AVZGuard
Here's something i discovered recently, even though it's been around for a while, and i've been evaluating. It comes from Russia, and is one of the most comprehensive Apps i've seen. It includes a large array of very useful tools/options etc.
Uses a number of solutions to help determine if any potential Malware exits such as, Black/White listing, Malware database, Heuristics etc.
It correctly identified these potential Malware files/locations etc
-
Contains networking functionality
most likely uses dialing
Application has no visible windows
Registered in autorun
can work with the network
PE file with nonstandard extension
Invalid file - not a PKZip file
suspicion for Keylogger/Trojan DLL/Virus/Rootkit etc ( Malware names )
Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors have been detected
Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) Suspicion for a Keylogger or Trojan DLL Behavioral analysis: Typical for keyloggers behaviour is not registered
Searching for opened TCP/UDP ports used by malicious programs ( no suspicious objects detected )
-
It also Very successfully found 2 new Gromozon nasties which were not yet in it's database, and most AV's etc did not yet detect !
c:\WINDOWS\Desktop\G + Z\www.kphr.com - PE file with modified extension, allowing for startup (typical for viruses)(level of danger 35%)
c:\WINDOWS\Desktop\G + Z\www.pictures.com - PE file with modified extension, allowing for startup (typical for viruses)
So far i'm Very impressed with it's capabilities. I didn't have Any crashes/lock ups etc with it at all, and i also like the fact that it's a Non install type of App, which runs directly out of your folder of choice ! I was able to update the database several times in the short time i've had it.
The following is just a small selection of info from the www and the Help files.
-
AVZGuard
The antiviral utility AVZ is intended for the detection and the removal:
SpyWare and AdWare modules - this is the basic purpose of the utility
Dialer (Trojan.Dialer)
Trojan programs
BackDoor modules
Net and mail worms
TrojanSpy, TrojanDownloader, TrojanDropper
The special features of utility AVZ (besides the standard signature scanner) is:
-
Built-in acquisition system Rootkit. Search RootKit goes without the application of signatures on the basis of a study of base system libraries for the object of the interception of their functions. AVZ can not only reveal RootKit, but also produce the correct blocking of work UserMode RootKit for its process and KernelMode RootKit at the level of system. Opposition RootKit applies to all service functions AVZ, as a result scanner AVZ can reveal the disguisable processes, the system of search in the list "sees" the disguisable keys and the like of anti-rueChinese it is supplied with the analyzer, which conducts the detection of processes and services, disguised RootKit. One of the main things in my view of the special features of the system of opposition RootKit is its fitness for work in Win9X (rasprostranennnoye opinion about otsustvii RootKit, that work on platform Win9X deeply erroneously - they are known hundreds of Trojan programs, which intercept API functions for masking its presence, for the distortion of work API of functions or tracking of their use). Another special feature is the universal acquisition system and blocking KernelMode RootKit, operational under Windows nt, Windows 2000 pro/server, XP, XP SP1, XP SP2, Windows 2003 server, Windows 2003 server SP1
etc -
-
The "Rootkit" options group
The Rootkit group of options contains the settings of the Rootkit detection and neutralization system. The Detect rootkit checkbox allows to enable the rootkit detector that tries to detect the Rootkit presence in the system by typical symptoms. It is necessary to mention that in this case false actuations are possible, because various system utilities, firewalls, and antivirus monitors can also be detected as rootkits. This is a normal situation, because such programs influence the operation of other applications and modify the operation of standard API functions.
The Block user-mode rootkits and Block kernel-mode rootkits options are available only if the Detect rootkits option is enabled. These allow to enable the system of active rootkit counteraction. It is necessary to mention that enabling the rootkit counteraction system might cause undesirable consequences, so it is necessary to be prepared to the situation when AVZ or the entire system freezes. Therefore, before activating the rootkit counteraction system it is recommended to close all programs, disconnect from the network, and then exit antivirus monitor and firewall.
When the rootkit blocking options are enabled, the system of heuristic file searching and rootkits searching gets activated. The general principle of the operation of this system is based on the system analysis before and after hooks neutralization, which allows to quickly detect hidden processes, services, and drivers.
The AVZGuard system and kernel-mode antirootkit are mutually exclusive options. When AVZGuard is activated, neutralization of kernel-mode rootkits is disabled automatically.
Note:
System check with rootkit neutralization requires system reboot !! This is because hooks neutralization might disturb the operation of antivirus nmonitors, firewalls and other programs that are responsible for system security. Rebooting is required only in case of restoring of the intercepted functions. In this case, AVZ adds the warning recommending to reboot the system to the end of the log.
-
Works on Win 98/XP/2000/3
Free from - »
z-oleg.com/secur/avz/avz ··· uard.phpSpanner