AVZ is set of utilities honed to detect all flavors of hard to detect malware (such as rootkits). And to get rid of it.
What it does
AVZ combines few related functions and capabilities for viable chance to detect malware that hides really well. Basically it:
- detects things that interfere or integrate too deep with system;
- checks them for signs of malware behavior;
- runs against white list of known safe components;
- provides tools to remove malware, while protecting itself and other tools from it.
It has regular scan process with option to scan files, but there is extensive set of tools to manage autorun, processes and pretty much every other place that might get unwanted malware hooked to it.
I had freaking ugly very educational encounter today with computer that was complete mess of driver conflicts (cracked Daemon Tools Pro had showdown with cracked DrWeb, ouch).
After few hours of untangling and restoring system files I had system perfectly clean and working… Except that explorer.exe process completely trashed it with maxed out CPU usage and I had no idea where it came from. And 3.4GHz Pentium D spiking CPU makes computing experience really miserable.
Process Explorer and Process Monitor couldn’t detect a thing – all that came up was thread that originated out of non-descript memory space and spiked CPU, without any file activity. System was earlier through every portable antivirus scanner I use, so as clean as I could get it. It was complete H2IK sequence, worst I saw lately.
Quick (literally) scan with AVZ lighted up some obscure piece of driver (let it rest in peace) that interfered with numerous system APIs. And all was good without it.
- every sub-tool in AVZ makes use of main engine, so sees more and better than generic managers;
- AVZPM – optional driver for extensive process checks;
- AVZGuard – tool that restricts process and registry activity, except from trusted executables to guard them against aggressive malware;
- saves the day.
AVZ is semi-official product of Kaspersky Labs (seems they got it by hiring developer). Parts of AVZ are reused in other Kaspersky products such as AVPTool, but as for manual diagnostics it still has edge over rest.
Works without installation as any decent anti-malware tool should. And if you are down in trouble deep to this one then you won’t care about traces left.
Home (in Russian) http://www.z-oleg.com/secur/avz/