• Completely re-creating spi settings is dangerous. AVZ - restore system settings and remove viruses. As a result of disinfection of the personal computer OS, devices connected to it do not work

    A simple and convenient AVZ utility that can not only will help, but also knows how to restore the system. Why is this necessary?

    The fact is that after the invasion of viruses (it happens that AVZ kills thousands of them), some programs refuse to work, the settings have all disappeared somewhere and Windows somehow does not work quite correctly.

    Most often, in this case, users simply reinstall the system. But as practice shows, this is not at all necessary, because using the same AVZ utility, you can restore almost any damaged programs and data.

    In order to give you a more clear picture, I provide a complete list of what can be restoredAVZ.

    Material taken from the reference bookAVZ - http://www.z-oleg.com/secur/avz_doc/ (copy and paste into the browser address bar).

    Currently the database contains the following firmware:

    1.Restoring startup parameters of .exe, .com, .pif files

    This firmware restores the system's response to exe, com, pif, scr files.

    Indications for use: After the virus is removed, programs stop running.

    2. Reset Internet Explorer protocol prefix settings to standard

    This firmware restores protocol prefix settings in Internet Explorer

    Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

    3.Restoring the Internet Explorer start page

    This firmware restores the start page in Internet Explorer

    Indications for use: replacing the start page

    4.Reset Internet Explorer search settings to standard

    This firmware restores search settings in Internet Explorer

    Indications for use: When you click the “Search” button in IE, you are directed to some third-party site

    5.Restore desktop settings

    This firmware restores desktop settings.

    Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

    Indications for use: The desktop settings bookmarks in the “Display Properties” window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

    6.Deleting all Policies (restrictions) of the current user

    Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.

    Indications for use: Explorer functions or other system functions are blocked.

    7.Deleting the message displayed during WinLogon

    Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup.

    A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

    Indications for use: An extraneous message is entered during system boot.

    8.Restoring Explorer settings

    This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

    Indications for use: Explorer settings changed

    9.Removing system process debuggers

    Registering a system process debugger will allow you to launch an application hidden, which is what is used by a number of malicious programs

    Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

    10.Restoring boot settings in SafeMode

    Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode.

    This firmware restores boot settings in protected mode. Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode .

    11.Unlock task manager

    Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

    Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

    12.Clearing the ignore list of the HijackThis utility

    The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list.

    There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list

    Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

    13. Cleaning the Hosts file

    Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard “127.0.0.1 localhost” line.

    Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms include blocking antivirus software updates.

    You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

    14. Automatic correction of SPl/LSP settings

    Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found.

    This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Pay attention! This firmware cannot be run from a terminal session

    Indications for use: After removing the malicious program, I lost access to the Internet.

    15. Reset SPI/LSP and TCP/IP settings (XP+)

    This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows.

    Pay attention! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!

    Indications for use: After removing the malicious program, access to the Internet and execution of the firmware “14. Automatically correcting SPl/LSP settings does not work.

    16. Recovering the Explorer launch key

    Restores system registry keys responsible for launching Explorer.

    Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

    17. Unlocking the registry editor

    Unblocks the Registry Editor by removing the policy that prevents it from running.

    Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

    18. Complete re-creation of SPI settings

    Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

    Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15. Use only if necessary!

    19. Clear MountPoints database

    Cleans up the MountPoints and MountPoints2 database in the registry. This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

    To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

    Note:

    Restoration is useless if the system is running a Trojan that performs such reconfigurations - you must first remove the malicious program and then restore the system settings

    Note:

    To eliminate traces of most Hijackers, you need to run three firmware - “Reset Internet Explorer search settings to standard”, “Restore Internet Explorer start page”, “Reset Internet Explorer protocol prefix settings to standard”

    Note:

    Any of the firmware can be executed several times in a row without damaging the system. Exceptions - “5.

    Restoring desktop settings" (running this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10.

    Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting in safe mode).

    To start the recovery, first download, unpack and run utility. Then click File - System Restore. By the way, you can also do



    Check the boxes that you need and click start operations. That's it, we look forward to completion :-)

    In the following articles we will look in more detail at the problems that avz system recovery firmware will help us solve. So good luck to you.

    In certain situations it may be necessary to disable the kernel debugger. This operation is not recommended for inexperienced users due to the potential threat to the stability of the Microsoft Windows operating system.

    Instructions

    Click the "Start" button to open the main system menu and enter cmd in the search bar to initiate the procedure to disable the kernel debugger.

    Call the context menu of the found “Command Prompt” tool by right-clicking and specify the “Run as administrator” command.

    Specify Kdbgctrl.exe -d in the command line utility text box to disable kernel debugging in the current session and press the Enter function key to confirm the command.

    Use the bcdedit /debug off value in the command line text box to disable the processor core debugging process for all sessions on Windows Vista and Windows 7 operating systems, and press the Enter function key to confirm your choice.

    Enter dir /ASH in the command line text box to search for a hidden protected boot.ini file located on the system drive to disable the kernel debugger for all sessions in all earlier versions of the Microsoft Windows operating system and open the found file in the application " Notebook".

    Delete the parameters:

    - /debug;
    - debugport;
    - /baudrate

    and restart your computer to apply the selected changes.

    Click the "Continue" button in the prompt dialog box if you need to perform a debugging operation on the system's processor core and wait until the procedure completes.

    Use the gn command in the text field of the Kernel Debugger window when a User break exception (Int 3) error message appears.

    Use Debugging Mode when booting your computer in safe mode to enable the kernel debugger service.

    A kernel debugger is special software that runs at the kernel level of the entire operating system of a personal computer. The process of “debugging the operating system kernel” refers to the procedure for scanning various errors in the system kernel. When working with Daemon Tools, an Initialization error... Kernel debugger must be deactivated often occurs. You can fix this by disabling the kernel debugger.

    You will need

    • Administrator rights.

    Instructions

    If this warning appears during the application installation process, you need to disable the service called Machine debug manager. To do this, launch the “Control Panel” and go to the “Administration” section. Next, click on the “Services” shortcut. Find Machine Debug Manager in the list. Click on the name with the mouse button and click “Stop”.

    Disable debugger processes in Task Manager. To do this, right-click in a free area and select “Task Manager”. You can press the key combination Alt + Ctrl + Delete. Go to the Processes tab and disable all mdm.exe, dumprep.exe and drwatson.exe processes. If you don't feel comfortable searching for them in the list, click the Image Name tab to have the list sorted by name. As a rule, such operations are carried out manually, on behalf of the administrator of the personal computer.

    The error reporting system should also be disabled to stop recording debug information. To do this, go to the “Control Panel”. Select the "System" section and click the "Advanced" button. Next, click on the “Error Report” button. Check the box next to “Disable error reporting.” Then go to the “Boot and Recovery” tab and uncheck the boxes next to “Send an administrative alert” and “Log event to system log.”

    Remove the Daemon Tools application from startup. To do this, click the "Start" button. Next, click Run and enter the msconfig command. Once the system window appears, uncheck the box next to the Daemon Tools application. When installing the program, disable your antivirus software. If the described error occurs, the installation of the application should be started again after eliminating all the causes on the personal computer.

    Useful advice

    Performing some of the above operations requires administrative access to system resources.

    System Restore is a special feature of AVZ that allows you to restore a number of system settings damaged by malware.

    System recovery firmware is stored in the anti-virus database and updated as needed.

    Recommendation: Use system recovery only in a situation where there is a clear understanding that it is required. Before using it, it is recommended to make a backup copy or system rollback point.

    Note: system restore operations record automatic backup data as REG files in the Backup directory of the AVZ working folder.

    Currently the database contains the following firmware:

    1.Restoring startup parameters of .exe, .com, .pif files

    This firmware restores the system's response to exe, com, pif, scr files.

    Indications for use: After the virus is removed, programs stop running.

    Possible risks: are minimal, but it is recommended to use

    2. Reset Internet Explorer protocol prefix settings to standard

    This firmware restores protocol prefix settings in Internet Explorer

    Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

    Possible risks: minimal

    3.Restoring the Internet Explorer start page

    This firmware restores the start page in Internet Explorer

    Indications for use: replacing the start page

    Possible risks: minimal

    4.Reset Internet Explorer search settings to standard

    This firmware restores search settings in Internet Explorer

    Indications for use: When you click the "Search" button in IE, you are directed to some third-party site

    Possible risks: minimal

    5.Restore desktop settings

    This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

    Indications for use: The desktop settings tabs in the "Display Properties" window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

    Possible risks: user settings will be deleted, the desktop will appear as default

    6.Deleting all Policies (restrictions) of the current user

    Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.

    Indications for use: Explorer functions or other system functions are blocked.

    Possible risks: Operating systems of different versions have default policies, and resetting policies to certain standard values ​​is not always optimal. To fix policies that are frequently modified by malicious problems, you should use the Troubleshooting Wizard, which is safe in terms of possible system failures.

    7.Deleting the message displayed during WinLogon

    Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

    Indications for use: An extraneous message is entered during system boot.

    Possible risks: No

    8.Restoring Explorer settings

    This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

    Indications for use: Explorer settings changed

    Possible risks: are minimal, the most typical damage to settings for malware is found and corrected by the Troubleshooting Wizard.

    9.Removing system process debuggers

    Registering a system process debugger will allow you to launch an application hidden, which is used by a number of malicious programs

    Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

    Possible risks: minimal, possible disruption of programs that use the debugger for legitimate purposes (for example, replacing the standard task manager)

    10.Restoring boot settings in SafeMode

    Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode. This firmware restores boot settings in protected mode.

    Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode.

    Possible risks: high, since restoring the standard configuration does not guarantee that SafeMode will be fixed. In Security Captivity, the Troubleshooting Wizard finds and fixes specific broken SafeMode configuration entries

    11.Unlock task manager

    Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

    Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

    Possible risks: troubleshooting wizard

    12.Clearing the ignore list of the HijackThis utility

    The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list. There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list

    Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

    Possible risks: minimal, please note that the settings to ignore HijackThis will be deleted

    13. Cleaning the Hosts file

    Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard "127.0.0.1 localhost" line.

    Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms are blocking the update of antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

    Possible risks: average, please note that the Hosts file may contain useful entries

    14. Automatic correction of SPl/LSP settings

    Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Pay attention! This firmware cannot be run from a terminal session

    Indications for use: After removing the malicious program, I lost access to the Internet.

    Possible risks: average, it is recommended to create a backup before starting

    15. Reset SPI/LSP and TCP/IP settings (XP+)

    This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows. You can read more about resetting settings in the Microsoft knowledge base - http://support.microsoft.com/kb/299357

    Indications for use: After removing the malicious program, access to the Internet was lost and running the firmware "14. Automatic correction of SPl/LSP settings" does not produce any results.

    Possible risks: high, it is recommended to create a backup before starting

    16. Recovering the Explorer launch key

    Restores system registry keys responsible for launching Explorer.

    Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

    Possible risks: minimum

    17. Unlocking the registry editor

    Unblocks the Registry Editor by removing the policy that prevents it from running.

    Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

    Possible risks: minimal, a similar check is performed by the Troubleshooting Wizard

    18. Complete re-creation of SPI settings

    Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

    Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15.

    Pay attention! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!Use this operation only if necessary, in cases where other SPI recovery methods have not helped !

    Possible risks: very high, it is recommended to create a backup before starting!

    19. Clear MountPoints database

    Cleans up the MountPoints and MountPoints2 database in the registry.

    Indications for use: This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

    Possible risks: minimum

    20.Remove static routes

    Performs removal of all static routes.

    Indications for use: This operation helps if some sites are blocked using incorrect static routes.

    Possible risks: average. It is important to note that for some services to work on some Internet providers, static routes may be necessary and after such deletion they will have to be restored according to the instructions on the Internet provider’s website.

    21.Replace the DNS of all connections with Google Public DNS

    Replaces the DNS server in the configuration of all network adapters with public DNS from Google. Helps if a Trojan program has replaced the DNS with its own.

    Indications for use: DNS spoofing by malware.

    Possible risks: average. Please note that not all providers allow you to use a DNS other than their own.

    To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

    Note:

    Restoration is useless if the system is running a Trojan that performs such reconfigurations - you must first remove the malicious program and then restore the system settings

    Note:

    To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore Internet Explorer start page", "Reset Internet Explorer protocol prefix settings to standard"

    Note:

    Any of the firmware can be executed several times in a row without significant damage to the system. Exceptions are "5. Restoring desktop settings" (this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting into safe mode), as well as 15 and 18 (resetting and recreating SPI settings).

    Modern antiviruses have acquired various additional functionality so much that some users have questions while using them. In this lesson we will tell you about all the key features of the AVZ antivirus.

    Let's look at what AVZ is in as much detail as possible using practical examples. The following functions deserve the main attention of the average user.

    Checking the system for viruses

    Any antivirus should be able to detect malware on your computer and deal with it (treat or remove it). Naturally, this function is also present in AVZ. Let's see in practice what such a check is like.

    1. Let's launch AVZ.
    2. A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.

    3. On the first tab "Search area" you need to check the boxes for those folders and hard drive partitions that you want to scan. A little lower you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will allow you to perform a special heuristic analysis, scan additional running processes and even identify potentially dangerous software.

    4. After that, go to the tab "File Types". Here you can choose what data the utility should scan.
    5. If you are doing a regular check, then just check the box "Potentially dangerous files". If viruses have taken deep roots, then you should choose "All files".
    6. In addition to ordinary documents, AVZ easily scans archives, something that many other antiviruses cannot boast of. This tab is where you can enable or disable this check. We recommend unchecking the box next to scanning large archives if you want to achieve maximum results.
    7. In total, your second tab should look like this.

    8. Next we go to the last section "Search Options".
    9. At the very top you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking API and RootKit interceptors, searching for keyloggers, and checking SPI/LSP settings. The general appearance of your last tab should be something like this.

    10. Now you need to configure the actions that AVZ will take when a particular threat is detected. To do this, you first need to check the box next to the line "Carry out treatment" in the right area of ​​the window.

    11. Next to each type of threat, we recommend setting the parameter "Delete". The only exceptions are threats like "HackTool". Here we recommend leaving the parameter "Treat". In addition, check the two lines below the list of threats.

    12. The second parameter will allow the utility to copy the unsafe document to a specially designated location. You can then view all the contents, and then safely delete them. This is done so that you can exclude from the list of infected data those that are not actually infected (activators, key generators, password generators, and so on).
    13. When all the settings and search parameters have been set, you can begin the scanning itself. To do this, click the corresponding button "Start".

    14. The verification process will begin. Her progress will be displayed in a special area "Protocol".
    15. After some time, which depends on the amount of data being scanned, the scanning will be completed. A message indicating the completion of the operation will appear in the log. The total time spent on analyzing files will also be indicated, as well as statistics on scanning and identified threats.

    16. By clicking on the button marked in the image below, you will be able to see in a separate window all the suspicious and dangerous objects that were identified by AVZ during the scan.

    17. The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. When the operation is complete, press the button "OK" at the very bottom.

    18. After cleaning your computer, you can close the program window.

    System functions

    In addition to standard malware scanning, AVZ can perform a lot of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File". As a result, a context menu will appear containing all available auxiliary functions.

    The first three lines are responsible for starting, stopping and pausing the scan. These are analogues of the corresponding buttons in the AVZ main menu.

    System Research

    This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware. Such information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. Here you can specify what information AVZ should collect. After checking all the necessary boxes, you should click the button "Start" at the very bottom.


    After this, a save window will open. In it you can select the location of the document with detailed information, as well as indicate the name of the file itself. Please note that all information will be saved as an HTML file. It opens in any web browser. Having specified the path and name for the saved file, you need to click the button "Save".


    As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

    System Restore

    Using this set of functions, you can return elements of the operating system to their original form and reset various settings. Most often, malware tries to block access to the Registry Editor, Task Manager and write its values ​​in the system document Hosts. You can unlock such elements using the option "System Restore". To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.


    After this you need to press the button “Perform marked operations” in the lower area of ​​the window.

    A window will appear on the screen in which you must confirm the action.


    After some time, you will see a message indicating that all tasks have completed. Just close this window by clicking the button "OK".

    Scripts

    In the list of parameters there are two lines related to working with scripts in AVZ - "Standard scripts" And "Run script".

    Clicking on a line "Standard scripts", you will open a window with a list of ready-made scripts. All you need to do is tick the boxes that you want to run. After that, click the button at the bottom of the window "Run".


    In the second case, you will launch the script editor. Here you can write it yourself or download it from your computer. Don't forget to click the button after writing or uploading "Run" in the same window.

    Database update

    This item is the most important of the entire list. By clicking on the corresponding line, you will open the AVZ database update window.

    We do not recommend changing settings in this window. Leave everything as it is and press the button "Start".


    After some time, a message will appear on the screen indicating that the database update is complete. All you have to do is close this window.

    Viewing the contents of the Quarantine and Infected folders

    By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected while scanning your system.

    In the windows that open, you can permanently delete such files or restore them if they actually do not pose a threat.


    Please note that in order for suspicious files to be placed in these folders, you must check the appropriate boxes in the system scanning settings.

    This is the last option from this list that the average user may need. As the name suggests, these parameters allow you to save the preliminary antivirus configuration (search method, scanning mode, etc.) to your computer, and also load it back.

    When saving, you will only need to specify the file name, as well as the folder in which you want to save it. When loading a configuration, simply select the desired settings file and click the button "Open".

    Exit

    It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - when particularly dangerous software is detected - AVZ blocks all methods of closing itself, except for this button. In other words, you will not be able to close the program with a keyboard shortcut "Alt+F4" or by clicking on the banal cross in the corner. This is done so that viruses cannot interfere with the correct operation of AVZ. But by clicking this button, you can close the antivirus if necessary for sure.

    In addition to the options described, there are also others in the list, but they most likely will not be needed by ordinary users. Therefore, we did not focus on them. If you still need help regarding the use of functions that are not described, write about it in the comments. And we move on.

    List of services

    In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

    As in the last section, we will go over only those that may be useful to the average user.

    Process Manager

    By clicking on the very first line from the list, you will open a window "Process Manager". In it you can see a list of all executable files that are running on a computer or laptop at a given time. In the same window you can read a description of the process, find out its manufacturer and the full path to the executable file itself.


    You can also terminate a particular process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.


    This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations where "Task Manager" blocked by a virus.

    Services and Driver Manager

    This is the second service in the general list. By clicking on the line with the same name, you will open the service and driver management window. You can switch between them using a special switch.

    In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.


    You can select the required item, after which you will have the options of enabling, disabling or completely removing the service/driver. These buttons are located at the top of the work area.

    Startup Manager

    This service will allow you to fully customize autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on the line with the same name, you will see the following.


    In order to disable the selected element, you only need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button at the top of the window in the form of a black cross.

    Please note that a deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

    Hosts File Manager

    We mentioned a little above that the virus sometimes writes its own values ​​into the system file "Hosts". And in some cases, malware also blocks access to it so that you cannot correct the changes made. This service will help you in such situations.

    By clicking on the line shown in the image above in the list, you will open a manager window. You cannot add your own values ​​here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of ​​the work area.


    After this, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".


    When the selected line is deleted, you just need to close this window.

    Be careful not to delete lines whose purpose you do not know. To file "Hosts" Not only viruses, but also other programs can write their values.

    System utilities

    With AVZ you can also launch the most popular system utilities. You can see their list if you hover your mouse over the line with the corresponding name.


    By clicking on the name of a particular utility, you will launch it. After this, you can make changes to the registry (regedit), configure the system (msconfig) or check system files (sfc).

    These are all the services we wanted to mention. Beginner users are unlikely to need a protocol manager, extensions, or other additional services. Such functions are more suitable for more advanced users.

    AVZGuard

    This function was developed to combat the most cunning viruses that cannot be removed using standard methods. It simply adds malware to a list of untrusted software that is prohibited from performing its operations. To enable this function you need to click on the line "AVZGuard" in the upper AVZ area. In the drop-down window, click on the item "Enable AVZGuard".

    Be sure to close all third-party applications before enabling this feature, otherwise they will also be included in the list of untrusted software. The operation of such applications may be disrupted in the future.

    All programs that are marked as trusted will be protected from deletion or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After this, you should disable AVZGuard back. To do this, click again on a similar line at the top of the program window, and then click on the button to disable the function.

    AVZPM

    The technology indicated in the name will monitor all started, stopped and modified processes/drivers. To use it, you must first enable the corresponding service.

    Click on the AVZPM line at the top of the window.
    In the drop-down menu, click on the line “Install the advanced process monitoring driver”.


    Within a few seconds, the necessary modules will be installed. Now, when changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down window. This will unload all AVZ processes and remove previously installed drivers.

    Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have an x64 operating system installed. Unfortunately, the mentioned utilities do not work on an OS with this bit depth.

    This brings this article to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will be happy to pay attention to each question and try to give the most detailed answer.

    Tweet

    There are programs that are as universal as a Swiss Army knife. The hero of my article is just such a “station wagon”. His name is AVZ(Zaitsev Antivirus). With this free Antivirus and viruses can be caught, the system can be optimized, and problems can be fixed.

    AVZ capabilities

    I already talked about the fact that this is an antivirus program in. The work of AVZ as a one-time antivirus (more precisely, an anti-rootkit) is well described in its help, but I will show you another side of the program: checking and restoring settings.

    What can be “fixed” with AVZ:

    • Restore startup of programs (.exe, .com, .pif files)
    • Reset Internet Explorer settings to default
    • Restore desktop settings
    • Remove rights restrictions (for example, if a virus has blocked programs from launching)
    • Remove a banner or window that appears before you log in
    • Remove viruses that can run along with any program
    • Unblock the task manager and registry editor (if the virus has prevented them from running)
    • Clear file
    • Prohibit autorun of programs from flash drives and disks
    • Remove unnecessary files from your hard drive
    • Fix desktop problems
    • And much more

    You can also use it to check Windows settings for security (in order to better protect against viruses), as well as optimize the system by cleaning startup.

    The AVZ download page is located.

    The program is free.

    First, let's protect your Windows from careless actions.

    The AVZ program has Very many functions affecting the operation of Windows. This dangerous, because if there is a mistake, disaster can happen. Please read the text and help carefully before doing anything. The author of the article is not responsible for your actions.

    In order to be able to “return everything as it was” after careless work with AVZ, I wrote this chapter.

    This is a mandatory step, essentially creating an “escape route” in case of careless actions - thanks to the restore point, it will be possible to restore settings and the Windows registry to an earlier state.

    Windows Recovery System is a required component of all versions of Windows, starting with Windows ME. It’s a pity that they usually don’t remember about it and waste time reinstalling Windows and programs, although you could just click a couple of times and avoid all the problems.

    If the damage is serious (for example, some system files have been deleted), then System Restore will not help. In other cases - if you configured Windows incorrectly, messed around with the registry, installed a program that prevents Windows from booting, or used the AVZ program incorrectly - System Restore should help.

    After work, AVZ creates subfolders with backup copies in its folder:

    /Backup- backup copies of the registry are stored there.

    /Infected- copies of deleted viruses.

    /Quarantine- copies of suspicious files.

    If problems started after running AVZ (for example, you thoughtlessly used the AVZ System Restore tool and the Internet stopped working) and Windows System Restore did not roll back the changes made, you can open registry backups from the folder Backup.

    How to create a restore point

    Let's go to Start - Control Panel - System - System Protection:

    Click “System Protection” in the “System” window.

    Click the “Create” button.

    The process of creating a restore point can take ten minutes. Then a window will appear:

    A restore point will be created. By the way, they are automatically created when installing programs and drivers, but not always. Therefore, before dangerous actions (setting up, cleaning the system), it is better to once again create a restore point, so that in case of trouble you can praise yourself for your foresight.

    How to restore your computer using a restore point

    There are two options for launching System Restore - from under running Windows and using the installation disc.

    Option 1 - if Windows starts

    Let's go to Start - All Programs - Accessories - System Tools - System Restore:

    Will start Select a different restore point and press Next. A list of restore points will open. Select the one you need:

    The computer will automatically restart. After downloading, all settings, its registry and some important files will be restored.

    Option 2 - if Windows does not boot

    You need an “installation” disk with Windows 7 or Windows 8. I wrote in where to get it (or download it).

    Boot from the disk (how to boot from boot disks is written) and select:

    Select "System Restore" instead of installing Windows

    Repairing the system after viruses or inept actions with the computer

    Before all actions, get rid of viruses, for example, using. Otherwise, there will be no point - the running virus will “break” the corrected settings again.

    Restoring program launches

    If a virus has blocked the launch of any programs, then AVZ will help you. Of course, you still need to launch AVZ itself, but it’s quite easy:

    First we go to Control Panel- set any type of viewing, except Category - Folder Options - View- uncheck Hide extensions for registered file types - OK. Now you can see for each file extension- several characters after the last dot in the name. This is usually the case with programs. .exe And .com. To run AVZ antivirus on a computer where running programs is prohibited, rename the extension to cmd or pif:

    Then AVZ will start. Then in the program window itself, click File - :

    Points to note:

    1. Restoring startup parameters of .exe, .com, .pif files(actually, it solves the problem of launching programs)

    6. Removing all Policies (restrictions) of the current user(in some rare cases, this item also helps solve the problem of starting programs if the virus is very harmful)

    9. Removing system process debuggers(it is very advisable to note this point, because even if you checked the system with an antivirus, something could remain from the virus. It also helps if the Desktop does not appear when the system starts)

    , confirm the action, a window appears with the text “System restoration completed.” Then all that remains is to restart the computer - the problem with launching programs will be solved!

    Restoring the Desktop launch

    A fairly common problem is that the desktop does not appear when the system starts.

    Launch Desk you can do this: press Ctrl+Alt+Del, launch the Task Manager, there press File - New task (Run...) - enter explorer.exe:

    OK- The desktop will start. But this is only a temporary solution to the problem - the next time you turn on the computer you will have to repeat everything again.

    To avoid doing this every time, you need to restore the program launch key explorer(“Explorer”, which is responsible for standard viewing of the contents of folders and the operation of the Desktop). In AVZ click File- and mark the item

    Perform marked operations, confirm the action, press OK. Now when you start your computer, the desktop will launch normally.

    Unlocking Task Manager and Registry Editor

    If a virus has blocked the launch of the two above-mentioned programs, you can remove the ban through the AVZ program window. Just check two points:

    11. Unlock task manager

    17. Unlocking the registry editor

    And click Perform the marked operations.

    Problems with the Internet (VKontakte, Odnoklassniki and antivirus sites do not open)

    This component can check four categories of problems with varying degrees of severity (each degree differs in the number of settings):

    System problems- This includes security settings. By ticking the found items and pressing the button Fix flagged issues, some loopholes for viruses will be closed. There is also a flip side to the coin - while increasing safety, comfort decreases. For example, if you disable autorun from removable media and CD-ROMs, when you insert flash drives and disks, a window with a choice of actions (view the contents, launch the player, etc.) will not appear - you will have to open the Computer window and start viewing the contents of the disk manually. That is, viruses will not start automatically, and a convenient prompt will not appear. Depending on Windows settings, everyone will see their own list of system vulnerabilities here.

    Browser settings and tweaks- Internet Explorer security settings are checked. As far as I know, the settings of other browsers (Google Chrome, Opera, Mozilla Firefox and others) are not checked. Even if you do not use Internet Explorer to surf the Internet, I advise you to run a scan - components of this browser are often used in various programs and are a potential “security hole” that should be closed.

    Cleaning the system- partially duplicates the previous category, but does not affect the places where data about user actions is stored.

    I recommend checking your system in categories System problems And Browser settings and tweaks by selecting the degree of danger Moderate problems. If the viruses did not touch the settings, then most likely you will be offered only one option - “autostart is allowed from removable media” (flash drives). If you check the box and thus prohibit the autorun of programs from flash drives, then you will at least partially protect your computer from viruses distributed on flash drives. More complete protection is achieved only with and working.

    Cleaning the system from unnecessary files

    Programs AVZ knows how to clean your computer from unnecessary files. If you don’t have a hard drive cleaning program installed on your computer, then AVZ will do, since there are many possibilities:

    More details about the points:

    1. Clear system cache Prefetch- cleaning the folder with information about which files to load in advance for quick launch of programs. The option is useless, because Windows itself quite successfully monitors the Prefetch folder and cleans it when required.
    2. Delete Windows Log Files- you can clear various databases and files that store various records about events occurring in the operating system. The option is useful if you need to free up a dozen or two megabytes of space on your hard drive. That is, the benefit from using it is negligible, the option is useless.
    3. Delete memory dump files- when critical errors occur, Windows interrupts its operation and displays BSOD (blue screen of death), at the same time saving information about running programs and drivers to a file for subsequent analysis by special programs to identify the culprit of the failure. The option is almost useless, since it allows you to win only ten megabytes of free space. Clearing memory dump files does not harm the system.
    4. Clear list of Recent documents- oddly enough, the option clears the Recent Documents list. This list is located in the Start menu. You can also clear the list manually by right-clicking on this item in the Start menu and selecting “Clear list of recent items.” The option is useful: I noticed that clearing the list of recent documents allows the Start menu to display its menus a little faster. It won't harm the system.
    5. Clearing the TEMP folder- The Holy Grail for those who are looking for the reason for the disappearance of free space on the C: drive. The fact is that many programs store files in the TEMP folder for temporary use, forgetting to “clean up after themselves” later. A typical example is archivers. They will unpack the files there and forget to delete them. Clearing the TEMP folder does not harm the system; it can free up a lot of space (in particularly advanced cases, the gain in free space reaches fifty gigabytes!).
    6. Adobe Flash Player - clearing temporary files- "flash player" can save files for temporary use. They can be removed. Sometimes (rarely) this option helps in dealing with Flash Player glitches. For example, with problems playing video and audio on the VKontakte website. There is no harm from use.
    7. Clearing the terminal client cache- as far as I know, this option clears temporary files of a Windows component called “Remote Desktop Connection” (remote access to computers via RDP). Option it seems does no harm, frees up a dozen megabytes of space at best. There is no point in using it.
    8. IIS - Deleting HTTP Error Log- it takes a long time to explain what it is. Let me just say that it is better not to enable the IIS log clearing option. In any case, it does no harm, and no benefit either.
    9. Macromedia Flash Player- item duplicates "Adobe Flash Player - clearing temporary files", but affects rather ancient versions of Flash Player.
    10. Java - clearing cache- gives you a gain of a couple of megabytes on your hard drive. I don't use Java programs, so I haven't checked the consequences of enabling the option. I don't recommend turning it on.
    11. Emptying the Trash- the purpose of this item is absolutely clear from its name.
    12. Remove system update installation logs- Windows keeps a log of installed updates. Enabling this option clears the log. The option is useless because there is no gain in free space.
    13. Remove Windows Update Protocol- similar to the previous point, but other files are deleted. Also a useless option.
    14. Clear MountPoints database- if when you connect a flash drive or hard drive, icons with them are not created in the Computer window, this option can help. I advise you to enable it only if you have problems connecting flash drives and disks.
    15. Internet Explorer - clearing cache- cleans Internet Explorer temporary files. The option is safe and useful.
    16. Microsoft Office - clearing cache- cleans temporary files of Microsoft Office programs - Word, Excel, PowerPoint and others. I can’t check the security options because I don’t have Microsoft Office.
    17. Clearing the CD burning system cache- a useful option that allows you to delete files that you have prepared for burning to disks.
    18. Cleaning the system TEMP folder- unlike the user TEMP folder (see point 5), cleaning this folder is not always safe, and usually frees up little space. I don't recommend turning it on.
    19. MSI - cleaning the Config.Msi folder- This folder stores various files created by program installers. The folder is large if the installers did not complete their work correctly, so cleaning the Config.Msi folder is justified. However, I warn you - there may be problems with uninstalling programs that use .msi installers (for example, Microsoft Office).
    20. Clear task scheduler logs- Windows Task Scheduler keeps a log where it records information about completed tasks. I don’t recommend enabling this item, because there is no benefit, but it will add problems - Windows Task Scheduler is a rather buggy component.
    21. Remove Windows Setup Logs- winning a place is insignificant, there is no point in deleting.
    22. Windows - clearing icon cache- useful if you have problems with shortcuts. For example, when the Desktop appears, icons do not appear immediately. Enabling this option will not affect system stability.
    23. Google Chrome - clearing cache- a very useful option. Google Chrome stores copies of pages in a designated folder to help open sites faster (pages are loaded from your hard drive instead of downloading over the Internet). Sometimes the size of this folder reaches half a gigabyte. Cleaning is useful because it frees up space on your hard drive; it does not affect the stability of either Windows or Google Chrome.
    24. Mozilla Firefox - Cleaning up the CrashReports folder- every time a problem occurs with the Firefox browser and it crashes, report files are created. This option deletes report files. The gain in free space reaches a couple of tens of megabytes, that is, the option is of little use, but it is there. Does not affect the stability of Windows and Mozilla Firefox.

    Depending on the installed programs, the number of items will differ. For example, if the Opera browser is installed, you can clear its cache too.

    Cleaning the list of startup programs

    A surefire way to speed up your computer's startup and speed is to clean the startup list. If unnecessary programs do not start, then the computer will not only turn on faster, but also work faster - due to the freed up resources that will not be taken up by programs running in the background.

    AVZ can view almost all loopholes in Windows through which programs are launched. You can view the autorun list in the Tools - Autorun Manager menu:

    The average user has absolutely no need for such powerful functionality, so I urge don't turn everything off. It is enough to look at only two points - Autorun folders And Run*.

    AVZ displays autorun not only for your user, but also for all other profiles:

    In the section Run* It’s better not to disable programs located in the section HKEY_USERS- this may disrupt the operation of other user profiles and the operating system itself. In the section Autorun folders you can turn off everything you don't need.

    The lines identified by the antivirus as known are marked in green. This includes both Windows system programs and third-party programs that have a digital signature.

    All other programs are marked in black. This does not mean that such programs are viruses or anything like that, just that not all programs are digitally signed.

    Don't forget to make the first column wider so that the program name is visible. Simply unchecking the checkbox will temporarily disable the program's autorun (you can then check the box again), highlighting the item and pressing the button with a black cross will delete the entry forever (or until the program registers itself in autorun again).

    The question arises: how to determine what can be turned off and what cannot? There are two solutions:

    Firstly, there is common sense: you can make a decision based on the name of the .exe file of the program. For example, Skype, when installed, creates an entry to automatically start when you turn on the computer. If you don't need this, uncheck the box ending with skype.exe. By the way, many programs (and Skype among them) can remove themselves from startup; just uncheck the corresponding item in the settings of the program itself.

    Secondly, you can search the Internet for information about the program. Based on the information received, it remains to make a decision: to remove it from autorun or not. AVZ makes it easy to find information about items: just right-click on the item and select your favorite search engine:

    By disabling unnecessary programs, you will significantly speed up your computer startup. However, it is not advisable to disable everything - this risks losing the layout indicator, disabling the antivirus, etc.

    Disable only those programs that you know for sure - you don’t need them at startup.

    Bottom line

    In principle, what I wrote about in the article is akin to hammering nails with a microscope - the AVZ program is suitable for optimizing Windows, but in general it is a complex and powerful tool suitable for performing a wide variety of tasks. However, to use AVZ to its fullest, you need to know Windows thoroughly, so you can start small - namely, with what I described above.

    If you have any questions or comments, there is a comment section under the articles where you can write to me. I am monitoring the comments and will try to respond to you as quickly as possible.

    Read more: