转自wilderssecurity论坛: 新俄罗斯反病毒工具 AVZ antivirus(无须安装直接使用)
The AVZ antivirus utility is intended for searching and deleting the following malicious programs:
· Spyware and Adware programs and modules (this is the main goal of this utility)
· Network and mail worms
· Trojan horses (including all their variations, in particular, Trojan-PSW, Trojan-Downloader, and Trojan-Spy) and backdoor programs (programs intended for remote control over the infected computer)
· Trojan horses intended for dialing purposes (Dialer, Trojan.Dialer, Porn-Dialer)
· Keyloggers and other programs that can be used for tracking user activities
This utility is a direct analogue of such programs as Trojan Hunter and LavaSoft Ad-aware 6. Its main goal is finding and removing adware and spyware modules, as well as Trojan horses.
It is necessary to mention that programs belonging to Spyware and Adware categories by definition are not viruses or Trojan horses. The track user activities and download information and program code to the infected computer mainly for the marketing goals. This means that the information being transmitted does not contain critical data, such as passwords, credit card numbers, etc. At the same time, the information that they download is mainly made up of promotion materials and updates. Nevertheless, the difference between Spyware and Trojan roses is very subtle, because of which accurate classification is hardly possible. My approach to malware classification and criteria used for this purpose are described in this on-line Help system.
The main feature of AVZ is the possibility of configuring the program reaction to the presence of any types of malicious programs. For example, it is possible to choose the mode in which the program will destroy viruses and Trojans detected, but deletion of Adware programs will be blocked.
Another specific feature of AVZ consists of multiple heuristic system checks, which are not based on the signature search mechanism. These include searching for rootkits, keyloggers, and various backdoors based on typical TCP/UDP ports. Such techniques of searching allow for finding new variants of malicious programs.
In addition to typical signature-based file searching, AVZ provides the built-in database containing digital signatures of tens of thousands of system files. Using this database allows for reducing the number of false actuations of heuristics and allows for solving a range of other problems. In particular, the file searching system provides a filter for excluding known files from the search results, the manager of running process and SPI settings highlights known processes with color, and when adding files to quarantine addition of trusted files known to AVZ is blocked.
As my experience has shown, Spyware programs can often be classified as Adware and vice versa. The reason for this is straightforward, because in most cases espionage aims at targeted promotion. Especially for such cases, I have introduced a generalized Spy category, which can be interpreted as Adware+Spyware. This is a convenient approach when dealing with programs of this class.
Program limitations:
1.Because the utility is mainly intended for eliminating Adware and Spyware modules, it currently does not support check of several types of archives, PE packers and documents. When eliminating Spyware these features are simply unneeded. Nevertheless, this utility is constantly being improved, and I plan to implement such functions.
2.The utility does not heal programs infected with computer viruses. For high quality and correct healing of infected programs specialized antivirus programs are needed (such as, for example, Kaspersky Antivirus Monitor, DrWeb, Norton Antivirus, Panda, etc.). I do not intend to re-invent the wheel trying to implement direct analogues of such programs. This is even truer, if you recall that viruses of this type are gradually becoming rare.
AVZ antivirus官方主页
http://z-oleg.com/secur/avz/avzguard.php
AVZ antivirus英语版本下载
http://z-oleg.com/avz4en.zip
|
发表于 2006-11-1 13:30:47
发表于 2006-11-1 13:41:50
楼主
就是个辅助查毒的
