Zaloguj się

ichito · 21.08.2012, 11:40

Mało się u nas mówi na temat narzędzi diagnostyczno-naprawczych, pomyślałem więc, że warto wspomnieć o bardzo rozbudowanym programie tego typu pod nazwą AVZ Antiviral Toolkit , który jest firmowany przez Kaspersky Lab. Program autorski Olega Zaitseva, wcześniej jako projekt prywatny, zaczął być firmowany przez Kaspersky''ego od 2007, kiedy to autor zaczął pracę w tej firmie...nie przeszedł tam jakiś specjalnych transformacji czy aktualizacji, co widać po wyglądzie i numerach wersji -w kwietniu 2007 v. 4.25, w lipcu 2012 v. 4.39. Niemniej wciąż pozostaje niezwykle rozbudowanym i pomocnym narzędziem do wykrywania, analizy i naprawy systemu po błędach i infekcjach:
- klasycznymi programami szpiegowskimi (spyware) i adware (oraz ich kluczowymi modułami)
- rootkitami i malware, które ukrywają swoje procesy
- robakami sieciowymi (również zawartymi w mailach)
- wszelkiej maści trojanami (w szczególności Trojan-PSW, Trojan-Downloader i Trojan-Spy) oraz back-dorami
- oszukańczymi dialerami (Dialer, Trojan.Dialer, Porn-Dialer)
- key-loggerami i wszelkimi innymi aplikacjami, których zachowanie wskazuje na szpiegowanie użytkownika
Program korzysta podczas skanowania i analizy z wbudowanych sygnatur, które określają znane zagrożenia oraz z silnego mechanizmu heurystycznego do analizy zagrożeń nieznanych. Są to na tyle dobre mechanizmy, że wg znalezionych informacji AVZ jest wbudowany w pakiet KIS (narzędzia supportu), a analiza heurystyczna jest zaimplementowana w moduł HIPS, a jej wynikiem jest tzw. indeks ryzyka, którym opatrywane są nieznane aplikacje.
Program do działania nie wymaga instalacji - wystarczy pobrać spakowane archiwum i rozpakować.
Opis bardziej szczegółowy zacytuję z pliku pomocy programu

Cytat: AVZ is an interactive tool for semiautomatic scanning of the PC with the aim of finding and eliminating malware. One of the key AVZ features is support of external scripts that can be used to control automatic PC scanning and cleanup and quarantining of files. The system of script language commands with examples is described in help files.

• AV database — Helps diagnose malware known to AVZ and removes it. Removal involves automatic cleanup of malware traces in the registry and in the INI files that are critical to system operation. In this regard, AVZ is convenient for a quick cleanup of an infected PC before bringing in “heavy artillery” – installing a powerful anti-virus package and using it to run a scan. The scanner can scan archives of common types, email files, and NTFS streams.
The AV scanner can be integrated with The Bat by using a plug-in. The AVZ database is updated daily.

• Quick automatic PC scan with the results displayed in the html log file. During the scan, files found in the AVZ Trusted Objects Database and the Microsoft Security Catalog are filtered out, which considerably reduces the size of logs. This mode is convenient for a quick scan of a suspicious computer by the administrator, and for a remote scan of the system. The ability to run system analysis and to quarantine objects by using a script makes it possible to automate this operation fully. By this means, the local user’s involvement is reduced to running a *.bat file.

• Automatic quarantining of files that do not have a Microsoft digital signature and are not described in the AVZ Trusted Objects Database. To make these files subsequently analyzed manually or by using anti-virus applications. Additionally, AVZ supports list-based quarantine and quarantine commands in scripts, which simplifies remote collection of suspicious files from PCs being scanned.

• Search for rootkits and other API hooks, with the ability to search for hidden processes. Besides analysis of hooks, AVZ has the functionality to neutralize UserMode and KernelMode rootkits.

• System Restore. AVZ contains microprograms that automatically fix common corruptions of Internet Explorer and Windows Explorer settings, reset desktop settings, and neutralize policy rules set by trojans. Anti-virus applications do not normally perform these operations, which is why normal system operation is not restored after a trojan or spyware has been removed.

• Automatic checking of SPI/LSP settings and automatic fixing of errors. This eliminates most of the LSP problems encountered after the removal of some adware types. If settings cannot be restored, the toolkit will fully recreate them.

• File search. The search function is protected by the AVZ Rootkit Block (antirootkit), which offers a number of useful virus and trojan search functions. For example, antirootkit filters out files that have been cleared through the AVZ Trusted Objects Database and the Microsoft Security Catalog, allowing the search scope to be narrowed considerably.

• A script language for controlling AVZ. Scripts make it possible to use AVZ in a corporate network. In this case, AVZ can be launched from a logon script or autorun and run according to an administrator-developed script. Scripts also make it possible to automate the majority of AVZ operations.

• Built-in disk inspector. The disk inspector creates databases containing file information that corresponds to the user settings (by specifying folders and search masks). These databases can be used for keeping track of disk changes.

• Process Manager, which makes it possible to run a search for suspicious objects in maximum heuristics mode.

• The AVZGuard system, which protects AVZ and legitimate applications from malware affecting the system and limits the impact of malware on the system.

• A system providing direct access to the disk for handling blocked files. It operates on FAT16/FAT32/NTFS systems and is supported by all Windows NT operating systems, enabling the scanner to analyze blocked files and quarantine them.

• The AVZPM processes and drivers monitor. It keeps track of processes that are started and stopped and drivers that are loaded and unloaded in order to locate hidden drivers and detect corruptions created by DKOM rootkits in structures that describe processes and drivers.

• Boot Cleaner driver. Designed for cleaning the system (removing files, drivers, services, and registry keys) from KernelMode. The cleanup operation can be performed both during PC rebooting and while the toolkit repairs the system.

• Vulnerability search. Designed for locating invalid PC settings that can adversely affect security.

• Backup. Designed for backing up critical system settings. Backup is carried out upon user command or automatically while the toolkit repairs and restores the system.

• Troubleshooting wizard. This system automatically locates and eliminates issues that result from infection by malware and clears traces of user activity and trash from the PC.