Restoring normal functioning using AVZ. AVZ - restoring system settings and removing viruses How to restore the system using the avz utility


A simple, easy and convenient way to restore functionality even without the qualifications and skills to do so is possible thanks to the AVZ anti-virus utility. The use of so-called “firmware” (terminology of the AVZ antivirus utility) allows you to reduce the entire process to a minimum.

In order for everything to function in your laptop, this will be provided by an asus laptop battery, and for the proper functioning of all the “cogs” of the operating system, AVZ functionality will not be the least important.

Help is available for most common problems that arise for the user. All firmware functionality is called from the menu "File -> System Restore".

  1. Restoring startup parameters of .exe, .com, .pif files
    Restoring the system's standard response to files with the extension exe, com, pif, scr.
    After treatment for the virus, any programs and scripts stopped running.
  2. Resetting Internet Explorer protocol prefix settings to default
    Restoring default protocol prefix settings in Internet Explorer
    Recommendations for use: when you enter a web address, for example, www.yandex.ua, it is replaced with an address like www.seque.com/abcd.php?url=www.yandex.ua
  3. Restoring the Internet Explorer start page
    Just return the start page in Internet Explorer
    Recommendations for use: if the start page has been changed
  4. Reset Internet Explorer search settings to default
    Restores search settings in Internet Explorer
    Recommendations for use: The "Search" button leads to "left" sites
  5. Restoring desktop settings
    Removes all active ActiveDesktop items and wallpapers, and unlocks the desktop settings menu.
    Recommendations for use: displaying third-party inscriptions and/or drawings on the desktop
  6. Removing all Policies (restrictions) of the current user
    removing restrictions on user actions caused by changes in Policies.
    Recommendations for use: Explorer functionality or other system functionality was blocked.
  7. Removing the message output during WinLogon
    Restoring the standard message when the system starts up.
    Recommendations for use: During the system boot process, a third-party message is observed.
  8. Restoring File Explorer settings
    Returns all Explorer settings to their standard form.
    Recommendations for use: Inappropriate Explorer settings
  9. Removing system process debuggers
    System process debuggers are launched secretly, which is very beneficial for viruses.
    Recommendations for use: for example, after booting the desktop disappears.
  10. Restoring boot settings in SafeMode
    Reanimates the effects of worms like Bagle, etc.
    Recommendations for use: problems with loading into protected mode (SafeMode), otherwise it is not recommended to use it.
  11. Unlocking Task Manager
    Unblocks any attempts to call the task manager.
    Recommendations for use: if instead of the task manager you see the message "Task Manager is blocked by the administrator"
  12. Clearing the HijackThis utility ignore list
    The HijackThis utility saves its settings in the system registry, in particular, a list of exceptions is stored there. Viruses masquerading as HijackThis are registered in this exclusion list.
    Recommendations for use: You suspect that the HijackThis utility does not display all information about the system.

  13. All uncommented lines are removed and the only meaningful line "127.0.0.1 localhost" is added.
    Recommendations for use: Hosts file changed. You can check the Hosts file using the Hosts file manager built into AVZ.
  14. Automatic correction of SPl/LSP settings
    SPI settings are analyzed and, if necessary, errors found are automatically corrected. The firmware can be safely re-run many times. After execution, a computer restart is required. Attention!!! The firmware cannot be used from a terminal session
    Recommendations for use: After treatment for the virus, I lost access to the Internet.
  15. Resetting SPI/LSP and TCP/IP settings (XP+)
    The firmware runs exclusively on XP, Windows 2003 and Vista. The standard “netsh” utility from Windows is used. Described in detail in the Microsoft knowledge base - http://support.microsoft.com/kb/299357
    Recommendations for use: After treatment for the virus, I lost access to the Internet and firmware No. 14 did not help.
  16. Recovering the Explorer launch key
    Restoring system registry keys responsible for launching Explorer.
    Recommendations for use: After the system boots, you can only launch explorer.exe manually.
  17. Unlocking Registry Editor
    Unblocking the Registry Editor by removing the policy that prevents it from running.
    Recommendations for use: When you try to launch Registry Editor, you receive a message indicating that your administrator has blocked it from running.
  18. Complete re-creation of SPI settings
    Makes a backup copy of all SPI/LSP settings, after which it creates them to the standard, which is located in the database.
    Recommendations for use: When restoring SPI settings, firmware No. 14 and No. 15 did not help you. Dangerous, use at your own peril and risk!
  19. Clear MountPoints database
    The database in the system registry for MountPoints and MountPoints2 is cleared.
    Recommendations for use: for example, it is impossible to open drives in Explorer.
  20. Replace the DNS of all connections with Google Public DNS
    We change all DNS addresses of used servers to 8.8.8.8

Some useful tips:

  • Most problems with Hijacker can be treated with three microprograms - No. 4 “Resetting Internet Explorer search settings to standard”, No. 3 “Restoring Internet Explorer start page” and No. 2 “Resetting Internet Explorer protocol prefix settings to standard”.
  • All firmware except #5 and #10 can be safely executed multiple times.
  • And of course it is useless to fix anything without first removing the virus.

Dedicated to AVZ, I want to share with you some more knowledge on the capabilities of this wonderful utility.

Today we will talk about system recovery tools, which can often save your computer’s life after being infected with viruses and other horrors of life, as well as solve a number of system problems that arise as a result of certain errors.
It will be useful for everyone.

Introductory

Before we begin, traditionally, I want to offer you two formats of material, namely: video format or text. Here's the video:

Well, the text below. See for yourself which option is closer to you.

General description of the program functionality

What kind of recovery means are these? This is a set of firmware and scripts that help return certain system functions to working condition. Which for example? Well, let's say, return either the registry editor, clear the hosts file or reset IE settings. In general, I give it in full and with a description (so as not to reinvent the wheel):

  • 1. Restoring startup parameters of .exe, .com, .pif files
    This firmware restores the system's response to exe, com, pif, scr files.
    Indications for use: after removing the virus, programs stop running.
  • 2. Reset Internet Explorer protocol prefix settings to standard
    This firmware restores protocol prefix settings in Internet Explorer
    Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru
  • 3. Restoring the Internet Explorer start page
    This firmware restores the start page in Internet Explorer
    Indications for use: replacing the start page
  • 4. Reset Internet Explorer search settings to default
    This firmware restores search settings in Internet Explorer
    Indications for use: When you click the "Search" button in IE, you are accessing some third-party site
  • 5. Restore desktop settings
    This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.
    Indications for use: The desktop settings tabs in the "Properties: Screen" window have disappeared, extraneous inscriptions or pictures are displayed on the desktop
  • 6. Removing all Policies (restrictions) current user.
    Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.
    Indications for use: Conductor functions or other system functions are blocked.
  • 7. Removing the message displayed during WinLogon
    Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.
    Indications for use: During system boot, an extraneous message is entered.
  • 8. Restore File Explorer settings
    This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).
    Indications for use: Changed conductor settings
  • 9. Removing system process debuggers
    Registering a system process debugger will allow you to launch an application hidden, which is what is used by a number of malicious programs
    Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.
  • 10. Restoring boot settings in SafeMode
    Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode. This firmware restores boot settings in protected mode.
    Indications for use: The computer does not boot in SafeMode. Use this firmware only if you have problems booting into protected mode.
  • 11. Unlock task manager
    Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.
    Indications for use: Blocking the task manager; when you try to call the task manager, the message “Task manager is blocked by the administrator” is displayed.
  • 12. Clearing the ignore list of the HijackThis utility
    The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list. There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list
    Indications for use: Suspicions that the HijackThis utility does not display all information about the system.
  • 13. Cleaning the Hosts file
    Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard "127.0.0.1 localhost" line.
    Indications for use: Suspicion that the Hosts file has been modified by a malicious program. Typical symptoms are blocking the update of antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.
  • 14. Automatic correction of SPl/LSP settings
    Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session
    Indications for use: After removing the malicious program, access to the Internet was lost.
  • 15. Reset SPI/LSP and TCP/IP settings (XP+)
    This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows. You can read more about resetting settings in the Microsoft knowledge base - Please note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!
    Indications for use: After removing the malicious program, access to the Internet was lost and running the firmware “14. Automatic correction of SPl/LSP settings” does not produce results.”
  • 16. Recovering the Explorer launch key
    Restores system registry keys responsible for launching Explorer.
    Indications for use: During system boot, Explorer does not start, but launching explorer.exe manually is possible.
  • 17. Unlocking the registry editor
    Unblocks the Registry Editor by removing the policy that prevents it from running.
    Indications for use: It is impossible to start the registry editor; when you try, a message is displayed stating that its launch is blocked by the administrator.
  • 18. Complete re-creation of SPI settings
    Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.
    Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15. Use only if necessary!
  • 19. Clear MountPoints database
    Cleans up the MountPoints and MountPoints2 database in the registry.
    Indications for use: This operation often helps when, after infection with a Flash virus, disks do not open in Explorer
  • On a note :
    Restoration is useless if the system is running a Trojan program that performs such reconfigurations - you must first remove the malicious program and then restore the system settings
    On a note :
    To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore Internet Explorer start page", "Reset Internet Explorer protocol prefix settings to standard"
    On a note :
    Any of the firmware can be executed several times in a row without damaging the system. The exceptions are "5. Restoring desktop settings" (this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting into safe mode).

Useful, isn't it?
Now about how to use it.

Loading, starting, using

Actually, everything is simple.

  1. Download from here (or from somewhere else) the anti-virus utility AVZ.
  2. Unpack the archive with it somewhere convenient for you
  3. We go to the folder where we unpacked the program and run avz.exe there.
  4. In the program window, select "File" - " System Restore".
  5. We tick the necessary items and press the button " Perform marked operations".
  6. We are waiting and enjoying the result.

That's how things are.

Afterword

I must say that it works like a charm and eliminates a number of unnecessary movements. So to speak, everything is at hand, fast, simple and effective.

Thank you for your attention;)

System Restore is a special feature of AVZ that allows you to restore a number of system settings damaged by malware.

System recovery firmware is stored in the anti-virus database and updated as needed.

Recommendation: Use system recovery only in a situation where there is a clear understanding that it is required. Before using it, it is recommended to make a backup copy or system rollback point.

Note: system restore operations write automatic backup data as REG files in the Backup directory of the AVZ working folder.

Currently the database contains the following firmware:

1.Restoring startup parameters of .exe, .com, .pif files

This firmware restores the system's response to exe, com, pif, scr files.

Indications for use: After the virus is removed, programs stop running.

Possible risks: are minimal, but it is recommended to use

2. Reset Internet Explorer protocol prefix settings to standard

This firmware restores protocol prefix settings in Internet Explorer

Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

Possible risks: minimal

3.Restoring the Internet Explorer start page

This firmware restores the start page in Internet Explorer

Indications for use: replacing the start page

Possible risks: minimal

4.Reset Internet Explorer search settings to standard

This firmware restores search settings in Internet Explorer

Indications for use: When you click the "Search" button in IE, you are directed to some third-party site

Possible risks: minimal

5.Restore desktop settings

This firmware restores desktop settings. Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

Indications for use: The desktop settings tabs in the "Display Properties" window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

Possible risks: user settings will be deleted, the desktop will appear as default

6.Deleting all Policies (restrictions) of the current user

Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.

Indications for use: Explorer functions or other system functions are blocked.

Possible risks: Operating systems of different versions have default policies, and resetting policies to certain standard values ​​is not always optimal. To fix policies that are frequently modified by malicious problems, you should use the Troubleshooting Wizard, which is safe in terms of possible system failures.

7.Deleting the message displayed during WinLogon

Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup. A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

Indications for use: An extraneous message is entered during system boot.

Possible risks: No

8.Restoring Explorer settings

This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

Indications for use: Explorer settings changed

Possible risks: are minimal; the most common damage to settings found in malware is found and corrected by the Troubleshooting Wizard.

9.Removing system process debuggers

Registering a system process debugger will allow you to launch an application hidden, which is what is used by a number of malicious programs

Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

Possible risks: minimal, possible disruption of programs that use the debugger for legitimate purposes (for example, replacing the standard task manager)

10.Restoring boot settings in SafeMode

Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode. This firmware restores boot settings in protected mode.

Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode.

Possible risks: high, since restoring the standard configuration does not guarantee that SafeMode will be fixed. In Security Captivity, the Troubleshooting Wizard finds and fixes specific broken SafeMode configuration entries

11.Unlock task manager

Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

Possible risks: troubleshooting wizard

12.Clearing the ignore list of the HijackThis utility

The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list. There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list

Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

Possible risks: minimal, please note that the settings to ignore HijackThis will be deleted

13. Cleaning the Hosts file

Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard "127.0.0.1 localhost" line.

Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms are blocking the update of antivirus programs. You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

Possible risks: average, please note that the Hosts file may contain useful entries

14. Automatic correction of SPl/LSP settings

Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found. This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session

Indications for use: After removing the malicious program, I lost access to the Internet.

Possible risks: average, it is recommended to create a backup before starting

15. Reset SPI/LSP and TCP/IP settings (XP+)

This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows. You can read more about resetting settings in the Microsoft knowledge base - http://support.microsoft.com/kb/299357

Indications for use: After removing the malicious program, access to the Internet was lost and running the firmware "14. Automatic correction of SPl/LSP settings" does not produce any results.

Possible risks: high, it is recommended to create a backup before starting

16. Recovering the Explorer launch key

Restores system registry keys responsible for launching Explorer.

Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

Possible risks: minimum

17. Unlocking the registry editor

Unblocks the Registry Editor by removing the policy that prevents it from running.

Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

Possible risks: minimal, a similar check is performed by the Troubleshooting Wizard

18. Complete re-creation of SPI settings

Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15.

Note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!Use this operation only if necessary, in cases where other SPI recovery methods have not helped !

Possible risks: very high, it is recommended to create a backup before starting!

19. Clear MountPoints database

Cleans up the MountPoints and MountPoints2 database in the registry.

Indications for use: This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

Possible risks: minimum

20.Remove static routes

Performs removal of all static routes.

Indications for use: This operation helps if some sites are blocked using incorrect static routes.

Possible risks: average. It is important to note that for some services to work on some Internet providers, static routes may be necessary and after such deletion they will have to be restored according to the instructions on the Internet provider’s website.

21.Replace the DNS of all connections with Google Public DNS

Replaces the DNS server in the configuration of all network adapters with public DNS from Google. Helps if a Trojan program has replaced the DNS with its own.

Indications for use: DNS spoofing by malware.

Possible risks: average. Please note that not all providers allow you to use a DNS other than their own.

To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

On a note:

Restoration is useless if the system is running a Trojan program that performs such reconfigurations - you must first remove the malicious program and then restore the system settings

On a note:

To eliminate traces of most Hijackers, you need to run three firmware - "Reset Internet Explorer search settings to standard", "Restore Internet Explorer start page", "Reset Internet Explorer protocol prefix settings to standard"

On a note:

Any of the firmware can be executed several times in a row without significant damage to the system. Exceptions are "5. Restoring desktop settings" (this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10. Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting into safe mode), as well as 15 and 18 (resetting and recreating SPI settings).

Launching the AVZ utility may be required when contacting Kaspersky Lab technical support.
Using the AVZ utility you can:

  • receive a report on the results of the system study;
  • execute the script provided by a Kaspersky Lab technical support specialist
    to create Quarantine and delete suspicious files.

The AVZ utility does not send statistics, does not process information, and does not transmit it to Kaspersky Lab. The report is saved on the computer in the form of HTML and XML files, which are available for viewing without the use of special programs.

The AVZ utility can automatically create a Quarantine and place copies of suspicious files and their metadata into it.

Objects placed in Quarantine are not processed, are not transferred to Kaspersky Lab, and are stored on the computer. We do not recommend restoring files from Quarantine; they can harm your computer.

What data is contained in the AVZ utility report

The AVZ utility report contains:

  • Information about the version and release date of the AVZ utility.
  • Information about the anti-virus databases of the AVZ utility and its basic settings.
  • Information about the version of the operating system, the date of its installation and the user rights with which the utility was launched.
  • Search results for rootkits and programs that intercept the main functions of the operating system.
  • Search results for suspicious processes and information about these processes.
  • Search results for common malware based on their characteristic properties.
  • Information about errors found during the scan.
  • Search results for programs that intercept keyboard, mouse, or window events.
  • Search results for open TCP and UDP ports that are used by malware.
  • Information about suspicious system registry keys, disk file names, and system settings.
  • Search results for potential operating system vulnerabilities and security issues.
  • Information about damaged operating system settings.

How to execute a script using the AVZ utility

Use the AVZ utility only under the guidance of a Kapersky Lab technical support specialist as part of your request. Doing it yourself may damage the operating system and cause data loss.

  1. Download the executable file of the AVZ utility.
  2. Run avz5.exe on your computer. If Windows Defender SmartScreen prevented avz5.exe from running, click More detailsExecute anyway in the window Windows has protected your computer.
  3. Go to section FileExecute script.
  1. Paste into the input field the script that you received from the Kapersky Laboratory technical support specialist.
  2. Click Launch.

  1. Wait until the utility finishes and follow the further recommendations of the Kapersky Lab technical support specialist.

A simple and convenient AVZ utility that can not only will help, but also knows how to restore the system. Why is this necessary?

The fact is that after the invasion of viruses (it happens that AVZ kills thousands of them), some programs refuse to work, the settings have all disappeared somewhere and Windows somehow does not work quite correctly.

Most often, in this case, users simply reinstall the system. But as practice shows, this is not at all necessary, because using the same AVZ utility, you can restore almost any damaged programs and data.

In order to give you a more clear picture, I provide a complete list of what can be restoredAVZ.

Material taken from the reference bookAVZ - http://www.z-oleg.com/secur/avz_doc/ (copy and paste into the browser address bar).

Currently the database contains the following firmware:

1.Restoring startup parameters of .exe, .com, .pif files

This firmware restores the system's response to exe, com, pif, scr files.

Indications for use: After the virus is removed, programs stop running.

2. Reset Internet Explorer protocol prefix settings to standard

This firmware restores protocol prefix settings in Internet Explorer

Indications for use: when you enter an address like www.yandex.ru, it is replaced with something like www.seque.com/abcd.php?url=www.yandex.ru

3.Restoring the Internet Explorer start page

This firmware restores the start page in Internet Explorer

Indications for use: replacing the start page

4.Reset Internet Explorer search settings to standard

This firmware restores search settings in Internet Explorer

Indications for use: When you click the “Search” button in IE, you are directed to some third-party site

5.Restore desktop settings

This firmware restores desktop settings.

Restoration involves deleting all active ActiveDesctop elements, wallpaper, and unblocking the menu responsible for desktop settings.

Indications for use: The desktop settings bookmarks in the “Display Properties” window have disappeared; extraneous inscriptions or pictures are displayed on the desktop

6.Deleting all Policies (restrictions) of the current user

Windows provides a mechanism for restricting user actions called Policies. Many malware use this technology because the settings are stored in the registry and are easy to create or modify.

Indications for use: Explorer functions or other system functions are blocked.

7.Deleting the message displayed during WinLogon

Windows NT and subsequent systems in the NT line (2000, XP) allow you to set the message displayed during startup.

A number of malicious programs take advantage of this, and the destruction of the malicious program does not lead to the destruction of this message.

Indications for use: An extraneous message is entered during system boot.

8.Restoring Explorer settings

This firmware resets a number of Explorer settings to standard (the settings changed by malware are reset first).

Indications for use: Explorer settings changed

9.Removing system process debuggers

Registering a system process debugger will allow you to launch an application hidden, which is what is used by a number of malicious programs

Indications for use: AVZ detects unidentified system process debuggers, problems arise with launching system components, in particular, the desktop disappears after a reboot.

10.Restoring boot settings in SafeMode

Some malware, in particular the Bagle worm, corrupts the system's boot settings in protected mode.

This firmware restores boot settings in protected mode. Indications for use: The computer does not boot into SafeMode. This firmware should be used only in case of problems with booting in protected mode .

11.Unlock task manager

Task Manager blocking is used by malware to protect processes from detection and removal. Accordingly, executing this microprogram removes the lock.

Indications for use: The task manager is blocked; when you try to call the task manager, the message “Task Manager is blocked by the administrator” is displayed.

12.Clearing the ignore list of the HijackThis utility

The HijackThis utility stores a number of its settings in the registry, in particular a list of exceptions. Therefore, to camouflage itself from HijackThis, the malicious program only needs to register its executable files in the exclusion list.

There are currently a number of known malicious programs that exploit this vulnerability. AVZ firmware clears HijackThis utility exception list

Indications for use: There are suspicions that the HijackThis utility does not display all information about the system.

13. Cleaning the Hosts file

Cleaning up the Hosts file involves finding the Hosts file, removing all significant lines from it, and adding the standard “127.0.0.1 localhost” line.

Indications for use: It is suspected that the Hosts file has been modified by malware. Typical symptoms include blocking antivirus software updates.

You can control the contents of the Hosts file using the Hosts file manager built into AVZ.

14. Automatic correction of SPl/LSP settings

Performs analysis of SPI settings and, if errors are detected, automatically corrects the errors found.

This firmware can be re-run an unlimited number of times. After running this firmware, it is recommended to restart your computer. Note! This firmware cannot be run from a terminal session

Indications for use: After removing the malicious program, I lost access to the Internet.

15. Reset SPI/LSP and TCP/IP settings (XP+)

This firmware only works on XP, Windows 2003 and Vista. Its operating principle is based on resetting and re-creating SPI/LSP and TCP/IP settings using the standard netsh utility included in Windows.

Note! You should use a factory reset only if necessary if you have unrecoverable problems with Internet access after removing malware!

Indications for use: After removing the malicious program, access to the Internet and execution of the firmware “14. Automatically correcting SPl/LSP settings does not work.

16. Recovering the Explorer launch key

Restores system registry keys responsible for launching Explorer.

Indications for use: During system boot, Explorer does not start, but it is possible to launch explorer.exe manually.

17. Unlocking the registry editor

Unblocks the Registry Editor by removing the policy that prevents it from running.

Indications for use: It is impossible to start the Registry Editor; when you try, a message is displayed stating that its launch is blocked by the administrator.

18. Complete re-creation of SPI settings

Performs a backup copy of SPI/LSP settings, after which it destroys them and creates them according to the standard, which is stored in the database.

Indications for use: Severe damage to SPI settings that cannot be repaired by scripts 14 and 15. Use only if necessary!

19. Clear MountPoints database

Cleans up the MountPoints and MountPoints2 database in the registry. This operation often helps when, after infection with a Flash virus, disks do not open in Explorer

To perform a recovery, you must select one or more items and click the “Perform selected operations” button. Clicking the "OK" button closes the window.

On a note:

Restoration is useless if the system is running a Trojan that performs such reconfigurations - you must first remove the malicious program and then restore the system settings

On a note:

To eliminate traces of most Hijackers, you need to run three firmware - “Reset Internet Explorer search settings to standard”, “Restore Internet Explorer start page”, “Reset Internet Explorer protocol prefix settings to standard”

On a note:

Any of the firmware can be executed several times in a row without damaging the system. Exceptions - “5.

Restoring desktop settings" (running this firmware will reset all desktop settings and you will have to re-select the desktop coloring and wallpaper) and "10.

Restoring boot settings in SafeMode" (this firmware recreates the registry keys responsible for booting in safe mode).

To start the recovery, first download, unpack and run utility. Then click File - System Restore. By the way, you can also do



Check the boxes that you need and click start operations. That's it, we look forward to completion :-)

In the following articles we will look in more detail at the problems that avz system recovery firmware will help us solve. So good luck to you.


2024 gtavrl.ru.