avz Antiviral Toolkit by Oleg Zaystev

Discussion in 'other anti-malware software' started by lucd, Jun 14, 2019.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    220
    Location:
    Island of Woman
    While the program has its forum post, it is quite old and not maintained, the program is still useful for 2019.
    AVZ Antiviral Toolkit is a portable system analysis and repair solution designed by Oleg Zaytsev (the author of Rootkits, Spyware/Adware, Keyloggers and Backdoors) for automatic or manual search of vulnerabilities and malware types usually not covered by AV vendors. If I recall correctly the book and the tool is what got him an important job position at Kaspersky, which he shaped later in his career. The book is also great imo. The tool is able to display suspicious ports, keyloggers, potential and suspicious behavior of files and drivers (similarly to Early Warning from HitmanPro), uncommon extensions, mail bombs, AppInit dll - LoadLibrary(), export tables, hijacked code, vulnerabilities, user and kernel mode rootkits, cookies, anti-analysis behaviors and evasion. The command Begin ExecuteStdScr(3); end does a preliminary scan of host. Even if the GUI is ancient and will not be changed, the database if constatly updated (works on Windows 10). It has a forum on kaspersky but not very active. The program checks for signature, hashes and trusted object database (green color equals trusted) for .sys, .dll, exe, task file. Non system behaviors and files are marked with default black.
    Similarly to Farbar it is very easy to use and has a complete guide on the website, download link: http://z-oleg.com/avz4.zip . It support the use of pre-made and non standard user scripts
    Although it is possible to break the system with few clicks it is idiot resistant and arguably less "dangerous" than Gmer or PC Hunter thanks to its design and information (warnings and multisearch engine). It will still allow to "cripple" host to (for example) block TermService activation.
    main GUI (1/3, the GUI is divided into 3 categories):
    Warning: blocking rootkit hooks for scan will hamper the normal functioning of AV/AM for the active session. Copying files to quarantine will delete legitimate .com files used to store data, (with PE warning level 35%). Fix errors automaticall might roll-back some changes you made with GPO
    mainGUI.png
    some additional tools:
    Kernel Space Module Viewer:
    Kernel space modules viewer.png
    Process Manager:
    Process Manager.png
    Services and Drivers Manager:
    Services and Drivers Manager.png
    Task Scheduler Jobs Manager (easier to manage tasks):
    Task Scheduler.png
    injected dlls:
    Injected dll manager.png
    Troubleshooting wizard scan for vulnerability (will not allow to apply risky tweaks, which is what Oleg wanted):
    Troubleshooting wizard.png
    in-dept system analysis similar to Farbar
    System analysis.png :
    autorun manager:
    Autorun manager.png
    TCP/UDP port scanner
     

    Attached Files:

    Last edited: Jun 14, 2019
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,851
    Location:
    Poland - Cracow
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    220
    Location:
    Island of Woman
    yes its stuck at 4.46 long ago, but the definitions and modules do receive an update, each time I launch it I have a new definitions, though I should calculate frequency
    its a great tool that can serve for further analysis with other tools, that gives you an idea of what is happening
    I also noticed that it was able to pick up well hidden malware samples while other second opinion scanners missed them (extended analysis). At least avz will tell you why it deems a file suspicious which is great.
    I also use it to harden system on new installs and debloat the task scheduler (a very quick process in avz)
    If I recall correctly it can detect suspicious Alternate data streams (ADS) 2
     
    Last edited: Jun 14, 2019
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,361
    Location:
    U.S.A. (South)
    Same here going back to XP. Fundamentally sound security probe kit that has multiple uses.

    Thanks for the link BTW. Mine is been updating nicely all along but is a version behind. Hence, not much for it to do :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.