corporate network. In this case, it is possible to start AVZ from logon script or from autoruns list. In this case, AVZ will operate according to the script previously written by system administrator.
9. Analyzer of running processes that allows for searching and locating suspicious objects in the mode of the highest heuristics level.
10. The AVZGuard system that allows for protecting AVZ and any other applications specified by it against active malicious programs. This will also limit the influence of malicious programs on the system.

---------
Thus, AVZ is positioned as an interactive tools intended for studying the PC to detect and remove malicious programs." }-

This version is freely distributed and intended for non-commercial use.
Website (http://z-oleg.com/secur/avz/avzguard.php)
Download AVZ Antivirus 4.21 (eng) no install required (http://z-oleg.com/avz4en.zip)

Why this utility is named 'antivirus'? Anyway I'll definately check it when I have the time.

Interesting that the malware categorizing is very similar to KAV (AdvWare, PornWare, RiskWare etc.).....But it seems to not have extensive packer support, which is bad :(

How should one update the malware database with this utility? ???

-{ Quote: "Interesting that the malware categorizing is very similar to KAV (AdvWare, PornWare, RiskWare etc.).....But it seems to not have extensive packer support, which is bad :(

How should one update the malware database with this utility? ???" }-

It has a built-in updater too.

http://img285.imageshack.us/img285/9396/untitled1lk5.png

so this isnt a antivirus what exactly?

The screenshot shows wilderssecurity.com
Is this developed by the security experts here at the forum?

-{ Quote: "so this isnt a antivirus what exactly?" }-

I think it's similer to the MWAV AV toolkit that was offered by eScan which asome of us used to use.

This is waht it say's on it's about page,

-{ Quote: "The utility is intended for deleting Spyware and Adware modules, network worms, Trojan Horses..., Dialers. The utility implements specialized algorithms for detecting keyloggers, finding and neutralising rootkit. " }-

It seems to offer a host of AS features and you can seem to enable it's guard (AVZGuard).

-{ Quote: "The screenshot shows wilderssecurity.com
Is this developed by the security experts here at the forum?" }-

No is not, is just a watermark, that's all.

-{ Quote: "The screenshot shows wilderssecurity.com
Is this developed by the security experts here at the forum?" }-

Don't thinks so, the images have been uploaded and attached to the posts. Maybe PaulBB's edited it. It's just like a watermark so no other site can take the credit for the images.

ooops PaulBB you beat me to it.

Have you enabled the Guard?

Where do the updates download to, the temp file?

Do you know if it's using own signatures or 2nd party (like MWAV did with Kaspersky's)?

-{ Quote: "How should one update the malware database with this utility? ???" }-

It downloads the following files http://avz.virusinfo.info/avz_up/ when updating.

So anyone tried it so far?

Yup I tried it. It is a promising tool but not mature yet.:-\
I got a BSOD when disabling AVZGuard.

Frank

PaulBB, do you read/translate the Cyrillic, or is there an English language version of the web page/s?
Just downloaded the zip file to a folder. Would like to find support pages in the language I can read b4 trying it out.

-{ Quote: "PaulBB, do you read/translate the Cyrillic, or is there an English language version of the web page/s?
Just downloaded the zip file to a folder. Would like to find support pages in the language I can read b4 trying it out." }-

No, it's not, but the included help file from the av package is in English.

-{ Quote: "It is a promising tool" }-

When i start cleaning the house at fridays it looks also promising.
Usually it ends with the fact that my wife appears right behind my back and says: "Just get lost and do something useful at the computer, check for new worms or something".

ROFL

So what's your take on it (Inspector)?

I said it already many times: There isn't and there will be no tool overnight which can give the water to existing solutions. It takes years to establish a proper Antivirus/Antispyware Solution. And honestly, all the add-on tools which are claiming you have to have them together with your current AV/AS - do you really think it's worth to have them installed? The chance that it traps something what your primary AV misses is close to zero. That's why a lot of such companies riding on "questionable" detections which are not even dangerous enough to get included in AV software. Of course it looks "dangerous" if something is detected and your AV misses this. But to the hell with a tracking cookie - there are much more important tasks to deal with.

I love software that doesnt need installation. Just download and run:thumb:

I ran it in a Vmware snapshot and it seems very light.
On my first scan it found: Trojan-Downloader.JS.Psyme.c in my IE cache wich is good (I surfed alot of sites that should have some bad things)

-{ Quote: "When i start cleaning the house at fridays it looks also promising.
Usually it ends with the fact that my wife appears right behind my back and says: "Just get lost and do something useful at the computer, check for new worms or something"." }-

Inspector docet :thumb: :)

This utility is kinda old, I downloaded it because on KAV forums I saw this one mentioned, it is developed by someone over there (I think) , but now it seems that is translated fully to english, or not?

-{ Quote: "I love software that doesnt need installation. Just download and run:thumb:

I ran it in a Vmware snapshot and it seems very light.
On my first scan it found: Trojan-Downloader.JS.Psyme.c in my IE cache wich is good (I surfed alot of sites that should have some bad things)" }-
Again, thats the KAV name for the malware. Hmmm....

From Kaspersky forums:
http://forum.kaspersky.com/index.php?showtopic=20480&hl=avz+antivirus

Hey guys, just run the system investigation(File->System Investigation), save the log, and then analize it, and u will see power of this utility...

-{ Quote: "so this isnt a antivirus what exactly?" }-

This is the System Analyze and Cleaner Toolkit. It provides set of utilities to perform manual system check and find malware unknown that is not in AVZ (and any other) antivirus base.

The most powerful features of the AVZ is anti-rootkit, startup analyzer, keylogger detector and database of the clean system files.

Anti-rootkit automatically detects processes and files hidden with several technics. It warn user abou thу rootkit activity.

Startup analyzer allows to view many places in the system where malware can be registered for autorun. Also warnings issued if AVZ discovered software used exotic auto-load (like APPInit_Dlls key often used by malware).

Keylogger detector uses special technics to detect trojan and keylogger dlls active in the system. From the author words it can detect all typical keylogger (no misses on the author's ITW collection).

Database of the clean system files significally reduce number of object that need to be analyzed by hand. You need to try this feature to once and you will love it :)

And finially signature- and heuristic-based antivirus engine. It's just an addon for any other tools. It allows you to remove from the system well-know malware before manual system analyze.

All these features are integrated and it makes AVZ very, very helpful in the malware discovering.

-{ Quote: "And honestly, all the add-on tools which are claiming you have to have them together with your current AV/AS - do you really think it's worth to have them installed? The chance that it traps something what your primary AV misses is close to zero." }-

HIPS systems are claiming that people need use them togehter with AV's. So, according your words, HIPS are usesell?

Translate this page
"Testing AVZ"
http://virusinfo.info/showthread.php?t=4099
from the AVZ fora.

Vigorous debate.
They can really give it to each other there !

Mostly confirms what has been said here: will become a good, possibly great utility, but need to understand where it is now and exactly how it works to be sure of expectations and current limitations.

? Ilya can probably get to the core of it better than most here. ;)

HEKTO/Somebody described it very well.

AVZ 4.23 has been released:

http://img213.imageshack.us/img213/456/zgcyn5.png

http://img213.imageshack.us/img213/1541/sshot1kc3.th.png (http://img213.imageshack.us/my.php?image=sshot1kc3.png)

http://z-oleg.com/avz4en.zip

How good is this scanner? is better than kav or nod scanner

Seems good it heuristic scanner:
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Archivos de programa\Agnitum\Outpost Firewall\wl_hook.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Archivos de programa\Agnitum\Outpost Firewall\wl_hook.dll>>> Behavioral analysis:
1. Reacts to events: keyboard
2. Determines PID of current process
C:\Archivos de programa\Agnitum\Outpost Firewall\wl_hook.dll>>> Neural net: file with probability of 0.56% like a typical keyboard/mouse events interceptor
C:\Archivos de programa\Archivos comunes\Novatix\Cyberhawk\NIProc.dll --> Suspicion for a Keylogger or Trojan DLL
C:\Archivos de programa\Archivos comunes\Novatix\Cyberhawk\NIProc.dll>>> Behavioral analysis:
1. Reacts to events: keyboard, window events
C:\Archivos de programa\Archivos comunes\Novatix\Cyberhawk\NIProc.dll>>> Neural net: file with probability of 3.40% like a typical keyboard/mouse events interceptor