The main goals of the AVZ utility are as follows:
1. AV database. It allows for diagnosing malware programs known to AVZ and deleting them. Removal of malicious programs assumes automatic clean-up of all traces of the malware activity in the system registry and in INI files. In this respect, AVZ is convenient for express cleanup of the infected computer before using powerful antivirus products and scanning the computer using them.
2. Automatic scanning of the target computer and forming the scanning log in the HTML format. During system investigation, the files that were recognized as secure in the course of checking by the AVZ trusted objects database and Microsoft's security catalogue. This considerably reduces the log size. This mode is very convenient for on-line study of suspicious computer by the administrator, as well as for remote system investigation. The possibility of starting system scanning and quarantine by means of scripts allows for full automation of this operation. All that the end-user needs to do is starting the batch file.
3. Automatic quarantine of files that are not digitally signed by Microsoft and are not described in the AVZ trusted objects database for further investigation (manually or using powerful specialized antivirus software). This operating mode is convenient for qucikly collecting all unrecognized files for further analysis. In addition, AVZ provides quarantine by the list, and commands for adding files to quarantine in scripts. This simplifies the procedure of collecting suspicious files from remote computers.
4. Searching for rootkits and other API hooks supplied with the function of searching for hidden processes. In addition to analysis of hooks, AVZ provides the function for neutralizing user-mode and kernel-mode rootkits.
5. System recovery. AVZ includes microprograms for automatic correction of most typical Internet Explorer and Windows Explorer settings, resetting desktop settings to the default ones, neutralization of policies installed by Trojan horses. Antivirus programs do not carry out these operations. Because of this, normal operation of the system cannot be restored even after removal of Trojan horses or Spyware programs.
No comments:
Post a Comment