AVZ Antiviral Toolkit is a system analysis and repair solution designed for automatic or manual search and removal of the following:

The AVZ toolkit has been registered with the Russian Industry Fund of Algorithms and Software (OFAP); OFAP certificate: 6427; code in the Unified Software Documentation System (ESPD): 52038851.00116-01.

The toolkit is a direct analog of such applications as Trojan Hunter and LavaSoft Ad-aware 6. Its primary task is removal of adware, spyware and trojans.

It should be noted from the outset that spyware and adware applications are not viruses or trojans by definition. They spy on the user and download data and program code to the infected computer mainly for marketing purposes. This means that the information they upload does not contain critical data, such as passwords, credit card numbers, or the like, while the downloaded data contains only ads or program updates. Yet very often the dividing line between spyware and trojans is very thin, complicating precise classification. Classification methods and criteria are described in these help files. For  additional information on malware, please refer to the  book Rootkits, SpyWare/AdWare, Keyloggers & BackDoors. Detection and Defense.

A feature of AVZ is that it enables the user to configure the way the application responds to every category of malware. For example, you can configure it to remove any viruses or trojans detected, while blocking the removal of adware.

Another feature of AVZ is multiple heuristic checks that are not based on signature-based search. These checks include searching for rootkits, keyloggers, and various backdoor exploits against a database of standard TCP/UDP ports. Such search methods make it possible to detect new varieties of malware.

In addition to the signature-based file search capability that is standard for programs in its class, AVZ incorporates a database of digital signatures of tens of thousands of system files. This database helps to minimize the number of false positives returned by the heuristics analyzer while also serving a number of other purposes. In particular, the file search system has a filter for excluding known files from search results. Trusted processes are color-coded in the manager of running processes and SPI settings. When files are being quarantined, AVZ prevents known files from being added to quarantine.

Practice shows that very often a spyware application can be categorized as adware and the other way around, for the simple reason that targeted advertising is the purpose of spying in most cases. For such eventualities, a common category called “spy” was introduced to include both adware and spyware. The term “spy” provides the most fitting description for this class of programs.

Starting with version 4.29, the AVZ interface and protocols are localized by using updatable databases, with Russian and English currently supported. The language is selected automatically or manually—using the command-line parameter “Lang” or the localization profile. The language is set automatically to Russian on Russian-language systems and to English on systems using other languages. The command-line parameter syntax is lang=X, where X is the locale name (RU for Russian and EN for English). To force the Russian-language interface, start AVZ by typing avz.exe lang=ru in the command line (accordingly, type avz.exe lang=en to force the English-language interface).

Limitations of the application:

       1.        Because the toolkit mainly targets spyware and adware modules, it does not currently support the checking of archives of some types, PE compressors, and documents. This functionality is unnecessary when scanning for spyware. The application is constantly improved and such functions are planned to be added.

       2.        The toolkit does not repair applications infected with computer viruses. Use specialized anti-virus applications (such as Kaspersky Anti-Virus, DrWeb, Norton Antivirus, Panda, and the like) to repair an infected program thoroughly and correctly.  Reproducing the functionality of these anti-virus applications is not neccessary, especially because computer viruses appear less and less frequently.