AVZ - restore system settings and remove viruses. Configuring AVZ firmware - system recovery after viruses

In certain situations, it may be necessary to disable the kernel debugger. This operation cannot be recommended for inexperienced users due to the potential threat to the stability of the operating system. Microsoft Windows.

Instructions

Click the "Start" button to bring up the main menu of the system and enter the value cmd in the search bar field to initiate the procedure for disabling the kernel debugger.

Call context menu found the "Command Line" tool by right-clicking and specifying the command "Run as administrator".

Specify the value Kdbgctrl.exe -d in the utility text box command line to disable the kernel debugging routine in the current session and press the softkey labeled Enter to confirm execution of the command.

Use the bcdedit / debug off value in the command line text box to disable the processor core debugging process for all sessions on operating systems Windows Vista and Windows 7 and press the Enter function key to confirm your choice.

Enter dir / ASH in the command line text box to search for the hidden protected boot.ini file located at system disk, to implement the procedure for disabling the kernel debugger for all sessions in all more early versions operating room Microsoft systems Windows and open the found file in Notepad.

Delete parameters:

- / debug;
- debugport;
- / baudrate

and restart your computer to apply the selected changes.

Click the Continue button in the prompt dialog box if you want to debug the system processor core and wait for the procedure to complete.

Use the gn command in the text box of the Kernel Debugger window when you see a User break exception (Int 3) error message.

Use Debugging Mode when booting your computer into safe mode to perform the enablement of the kernel debugger service.

The kernel debugger is special software that runs at the kernel level of the entire operating system of a personal computer. The process of "debugging the operating system kernel" refers to the scanning procedure various errors at the core of the system. When working with Daemon tools often occurs Initialization error error ... Kernel debugger must be deactivated. You can fix it by disabling the kernel debugger.

You will need

  • Administrator rights.

Instructions

If this warning appears during the installation of the application, you must turn off the service called Machine debug manager. To do this, start the "Control Panel" and go to the "Administrative Tools" section. Next, click on the "Services" shortcut. Find Machine Debug Manager in the list. Click on the name with the mouse button and press "Stop".

Disable debugger processes in Task Manager. To do this, click right click mouse in a free area and select "Task Manager". You can press the Alt + Ctrl + Delete key combination. Go to the Processes tab and disable all mdm.exe, dumprep.exe and drwatson.exe processes. If you are not comfortable looking for them in the list, click the Image Name tab to sort the list by name. As a rule, such operations are carried out manually, on behalf of the administrator of a personal computer.

The error reporting system should also be disabled so that recording debug information has been discontinued. To do this, go to the "Control Panel". Select the "System" section and click the "Advanced" button. Then click on the "Error Report" button. Check the box next to Disable Error Reporting. Then go to the Startup and Recovery tab and uncheck the boxes next to Send Administrative Alert and Write Event to System Log.

Remove the Daemon Tools application from autorun. To do this, click the "Start" button. Then click "Run" and enter the msconfig command. Once the system window appears, uncheck the box next to the Daemon Tools application. Disable your anti-virus software during installation. If the described error occurs, the application installation should be restarted, after eliminating all the reasons for personal computer.

Helpful advice

Some of the above operations require administrator access to system resources.

Dedicated to AVZ, I want to share with you some more knowledge on the capabilities of this wonderful utility.

Today we will talk about system recovery tools, which can often save your computer's life after being infected with viruses and other horrors of life, as well as solve a number of systemic problems arising as a result of certain errors.
It will be useful to everyone.

Introductory

Before starting, traditionally, I want to offer you two formats of material, namely: video or text. Video here:

Well, the text is below. See for yourself which option is closer to you.

General description of the program functionality

What are these recovery tools? This is a set of firmware and scripts that help to restore certain system functions to a working state. Which for example? Well, let's say bring back or the Registry Editor, clear the hosts file, or reset IE settings. In general, I give it in full and with a description (so as not to reinvent the wheel):

  • 1. Restoring startup parameters for.exe, .com, .pif files
    This firmware restores the system's response to exe files, com, pif, scr.
    Indications for use: after removing the virus, programs stop running.
  • 2. Reset protocol prefix settings Internet Explorer to standard
    This firmware restores the protocol prefix settings in Internet Explorer
    Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru
  • 3. Recovery start page Internet Explorer
    This firmware restores the start page in Internet Explorer
    Indications for use: substitution of the start page
  • 4. Reset settings Internet search Explorer to standard
    This firmware restores Internet Explorer search settings
    Indications for use: When you click the "Search" button in IE, there is a call to some third-party site
  • 5. Restoring desktop settings
    This firmware restores the desktop settings. Recovery means removing all ActiveDesctop active elements, wallpaper, removing locks on the menu that is responsible for desktop settings.
    Indications for use: The desktop settings tabs in the "Properties: screen" window have disappeared, extraneous inscriptions or drawings are displayed on the desktop
  • 6. Removal of all Policies (restrictions) current user.
    Windows provides a mechanism for limiting user actions called Policies. This technology is used by many malicious programs because settings are stored in the registry and are not difficult to create or modify.
    Indication for use: The conductor functions or other system functions are blocked.
  • 7. Deleting the message displayed during WinLogon
    Windows NT and later systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malware and the destruction of the malicious program does not lead to the destruction of this message.
    Indications for use: An extraneous message is introduced during system boot.
  • 8. Restore Explorer Settings
    This firmware resets a number of Explorer settings to standard ones (first of all, the settings changed by malware are reset).
    Indication for use: Changed conductor settings
  • 9. Removing system process debuggers
    Registering a system process debugger will allow you to hidden launch application that is used by a number of malicious programs
    Indication for use: AVZ detects unrecognized debuggers of system processes, problems with launching system component, in particular, after a reboot, the desktop disappears.
  • 10. Restoring boot settings in SafeMode
    Some malware, in particular the Bagle worm, corrupts the boot settings of the system in Protected Mode. This firmware restores boot settings in secure mode.
    Indications for use: The computer does not boot in SafeMode. Use this firmware only in case of problems with booting in protected mode.
  • 11. Unlocking the task manager
    Task manager blocking is used by malware to protect processes from detection and deletion. Accordingly, the execution of this microprogram removes the lock.
    Indications for use: Blocking the task manager, when you try to call the task manager, the message "The task manager is blocked by the administrator" is displayed.
  • 12. Clearing the ignore list of the HijackThis utility
    The HijackThis utility stores a number of its settings in the registry, in particular, the list of exclusions. Therefore, to disguise itself from HijackThis, a malicious program only needs to register its executable files in the exclusion list. At the moment, a number of malicious programs are known that use this vulnerability... The AVZ firmware clears the exclusion list of the HijackThis utility
    Indications for Use: Suspicions that the HijackThis utility does not display all information about the system.
  • 13. Cleaning up the Hosts file
    Clearing the Hosts file is as simple as finding the Hosts file, removing all meaningful lines from it, and adding the standard line "127.0.0.1 localhost".
    Indications for use: Suspicions that Hosts file modified by malware. Typical Symptoms - Blocked Updates antivirus software... You can control the content of the Hosts file using the Hosts file manager built into AVZ.
  • 14. Automatic correction of SPl / LSP settings
    It analyzes the SPI settings and, if any errors are found, it automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After executing this firmware, it is recommended that you restart your computer. Note! This firmware cannot be launched from a terminal session
    Indications for use: Internet access was lost after the malware was removed.
  • 15. Reset SPI / LSP and TCP / IP settings (XP +)
    This firmware only works on XP, Windows 2003 and Vista. Its principle of operation is based on resetting and recreating SPI / LSP and TCP / IP settings using the standard netsh utility included with Windows. You can read more about factory reset in the Microsoft Knowledge Base - Note! You should only apply a factory reset if necessary if there are unrecoverable problems with Internet access after removing malware!
    Indications for use: After the malware was removed, Internet access and firmware execution were lost. 14. Automatic correction of SPl / LSP settings is “ineffective”.
  • 16. Recovering the Explorer startup key
    Restores system registry keys responsible for starting Explorer.
    Indications for use: Explorer does not start during system boot, but it is possible to start explorer.exe manually.
  • 17. Unlocking Registry Editor
    Unlocks Registry Editor by removing the policy that prevents it from running.
    Indications for use: It is impossible to start the registry editor, when you try, a message appears stating that its launch was blocked by the administrator.
  • 18. Complete re-creation of SPI settings
    Performs backup SPI / LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.
    Indications for use: Severe damage to SPI settings, unrecoverable by scripts 14 and 15. Use only if necessary!
  • 19. Clear Base MountPoints
    Clears the MountPoints and MountPoints2 database in the registry.
    Indications for use: This operation often helps in the case when disks do not open in the explorer after being infected with the Flash virus
  • On a note :
    Recovery is useless if the system is running a Trojan horse that performs such reconfigurations - you must first remove the malware and then restore the system settings
    On a note :
    To eliminate the traces of most Hijacker, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore homepage Internet pages Explorer "," Reset Internet Explorer Protocol Prefix Settings to Standard "
    On a note :
    Any of the firmware can be executed several times in a row without affecting the system. The exceptions are "5. Restoring desktop settings" (the operation of this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for loading into safe mode).

Useful, isn't it?
Now how to use it.

Loading start, use

Actually, everything is simple.

  1. Download the AVZ antivirus utility from here (or from somewhere else).
  2. We unpack the archive with it somewhere where it is convenient for you
  3. We go to the folder where we unpacked the program and run avz.exe there.
  4. In the program window, select "File" - " System Restore".
  5. We tick the necessary items and press the button " Perform marked operations".
  6. We are waiting and enjoying the result.

Here are the things.

Afterword

I must say that it works with a bang and eliminates a number of unnecessary body movements. So to speak, everything is at hand, quickly, simply and efficiently.

Thank you for the attention;)

You may need to launch the AVZ utility when contacting Kaspersky Lab technical support.
Using the AVZ utility, you can:

  • get a report on the results of the study of the system;
  • execute a script provided by a specialist technical support Kaspersky Lab
    to create Quarantine and remove suspicious files.

The AVZ utility does not send statistics, does not process information and does not transmit it to Kaspersky Lab. The report is saved on the computer in the form of HTML and XML files, which are available for viewing without the use of special programs.

The AVZ utility can automatically create Quarantine and place copies of suspicious files and their metadata in it.

Objects placed in Quarantine are not processed, are not transferred to Kaspersky Lab and are stored on the computer. We do not recommend restoring files from Quarantine, they can harm your computer.

What data is contained in the report of the AVZ utility

The AVZ utility report contains:

  • Information about the version and release date of the AVZ utility.
  • Information about the anti-virus databases of the AVZ utility and its basic settings.
  • Information about the version of the operating system, the date of its installation and the user rights with which the utility was launched.
  • Search results for rootkits and interceptors of the main functions of the operating system.
  • Search results for suspicious processes and information about these processes.
  • Search results for common malicious programs based on their specific properties.
  • Information about errors found during validation.
  • Search results for keyboard, mouse, or window interceptors.
  • Search results for open TCP and UDP ports that are used by malware.
  • Suspicious key information system registry, file names on disk and system settings.
  • searching results potential vulnerabilities and operating system security issues.
  • Information about corrupted settings of the operating system.

How to execute a script using the AVZ utility

Use the AVZ utility only under the guidance of a Kapersky Lab technical support specialist as part of your request. Unauthorized actions can damage the operating system and cause loss of data.

  1. Download the executable file of the AVZ utility.
  2. Run avz5.exe on your computer. If SmartScreen Filter Windows Defender prevented avz5.exe from running, click More detailsRun anyway in the window Windows system protected your computer.
  3. Go to section FileExecute script.
  1. Paste in the input field the script that you received from the technical support specialist of "Kaper's Laboratory".
  2. Click on Run.

  1. Wait until the utility is finished and follow the further recommendations of the technical support specialist of Kaper's Laboratory.

Modern antiviruses are overgrown with various additional functionalities so much that some users have questions in the process of using them. In this lesson we will tell you about all key features AVZ antivirus work.

Let's take a closer look at practical examples of what AVZ is. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus must be able to detect malware on a computer and deal with it (cure or delete). It is natural that this function is also present in AVZ. Let's see in practice what such a check is.

  1. Launch AVZ.
  2. A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.

  3. On the first tab "Search area" you need to tick those folders and sections hard disk you want to scan. Below you will see three lines that allow you to enable additional options... We put marks in front of all positions. This will make it possible to perform a special heuristic analysis, scan additional running processes and identify even potentially dangerous software.

  4. After that, go to the tab "File types"... Here you can choose which data the utility should scan.
  5. If you are doing an ordinary check, then it is enough to check the box "Potentially Dangerous Files"... If viruses have taken root deeply, then you should choose "All files".
  6. In addition to ordinary documents, AVZ easily scans archives, which many other antiviruses cannot boast of. This tab is just enabling or disabling this check... We recommend unchecking the box opposite the line for checking large archives if you want to achieve the maximum result.
  7. In total, your second tab should look like this.

  8. Next, go to the last section. "Search options".
  9. At the very top, you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking for API and RootKit interceptors, searching for keyloggers and checking SPI / LSP settings. General form last tab you should have something like this.

  10. Now you need to configure the actions that AVZ will take when it detects a particular threat. To do this, first you need to put a checkmark in front of the line "Perform treatment" in the right pane of the window.

  11. For each type of threat, we recommend setting the parameter "Delete"... The only exceptions are threats like "HackTool"... Here we advise you to leave the parameter "Treat"... Also, check the boxes next to the two lines below the list of threats.

  12. The second parameter will allow the utility to copy the unsafe document to a designated location. You can then view all the contents, and then safely delete. This is done so that you can exclude from the list of infected data those that in fact are not such (activators, generators of keys, passwords, and so on).
  13. When all the settings and search parameters are set, you can start scanning itself. To do this, press the appropriate button "Start".

  14. The verification process begins. Her progress will be displayed in a special area "Protocol".
  15. After some time, which depends on the amount of data being checked, the scan will end. A message about the completion of the operation will appear in the log. The total time spent on analyzing files will also be displayed, as well as statistics on the scan and detected threats.

  16. By clicking on the button marked in the image below, you can see in a separate window all suspicious and dangerous objects that were identified by AVZ during the audit.

  17. The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. Upon completion of the operation, press the button "OK" at the bottom.

  18. After cleaning your computer, you can close the program window.

System functions

In addition to standard malware checking, AVZ can perform a ton of other functions. Let's take a look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File"... As a result, a context menu will appear, which contains all the available auxiliary functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogs of the corresponding buttons in the AVZ main menu.

System investigation

This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware part. This information includes a list of processes, various modules, system files and protocols. After you click on the line "System Research", a separate window will appear. In it, you can specify what information AVZ should collect. After checking all the necessary checkboxes, you should click the button "Start" at the bottom.


This will open the save window. In it you will be able to select the location of the document with detailed information, and also indicate the name of the file itself. Please note that all information will be saved as HTML file... It opens with any web browser. After specifying the path and name for the saved file, you need to click the button "Save".


As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

System Restore

Using this set of functions, you can return the elements of the operating system to their original form and reset various settings... Most often, malware tries to block access to the Registry Editor, Task Manager and write its values ​​to the Hosts system document. You can unlock such elements using the option "System Restore"... To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.


After that, you must press the button "Perform marked operations" at the bottom of the window.

A window will appear on the screen in which you should confirm the actions.


After a while, you will see a message about the completion of all tasks. We just close such a window by clicking the button "OK".

Scripts

There are two lines in the parameter list related to working with scripts in AVZ - "Standard scripts" and "Execute script".

Clicking on the line "Standard scripts", you will open a window with a list of ready-made scripts. You only need to tick the boxes that you want to run. After that, click at the bottom of the window button "Run".


In the second case, you start the script editor. Here you can write it yourself or download it from your computer. Do not forget to press the button after writing or downloading "Run" in the same window.

Database update

This item is important from the entire list. By clicking on the corresponding line, you will open the window for updating the AVZ database.

We do not recommend changing the settings in this window. Leave everything as it is and press the button "Start".


After a while, a message will appear on the screen stating that the database update has been completed. You just have to close this window.

Viewing the contents of the quarantine and Infected folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected during the scan of your system.

In the windows that open, you can permanently delete such files or restore them if they really do not pose a threat.


Please note that in order for suspicious files to be placed in these folders, you must put the appropriate checkboxes in the system scan settings.

This is the last option from of this list, which may be needed by an ordinary user. As the name implies, these parameters allow you to save a preliminary antivirus configuration (search method, scan mode, and so on) to your computer, and also load it back.

When saving, you only need to specify the name of the file, as well as the folder in which you want to save it. When loading the configuration, it is enough just to select desired file with settings and press the button "Open".

Output

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - upon detection of a particularly dangerous software- AVZ blocks all self-closing methods, except for this button. In other words, you cannot close the program with the keyboard shortcut Alt + F4 or by clicking on the banal cross in the corner. This is to prevent viruses from interfering with the correct work of AVZ... But pushing this button, you will be able to close the antivirus if necessary for sure.

In addition to the options described, there are also others in the list, but they, most likely, will not be needed by ordinary users. Therefore, we did not focus on them. If you still need help on using undescribed functions, write about it in the comments. And we move on.

List of services

In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the previous section, we will go over only those of them that may be useful to an ordinary user.

Process manager

By clicking on the very first line from the list, you will open a window "Process Manager"... In it you can see a list of all executable files that are running on a computer or laptop in this moment time. In the same window, you can read a description of the process, find out its manufacturer and full path to the executable itself.


You can also complete this or that process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.


This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations when "Task Manager" blocked by a virus.

Service and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.


You can select the desired item, after which you will have access to the options to enable, disable or complete removal service / driver. These buttons are located at the top of the workspace.

Startup manager

This service will allow you to fully customize the autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on a line with a similar name, you will see the following.


In order to disable the selected item, you just need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button in the form of a black cross at the top of the window.

Please note that the deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

Hosts File Manager

We mentioned a little above that the virus sometimes writes its own values ​​to the system file. "Hosts"... And in some cases, malware also blocks access to prevent you from fixing it. changes made... This service will help you in such situations.

Clicking on the line shown in the image above in the list will open the manager window. You cannot add your own values ​​here, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of ​​the working area.


After that, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".


When the selected line is deleted, you just need to close this window.

Be careful not to delete lines you do not know what they are doing. To file "Hosts" not only viruses, but also other programs can write their values.

System utilities

Using AVZ, you can also launch the most popular system utilities... You can see their list if you hover your mouse over the line with the corresponding name.


By clicking on the name of a particular utility, you launch it. Then you can make changes in the registry (regedit), configure the system (msconfig) or check the system files (sfc).

These are all the services we wanted to mention. Novice users are unlikely to need a protocol manager, extensions, and others additional services... Such functions are more suitable for more advanced users.

AVZGuard

This feature was designed to combat the most cunning viruses that standard ways do not delete. It simply puts malware on the list of untrusted software that is prohibited from performing its operations. To enable this function, you need to click on the line "AVZGuard" in the upper area AVZ. In the drop-down window, click on the item "Enable AVZGuard".

Make sure to close everything third party applications before enabling this function, otherwise they will also be included in the list of untrusted software. In the future, the work of such applications may be disrupted.

All programs that will be marked as trusted will be protected from deletion or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After that, you should turn off AVZGuard back. To do this, click again on the similar line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology specified in the name will monitor all started, stopped and modified processes / drivers. To use it, you must first enable the corresponding service.

Click on the AVZPM line at the top of the window.
In the drop-down menu, click on the line "Install the driver for advanced process monitoring".


The required modules will be installed within a few seconds. Now, if changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down box. This will unload all AVZ processes and remove the previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have installed operating system x64. Unfortunately, the mentioned utilities do not work on OS with this bit depth.

On this, this article has come to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will gladly pay attention to each question and try to give the most detailed answer.

AVZ is free utility, designed to search and remove viruses, as well as to restore system settings after the actions of malicious programs.

Preparation for work

1. Download the AVZ utility from the official website: http://z-oleg.com/avz4.zip

2. Unpack the archive

3. Run the file from the archive avz.exe

4. Go to the menu File and select Database update

Click on Start to start the update process :

The process of updating the anti-virus databases is in progress:

When the databases are updated, this message will appear. Click on OK:

Virus check

To scan for viruses, on the left, check all the disks of the computer, on the right, check the box Perform treatment, and below press the button Start:

System Restore

Highly useful function AVZ utility is a system restore. It will come in handy after removing malware to eliminate its traces. Press to start system restore. File -> System Restore:

Mark the necessary checkboxes and click the button Perform marked operations:

Confirm intent:

Cleaning browsers with AVZ

From the main menu select File.

Select item Troubleshooting Wizard:

In field The degree of danger select All problems.

Click on Start.

Check the boxes below:

  • Clearing the TEMP folder;
  • Adobe Flash Player- cleaning temporary files;
  • Macromedia Flash Player - clearing caches;
  • Cleaning system folder TEMP;
  • Clearing the caches of all installed browsers;

Click the button Fix reported issues.