What is a system process debugger. Restoration of normal functioning with the help of AVZ. Windows provides a mechanism for limiting user actions called Policies. This technology is used by many malicious programs, because

Wi-Fi setup

In certain situations, it may be necessary to disable the kernel debugger. This operation cannot be recommended for inexperienced users due to the potential threat to the stability of the Microsoft Windows operating system.

Instructions

Click the "Start" button to bring up the main menu of the system and enter the value cmd in the search bar field to initiate the procedure for disabling the kernel debugger.

Call the context menu of the found "Command Line" tool by right-clicking and specifying the "Run as administrator" command.

Specify Kdbgctrl.exe -d in the command line utility text box to disable kernel debugging in the current session and press the Enter function key to confirm the command.

Use the bcdedit / debug off value in the command line text box to disable the processor core debugging process for all sessions on Windows Vista and Windows 7, and press the function key Enter to confirm your choice.

Enter dir / ASH in the command line text box to search for the hidden protected boot.ini file on the system drive to disable the kernel debugger for all sessions in all earlier versions of the Microsoft Windows operating system and open the file found in the application " Notebook".

Delete parameters:

- / debug;
- debugport;
- / baudrate

and restart your computer to apply the selected changes.

Click the Continue button in the prompt dialog box if you want to debug the system processor core and wait for the procedure to complete.

Use the gn command in the text box of the Kernel Debugger window when you see a User break exception (Int 3) error message.

Use Debugging Mode when booting the computer in Safe Mode to enable the kernel debugger service.

The kernel debugger is special software that runs at the kernel level of the entire operating system of a personal computer. The process of "debugging the operating system kernel" refers to the procedure for scanning various errors in the system kernel. When working with Daemon Tools, the Initialization error ... Kernel debugger must be deactivated error often occurs. You can fix it by disabling the kernel debugger.

You will need

  • Administrator rights.

Instructions

If this warning appears while installing the application, you must turn off the service called Machine debug manager. To do this, start the "Control Panel" and go to the "Administrative Tools" section. Then click on the "Services" shortcut. Find Machine Debug Manager in the list. Click on the name with the mouse button and press "Stop".

Disable debugger processes in the "Task Manager". To do this, right-click in a free area and select "Task Manager". You can press the Alt + Ctrl + Delete key combination. Go to the Processes tab and disable all mdm.exe, dumprep.exe and drwatson.exe processes. If you are not comfortable looking for them in the list, click the Image Name tab to sort the list by name. As a rule, such operations are carried out manually, on behalf of the administrator of a personal computer.

It is also worth turning off the error reporting system so that debugging information recording is stopped. To do this, go to the "Control Panel". Select the "System" section and click the "Advanced" button. Then click on the "Error Report" button. Check the box next to Disable Error Reporting. Then go to the Startup and Recovery tab and uncheck the boxes next to Send Administrative Alert and Write Event to System Log.

Remove the Daemon Tools application from autorun. To do this, click the "Start" button. Then click "Run" and enter the msconfig command. Once the system window appears, uncheck the box next to the Daemon Tools application. Disable your anti-virus software during installation. If the described error occurs, the application installation should be restarted, after all the reasons have been eliminated on the personal computer.

Helpful advice

Some of the above operations require administrator access to system resources.

Modern antiviruses are overgrown with various additional functionalities so much that some users have questions in the process of using them. In this tutorial we will tell you about all the key features of the AVZ antivirus.

Let's take a closer look at practical examples of what AVZ is. The following functions deserve the main attention of the average user.

Checking the system for viruses

Any antivirus should be able to detect malware on a computer and deal with it (cure or delete). Naturally, this function is also present in AVZ. Let's see in practice what such a check is.

  1. Launch AVZ.
  2. A small utility window will appear on the screen. In the area marked in the screenshot below, you will find three tabs. They all relate to the process of searching for vulnerabilities on a computer and contain different options.

  3. On the first tab "Search area" you need to tick the folders and partitions of the hard disk that you want to scan. Below you will see three lines that allow you to enable additional options. We put marks in front of all positions. This will make it possible to perform a special heuristic analysis, scan additional running processes and identify even potentially dangerous software.

  4. After that, go to the tab "File types"... Here you can choose which data the utility should scan.
  5. If you are doing an ordinary check, then it is enough to check the box "Potentially Dangerous Files"... If viruses have taken root deeply, then you should choose "All files".
  6. In addition to ordinary documents, AVZ easily scans archives, which many other antiviruses cannot boast of. In this tab, this check is just enabled or disabled. We recommend that you uncheck the box opposite the line for checking large archives if you want to achieve the maximum result.
  7. In total, your second tab should look like this.

  8. Next, go to the last section "Search options".
  9. At the very top, you will see a vertical slider. Move it all the way up. This will allow the utility to respond to all suspicious objects. In addition, we include checking for API and RootKit interceptors, searching for keyloggers and checking SPI / LSP settings. The general view of the last tab should be something like this.

  10. Now you need to configure the actions that AVZ will take when it detects a particular threat. To do this, first you need to put a mark in front of the line "Perform treatment" in the right pane of the window.

  11. We recommend setting the parameter next to each type of threat. "Delete"... The only exceptions are threats like "HackTool"... Here we recommend leaving the parameter "Treat"... Also, check the boxes next to the two lines below the list of threats.

  12. The second parameter will allow the utility to copy the unsafe document to a designated location. You can then view all the contents, and then safely delete. This is done so that you can exclude from the list of infected data those that in fact are not such (activators, generators of keys, passwords, and so on).
  13. When all the settings and search parameters are set, you can start scanning itself. To do this, press the appropriate button "Start".

  14. The verification process begins. Her progress will be displayed in a special area "Protocol".
  15. After some time, which depends on the amount of data being checked, the scan will end. A message about the completion of the operation will appear in the log. The total time spent on analyzing files, as well as statistics on scanning and detected threats, will also be displayed.

  16. By clicking on the button marked in the image below, you can see in a separate window all suspicious and dangerous objects that were identified by AVZ during the scan.

  17. The path to the dangerous file, its description and type will be indicated here. If you check the box next to the name of such software, you can move it to quarantine or completely remove it from your computer. Upon completion of the operation, press the button "OK" at the bottom.

  18. After cleaning your computer, you can close the program window.

System functions

In addition to standard malware checking, AVZ can perform a ton of other functions. Let's look at those that may be useful to the average user. In the main menu of the program at the very top, click on the line "File"... As a result, a context menu appears, which contains all the available auxiliary functions.

The first three lines are responsible for starting, stopping and pausing the scan. These are analogs of the corresponding buttons in the main AVZ menu.

System investigation

This function will allow the utility to collect all information about your system. This does not mean the technical part, but the hardware part. This information includes a list of processes, various modules, system files, and protocols. After you click on the line "System Research", a separate window will appear. In it you can specify what information AVZ should collect. After checking all the necessary boxes, you should click the button "Start" at the bottom.


This will open the save window. In it, you can select the location of the document with detailed information, as well as specify the name of the file itself. Please note that all information will be saved as an HTML file. It can be opened with any web browser. After specifying the path and name for the saved file, you need to click the button "Save".


As a result, the process of scanning the system and collecting information will start. At the very end, the utility will display a window in which you will be asked to immediately view all the collected information.

System Restore

Using this set of functions, you can return the elements of the operating system to their original form and reset various settings. Most often, malware tries to block access to the registry editor, Task Manager and write its values \u200b\u200bto the Hosts system document. You can unblock such elements using the option "System Restore"... To do this, just click on the name of the option itself, and then check the boxes for the actions that need to be performed.


After that, you must press the button "Perform marked operations" at the bottom of the window.

A window will appear on the screen in which you should confirm the actions.


After a while, you will see a message about the completion of all tasks. Just close such a window by clicking the button "OK".

Scripts

There are two lines in the parameter list related to working with scripts in AVZ - "Standard scripts" and "Execute script".

By clicking on the line "Standard scripts", you will open a window with a list of ready-made scripts. You will only need to tick the boxes that you want to run. After that, click at the bottom of the window button "Run".


In the second case, you start the script editor. Here you can write it yourself or download it from your computer. Do not forget to press the button after writing or downloading "Run" in the same window.

Database update

This item is important from the entire list. By clicking on the corresponding line, you will open the window for updating the AVZ database.

We do not recommend changing the settings in this window. Leave everything as it is and press the button "Start".


After a while, a message will appear on the screen stating that the database update is complete. You just have to close this window.

Viewing the contents of the quarantine and Infected folders

By clicking on these lines in the list of options, you can view all potentially dangerous files that AVZ detected during the scan of your system.

In the windows that open, you can permanently delete such files or restore them if they do not really pose a threat.


Please note that in order for suspicious files to be placed in these folders, you must check the appropriate boxes in the system scan settings.

This is the last option from this list that an ordinary user may need. As the name implies, these parameters allow you to save a preliminary antivirus configuration (search method, scan mode, and so on) to your computer, and also load it back.

When saving, you only need to specify the name of the file, as well as the folder in which you want to save it. When loading a configuration, you just need to select the required file with settings and press the button "Open".

Exit

It would seem that this is an obvious and well-known button. But it is worth mentioning that in some situations - when it detects particularly dangerous software - AVZ blocks all methods of its own closing, except for this button. In other words, you cannot close the program with the keyboard shortcut Alt + F4 or by clicking on the banal cross in the corner. This is done to prevent viruses from interfering with the correct operation of AVZ. But by clicking this button, you can close the antivirus for sure if necessary.

In addition to the options described, there are others in the list, but they are most likely not needed by ordinary users. Therefore, we did not focus on them. If you still need help on using undescribed functions, write about it in the comments. And we move on.

List of services

In order to see the full list of services offered by AVZ, you need to click on the line "Service" at the very top of the program.

As in the previous section, we will go over only those of them that may be useful to an ordinary user.

Process manager

By clicking on the very first line from the list, you will open a window "Process Manager"... In it, you can see a list of all executable files that are running on a computer or laptop at a given time. In the same window, you can read the description of the process, find out its manufacturer and the full path to the executable file itself.


You can also complete this or that process. To do this, just select the required process from the list, and then click on the corresponding button in the form of a black cross on the right side of the window.


This service is an excellent replacement for the standard Task Manager. The service acquires particular value in situations when "Task Manager" blocked by a virus.

Service and Driver Manager

This is the second service in the general list. By clicking on the line with the same name, you will open the window for managing services and drivers. You can switch between them using a special switch.

In the same window, each item is accompanied by a description of the service itself, status (enabled or disabled), as well as the location of the executable file.


You can select the required item, after which you will have access to the options to enable, disable or completely remove the service / driver. These buttons are located at the top of the workspace.

Startup manager

This service will allow you to fully customize the autorun settings. Moreover, unlike standard managers, this list also includes system modules. By clicking on a line with a similar name, you will see the following.


In order to disable the selected item, you just need to uncheck the box next to its name. In addition, it is possible to completely delete the required entry. To do this, simply select the desired line and click on the button in the form of a black cross at the top of the window.

Please note that the deleted value cannot be returned. Therefore, be extremely careful not to erase vital system startup records.

Hosts File Manager

We mentioned a little above that the virus sometimes writes its own values \u200b\u200bto the system file "Hosts"... And in some cases, malware also blocks access to it so that you can't fix the changes you made. This service will help you in such situations.

By clicking on the line shown in the image above in the list, you will open the manager window. You cannot add your own values \u200b\u200bhere, but you can delete existing ones. To do this, select the desired line with the left mouse button, and then press the delete button, which is located in the upper area of \u200b\u200bthe working area.


After that, a small window will appear in which you need to confirm the action. To do this, just press the button "Yes".


When the selected line is deleted, you just need to close this window.

Be careful not to delete lines you don't know what they were doing. To file "Hosts" not only viruses, but also other programs can write their values.

System utilities

With AVZ, you can also run the most popular system utilities. You can see their list if you hover your mouse over the line with the corresponding name.


By clicking on the name of a utility, you launch it. Then you can make changes in the registry (regedit), configure the system (msconfig) or check the system files (sfc).

These are all the services we wanted to mention. Novice users are unlikely to need a protocol manager, extensions, and other additional services. Such functions are more suitable for more advanced users.

AVZGuard

This feature was developed to combat the most cunning viruses that cannot be removed using standard methods. It simply puts malware on the list of untrusted software that is prohibited from performing its operations. To enable this function, you need to click on the line "AVZGuard" in the upper AVZ area. In the drop-down window, click on the item "Enable AVZGuard".

Be sure to close all third-party applications before enabling this feature, otherwise they will also end up on the list of untrusted software. In the future, the work of such applications may be disrupted.

All programs that will be marked as trusted will be protected from removal or modification. And the work of untrusted software will be suspended. This will allow you to safely remove dangerous files using a standard scan. After that, you should turn off AVZGuard back. To do this, click again on the similar line at the top of the program window, and then click on the button to disable the function.

AVZPM

The technology specified in the name will monitor all started, stopped and modified processes / drivers. To use it, you must first enable the corresponding service.

Click on the AVZPM line at the top of the window.
In the drop-down menu, click on the line "Install Advanced Process Monitoring Driver".


The required modules will be installed within a few seconds. Now, if changes are detected in any processes, you will receive a corresponding notification. If you no longer need such monitoring, you will need to simply click on the line marked in the image below in the previous drop-down box. This will unload all AVZ processes and remove the previously installed drivers.

Please note that the AVZGuard and AVZPM buttons may be grayed out and inactive. This means that you have an x64 operating system installed. Unfortunately, the mentioned utilities do not work on OS with this bit depth.

On this, this article has come to its logical conclusion. We tried to tell you how to use the most popular features in AVZ. If you still have questions after reading this lesson, you can ask them in the comments to this post. We will gladly pay attention to each question and try to give the most detailed answer.

An excellent program for removing viruses and restoring the system - AVZ (Zaitsev Anti-Virus). You can download AVZ by clicking on the orange button after generating links.And if a virus blocks the download, then try downloading the entire antivirus suite!

The main features of AVZ are the detection and removal of viruses.

Antivirus utility AVZ is designed to detect and remove:

  • SpyWare and AdWare modules are the main purpose of the utility
  • Dialer (Trojan.Dialer)
  • Trojan horses
  • BackDoor modules
  • Network and mail worms
  • TrojanSpy, TrojanDownloader, TrojanDropper

The utility is a direct analogue of TrojanHunter and LavaSoft Ad-aware 6. The primary task of the program is to remove SpyWare and Trojans.

The features of the AVZ utility (in addition to the typical signature scanner) are:

  • Heuristic system scan firmware. Firmware searches for known SpyWare and viruses by indirect indications - based on the analysis of the registry, files on disk and in memory.
  • Updated database of safe files. It includes digital signatures of tens of thousands of system files and files of known safe processes. The base is connected to all AVZ systems and works on the "friend / foe" principle - safe files are not quarantined, deletion and warning messages are blocked for them, the database is used by an anti-rootkit, a file search system, and various analyzers. In particular, the built-in process manager highlights safe processes and services with color, searching for files on the disk can exclude known files from the search (which is very useful when searching for Trojans on the disk);
  • Built-in Rootkit detection system. The search for RootKit goes without using signatures based on the study of the basic system libraries for intercepting their functions. AVZ can not only detect RootKit, but also correctly block the UserMode RootKit for its process and KernelMode RootKit at the system level. RootKit counteraction extends to all AVZ service functions, as a result, the AVZ scanner can detect masked processes, the search system in the registry "sees" masked keys, etc. The anti-rootkit is equipped with an analyzer that detects processes and services masked by RootKit. One of the main features of the RootKit countermeasure system, in my opinion, is its operability in Win9X (the widespread opinion about the absence of RootKit running on the Win9X platform is deeply mistaken - there are hundreds of Trojans known to intercept API functions to disguise their presence, to distort the operation of API functions or to monitor using them). Another feature is the KernelMode RootKit, a universal detection and blocking system that works under Windows NT, Windows 2000 pro / server, XP, XP SP1, XP SP2, Windows 2003 Server, Windows 2003 Server SP1
  • Keylogger and Trojan DLLs detector. The search for Keylogger and Trojan DLLs is carried out on the basis of system analysis without using a signature database, which makes it possible to reliably detect in advance unknown Trojan DLLs and Keyloggers;
  • Neuroanalyzer. The AVZ signature analyzer contains a neuro-emulator that allows you to study suspicious files using a neural network. Currently, the neural network is used in the keylogger detector.
  • Built-in analyzer Winsock SPI / LSP settings. Allows you to analyze the settings, diagnose possible errors in the settings and make automatic treatment. The possibility of automatic diagnostics and treatment is useful for novice users (there is no automatic treatment in utilities like LSPFix). To study SPI / LSP manually, the program has a special LSP / SPI settings manager. The Winsock SPI / LSP analyzer is covered by an anti-rootkit;
  • Built-in manager of processes, services and drivers. Designed to study running processes and loaded libraries, running services and drivers. The operation of the process manager is affected by the anti-rootkit (as a result, it "sees" processes masked by the rootkit). The process manager is linked to the AVZ safe file database, the identified safe and system files are highlighted;
  • Built-in utility to find files on disk. It allows you to search for a file by various criteria, the capabilities of the search system are superior to those of the system search. The operation of the search system is affected by the anti-rootkit (as a result, the search "sees" files masked by the rootkit and can delete them), the filter allows you to exclude from the search results files recognized by AVZ as safe. Search results are available in the form of a text protocol and in the form of a table, where you can mark a group of files for later deletion or quarantine
  • Built-in utility for searching data in the registry. It allows you to search for keys and parameters according to a given pattern, the search results are available in the form of a text protocol and in the form of a table, in which you can mark several keys for their export or deletion. The search system is affected by the anti-rootkit (as a result, the search "sees" the registry keys masked by the rootkit and can delete them)
  • Built-in analyzer for open TCP / UDP ports. It is subject to the anti-rootkit effect; in Windows XP, the process using the port is displayed for each port. The analyzer relies on an updatable database of ports of known Trojan / Backdoor programs and known system services. Searching for ports of Trojans is included in the main system check algorithm - when suspicious ports are detected, warnings are displayed in the protocol indicating which Trojans tend to use this port
  • Built-in analyzer for shared resources, network sessions and files opened over the network. Works in Win9X and Nt / W2K / XP.
  • Built-in analyzer Downloaded Program Files (DPF) - displays DPF elements, connected to all AVZ systems.
  • System recovery firmware. Firmware repairs Internet Explorer settings, startup settings, and other system settings that are corrupted by malware. Recovery is started manually, the parameters to be restored are specified by the user.
  • Heuristic file deletion. Its essence is that if during the treatment, malicious files were deleted and this option is enabled, then the system is automatically examined, covering classes, BHO, IE and Explorer extensions, all available AVZ types of autorun, Winlogon, SPI / LSP, etc. ... All found links to a remote file are automatically cleaned up, and information is entered into the log about what exactly and where was cleaned up. For this cleaning, the system treatment firmware engine is actively used;
  • Checking archives. Starting from version 3.60 AVZ supports scanning archives and compound files. Currently, archives in ZIP, RAR, CAB, GZIP, TAR formats are being checked; e-mails and MHT files; CHM archives
  • Checking and disinfecting NTFS streams. Checking NTFS streams is included in AVZ since version 3.75
  • Management scripts. Allows the administrator to write a script that performs a set of specified operations on the user's PC. Scripts allow using AVZ in a corporate network, including its launch during system boot.
  • Process analyzer. The analyzer uses neural networks and analysis firmware; it turns on when advanced analysis is enabled at the maximum level of heuristics and is designed to search for suspicious processes in memory.
  • AVZGuard system. Designed to combat hard-to-remove malicious programs, in addition to AVZ, it can protect user-specified applications, for example, other anti-spyware and antivirus programs.
  • Direct disk access system for working with locked files. Works on FAT16 / FAT32 / NTFS, is supported on all operating systems of the NT line, allows the scanner to analyze locked files and place them in quarantine.
  • Process monitoring driver and AVZPM drivers. Designed to track the start and stop of processes and load / unload drivers to search for cloaked drivers and detect corruption in the structures describing processes and drivers created by DKOM rootkits.
  • Boot Cleaner driver. Designed to perform system cleaning (removing files, drivers and services, registry keys) from KernelMode. The cleaning operation can be performed both during computer restart and during disinfection.

Restore system parameters.

  • Restoring startup parameters.exe .com .pif
  • Reset IE Settings
  • Restoring Desktop Preferences
  • Remove all user restrictions
  • Deleting a message in Winlogon
  • Restore Explorer Settings
  • Removing system process debuggers
  • Restoring Safe Mode Boot Settings
  • Unlocking Task Manager
  • Cleaning up the host file
  • Correcting SPI / LSP settings
  • Resetting SPI / LSP and TCP / IP Settings
  • Unlocking Registry Editor
  • Clearing MountPoints Keys
  • Replacing DNS servers
  • Remove proxy setting for IE / EDGE server
  • Remove Google restrictions


Program tools:

  • Process manager
  • Service and Driver Manager
  • Kernel space modules
  • Internal DLL manager
  • Search in the registry
  • Find files
  • Search Coocie
  • Startup manager
  • Browser extension manager
  • Control panel applet manager (cpl)
  • Explorer Extension Manager
  • Print Extension Manager
  • Task Scheduler Manager
  • Protocol and Handler Manager
  • DPF Manager
  • Active Setup Manager
  • Winsock SPI Manager
  • Hosts File Manager
  • TCP / UDP Port Manager
  • Network Shares and Network Connections Manager
  • System utilities set
  • Checking a file against a database of safe files
  • File scan against Microsoft security catalog
  • Calculate MD5 file sums

Here is such a big set for saving your computer from various infections!

Tweet

There are programs as universal as the Swiss knife. The hero of my article is just such a "universal". His name is AVZ (Zaitsev's anti-virus). With the help of this free antivirus and viruses can be caught, and the system can be optimized, and problems can be fixed.

AVZ features

I already talked about the fact that this is an antivirus program in. The work of AVZ as a one-time antivirus (more precisely, an anti-rootkit) is well described in its help, but I will show you the other side of the program: checking and restoring settings.

What can be "fixed" with AVZ:

  • Restore startup programs (.exe, .com, .pif files)
  • Reset Internet Explorer Preferences to Standard
  • Restore Desktop Preferences
  • Remove restrictions on rights (for example, if a virus blocked the launch of programs)
  • Remove banner or window that appears before login
  • Remove viruses that can run along with any program
  • Unblock Task Manager and Registry Editor (if the virus has prevented them from starting)
  • Clear file
  • Prevent autostart of programs from flash drives and disks
  • Delete unnecessary files from your hard drive
  • Fix Desktop Issues
  • And much more

You can also use it to check the security of Windows settings (in order to better protect against viruses), as well as optimize the system by cleaning startup.

The AVZ download page is located.

The program is free.

First, let's secure our Windows from careless actions

AVZ program has highly many functions that affect the operation of Windows. it dangerous, because in case of a mistake, trouble can happen. Please read the text and help carefully before doing anything. The author of the article is not responsible for your actions.

In order to be able to "return everything as it was" after careless work with AVZ, I wrote this chapter.

This is a mandatory step, in fact, creating a "escape route" in case of careless actions - thanks to a restore point, you can restore the settings, the Windows registry to an earlier state.

Windows Recovery is an essential component of all versions of Windows, starting with Windows ME. It is a pity that they usually do not remember about it and waste time reinstalling Windows and programs, although you could just click the mouse a couple of times and avoid all the problems.

If the damage is serious (for example, some system files have been deleted), then System Restore will not help. In other cases - if you misconfigured Windows, "tricky" with the registry, installed a program from which Windows does not boot, misused the AVZ program - "System Restore" should help.

After work, AVZ creates subfolders with backups in its folder:

/ Backup - backup copies of the registry are stored there.

/ Infected - copies of deleted viruses.

/ Quarantine - copies of suspicious files.

If after the work of AVZ problems started (for example, you thoughtlessly used the AVZ System Restore tool and the Internet stopped working) and Windows System Restore did not roll back the changes, you can open the registry backups from the folder Backup.

How to create a restore point

Go to Start - Control Panel - System - System Protection:

Click "System Protection" in the "System" window.

Press the button "Create".

The process of creating a restore point can take up to ten minutes. Then a window will appear:

The restore point will be created. By the way, they are automatically created when installing programs and drivers, but not always. Therefore, before dangerous actions (setting up, cleaning the system), it is better to once again create a restore point in order to praise yourself for your foresight in case of trouble.

How to restore a computer using a restore point

There are two options for starting System Restore - from under running Windows and using the installation disc.

Option 1 - if Windows starts

Go to Start - All Programs - Accessories - System Tools - System Restore:

Will start Choose a different restore point and press Further.A list of restore points will open. We choose the one that is needed:

The computer will automatically restart. After downloading, all settings, its registry and some important files will be restored.

Option 2 - if Windows won't boot

You need an "installation" disk with Windows 7 or Windows 8. Where to get it (or download), I wrote in.

We boot from disk (how to boot from bootable disks, it is written) and select:

Choose "System Restore" instead of installing Windows

Fixing the system after viruses or inept actions with the computer

Before all actions, get rid of viruses, for example, using. Otherwise, there will be no sense - the launched virus will "break" the corrected settings again.

Restoring startup programs

If a virus has blocked the launch of any programs, then AVZ will help you. Of course, you also need to run AVZ itself, but it's pretty easy:

First we go to Control Panel - set any view type, except for Category - Folders settings - View - uncheck Hide extensions for registered file types - OK.Now you can see each file expansion - several characters after the last period in the name. For programs, this is usually .exe and .com... To run AVZ antivirus on a computer where the launch of programs is prohibited, rename the extension to cmd or pif:

Then AVZ will start. Then, in the program window itself, click File - :

It should be noted points:

1. Restoring startup parameters for.exe, .com, .pif files (actually, it solves the problem of launching programs)

6. Removing all Policies (restrictions) of the current user (in some rare cases, this item also helps to solve the problem of launching programs if the virus is caught very harmful)

9. Removing debuggers of system processes (It is highly desirable to mark this point, because even if you checked the system with an antivirus, something could remain from the virus. It also helps if the Desktop does not appear when the system starts up)

, we confirm the action, a window appears with the text "System restore completed". After that, it remains to restart the computer - the problem with running programs will be solved!

Restoring Desktop Launch

A fairly common problem is that the Desktop does not appear when the system starts.

Run Desktop you can do this: press Ctrl + Alt + Del, launch the Task Manager, press there File - New task (Run ...) - introduce explorer.exe:

OK - The desktop will start. But this is only a temporary solution to the problem - the next time you turn on the computer, you will have to repeat everything again.

In order not to do this every time, you need to restore the program launch key explorer ("Explorer", which is responsible for the standard view of the contents of folders and the work of the Desktop). In AVZ press File - and mark the item

Perform marked operations, confirm the action, press OK. The desktop will now start normally when you start your computer.

Unlocking Task Manager and Registry Editor

If a virus has blocked the launch of the two above-mentioned programs, you can remove the ban through the AVZ program window. Just check two points:

11. Unlocking the task manager

17. Unlock Registry Editor

And press Perform the marked operations.

Internet problems (Vkontakte, Odnoklassniki and antivirus sites do not open)

This component can check four categories of problems with different severity levels (each level differs in the number of settings):

Systemic problems - this includes security settings. By ticking the found items and pressing the button Fix reported issues, some loopholes for viruses will be closed. There is also a downside to the coin - increasing safety, decreasing comfort. For example, if you prohibit autorun from removable media and CD-ROM, when inserting flash drives and disks, a window with a choice of actions will not appear (view the contents, start the player, etc.) - you will have to open the Computer window and start viewing the contents of the disc manually. That is, viruses will not start automatically, and a convenient prompt will not appear. Depending on the Windows settings, everyone will see their list of system vulnerabilities here.

Browser settings and tweaks - Internet Explorer security settings are checked. As far as I know, the settings of other browsers (Google Chrome, Opera, Mozilla Firefox, etc.) are not checked. Even if you do not use Internet Explorer to work with the Internet, I advise you to run a scan - components of this browser are often used in various programs and are a potential "security hole" that should be closed.

Cleaning the system - partially duplicates the previous category, but does not affect the place where data about user actions is stored.

I recommend checking your system in categories Systemic problems and Browser settings and tweaksby choosing the degree of danger Moderate problems... If the viruses did not touch the settings, then most likely you will be offered only one item - "autorun from removable media is allowed" (flash drives). If you check the box and thus prohibit the startup of programs from flash drives, then you will at least partially protect your computer from viruses spread on flash drives. More complete protection is achieved only with and working.

Cleaning the system from unnecessary files

Programs AVZ knows how to clean the computer from unnecessary files. If the hard disk cleaning program is not installed on the computer, then AVZ will do, since there are many possibilities:

More about items:

  1. Clear system cache Prefetch - cleaning the folder with information about which files to load in advance to quickly launch programs. This option is useless because Windows itself quite successfully monitors the Prefetch folder and cleans it up when needed.
  2. Delete Windows log files - you can clear a variety of databases and files that store various records of events occurring in the operating system. This option is useful if you need to free up a dozen or two megabytes of hard disk space. That is, the benefit from using is scanty, the option is useless.
  3. Delete memory dump files - when critical errors occur, Windows interrupts its work and shows BSOD (blue screen of death), at the same time saving information about running programs and drivers to a file for further analysis by special programs to identify the culprit of the failure. This option is almost useless, as it allows you to win only ten megabytes of free space. Cleaning the memory dump files does not harm the system.
  4. Clear the list of Recent documents - oddly enough, the option clears the list of Recent documents. This list is on the Start menu. You can also clear the list manually by right-clicking on this item in the Start menu and selecting "Clear list of recent items". Useful option: I've noticed that clearing the list of recent documents allows the Start menu to display its menus a little bit faster. It won't hurt the system.
  5. Clearing the TEMP folder - The Holy Grail for those who are looking for the cause of the disappearance of free space on the C: drive. The fact is that in the TEMP folder many programs store files for temporary use, forgetting to "clean up after themselves" later. A typical example is archivers. Unpack files there and forget to delete. Clearing the TEMP folder does not harm the system, it can free up a lot of space (in especially advanced cases, the gain of free space reaches fifty gigabytes!).
  6. Adobe Flash Player - cleaning temporary files - "Flash Player" can save files for temporary use. You can delete them. Sometimes (rarely) the option helps in the fight against Flash Player glitches. For example, problems with video and audio playback on the Vkontakte website. There is no harm from use.
  7. Clearing the terminal client cache - as far as I know, this option cleans up the temporary files of the Windows component called "Remote Desktop Connection" (remote access to computers via RDP). Option like does no harm, frees up space with a dozen megabytes at best. There is no sense to use.
  8. IIS - deleting HTTP error log - take a long time to explain what it is. Let me just say that it is better not to enable the IIS log cleanup option. In any case, it does no harm, no benefit either.
  9. Macromedia Flash Player - item duplicates "Adobe Flash Player - cleaning temporary files", but affects rather ancient versions of Flash Player.
  10. Java - clearing cache - gives a gain of a couple of megabytes on your hard disk. I do not use Java programs, so I did not check the consequences of enabling this option. I do not recommend turning it on.
  11. Emptying the recycle bin - the purpose of this item is absolutely clear from its name.
  12. Delete installation logs of system updates - Windows keeps a log of installed updates. Enabling this option clears the log. The option is useless, because there is no gain in free space.
  13. Remove Windows Update Protocol - similar to the previous point, but other files are deleted. Also a useless option.
  14. Clear MountPoints Base - if when connecting a flash drive or hard drive, icons with them are not created in the Computer window, this option can help. I advise you to turn it on only if you have problems connecting flash drives and disks.
  15. Internet Explorer - Clear Cache - cleans up temporary Internet Explorer files. The option is safe and useful.
  16. Microsoft Office - Clear Cache - cleans temporary files of Microsoft Office programs - Word, Excel, PowerPoint and others. I can't check the security option because I don't have Microsoft Office.
  17. Clearing the CD Writing System Cache is a useful option that allows you to delete files that you have prepared for writing to discs.
  18. Clearing the system TEMP folder - unlike the user's TEMP folder (see point 5), clearing this folder is not always safe, and usually a little space is freed up. I do not recommend turning it on.
  19. MSI - clearing the Config.Msi folder - this folder contains various files created by program installers. The folder is large if the installers did not terminate correctly, so clearing the Config.Msi folder is worthwhile. Nevertheless, I warn you - there may be problems with uninstalling programs that use .msi installers (for example, Microsoft Office).
  20. Clear Task Scheduler Logs - Windows Task Scheduler stores a log where it records information about completed tasks. I do not recommend including this item, because there is no benefit, but it will add problems - Windows Task Scheduler is a rather buggy component.
  21. Remove Windows Installation Logs - winning a place is insignificant, it makes no sense to delete.
  22. Windows - clearing the icon cache - useful if you have problems with shortcuts. For example, when the Desktop appears, the icons do not appear immediately. Enabling this option will not affect system stability.
  23. Google Chrome - clear cache is a very useful option. Google Chrome stores copies of pages in a dedicated folder in order to quickly open sites (pages are loaded from the hard drive instead of downloading over the Internet). Sometimes the size of this folder reaches half a gigabyte. Cleaning is useful because it frees up space on your hard drive; neither Windows nor Google Chrome affects stability.
  24. Mozilla Firefox - clearing the CrashReports folder - whenever a problem occurs with Firefox and it crashes, report files are generated. This option deletes the report files. The gain of free space reaches a couple of tens of megabytes, that is, there is little sense from the option, but there is. The stability of Windows and Mozilla Firefox is not affected.

The number of items will differ depending on the installed programs. For example, if the Opera browser is installed, you can clear its cache too.

Cleaning the list of startup programs

A surefire way to make your computer turn on and speed up is to clear the startup list. If unnecessary programs do not start, then the computer will not only turn on faster, but also work faster too - due to the freed up resources, which will not be taken by the programs running in the background.

AVZ is able to view almost all loopholes in Windows through which programs are launched. You can view the autorun list in the Tools - Autorun Manager menu:

An ordinary user has absolutely no need for such powerful functionality, so I urge do not turn off everything... It is enough to look at only two points - Autorun folders and Run *.

AVZ displays autorun not only for your user, but also for all other profiles:

In chapter Run * it is better not to disable the programs located in the section HKEY_USERS - this can disrupt other user profiles and the operating system itself. In chapter Autorun folders you can turn off whatever you don't need.

Lines recognized by the antivirus as known are marked in green. This includes both Windows system programs and digitally signed third-party programs.

All other programs are marked in black. This does not mean that such programs are viruses or something similar, just not all programs are digitally signed.

Do not forget to stretch the first column wider to show the name of the program. The usual unchecking will temporarily disable the autostart of the program (you can then check the checkbox again), highlighting the item and pressing the button with a black cross will delete the entry forever (or until the program registers itself to autorun again).

The question arises: how to determine what can be disabled and what not? There are two solutions:

First, there is common sense: you can make a decision by the name of the program file. For example, Skype creates an entry during installation to start automatically when you turn on your computer. If you do not need it, uncheck the box ending with skype.exe. By the way, many programs (and Skype among them) are able to remove themselves from startup by themselves, it is enough to uncheck the corresponding item in the settings of the program itself.

Secondly, you can search the Internet for information about the program. Based on the information received, it remains to make a decision: whether to remove it from autorun or not. AVZ makes it easy to find information about items: you just need to right-click on an item and select your favorite search engine:

By disabling unnecessary programs, you will noticeably speed up computer startup. However, it is undesirable to disable everything in a row - this is fraught with the fact that you will lose the layout indicator, disable the antivirus, etc.

Disable only those programs that you know for sure - you do not need them in autorun.

Outcome

In principle, what I wrote about in the article is akin to hammering nails with a microscope - the AVZ program is suitable for optimizing Windows, but in fact it is a complex and powerful tool suitable for performing a variety of tasks. However, in order to use AVZ to its fullest, you need to know Windows thoroughly, so you can start small - namely, with what I described above.

If you have any questions or comments, there is a block of comments under the articles where you can write to me. I am following the comments and will try to answer you as soon as possible.

A simple, easy and convenient way to restore performance even without having the qualifications and skills for this is possible thanks to the AVZ antivirus utility. The use of so-called "firmware" (the terminology of the AVZ antivirus utility) allows you to reduce the entire process to a minimum.

In order for everything to function in your laptop, this will be provided by a battery for an asus laptop, and for the correct functioning of all the "screws" of the operating system, the AVZ functionality will not be the last.

Help is available for most of the typical problems faced by the user. All functionality of the firmware is called from the menu "File -\u003e System Restore".

  1. Restoring startup parameters for.exe, .com, .pif files
    Restoring the standard system response to files with exe, com, pif, scr extensions.
    after treatment for the virus, any programs and scripts stopped running.
  2. Reset Internet Explorer Protocol Prefix Settings to Standard
    Restoring the default settings for protocol prefixes in Internet Explorer
    Recommendations for use: when you enter a web address, for example, www.yandex.ua, it is replaced with an address like www.seque.com/abcd.php?url\u003dwww.yandex.ua
  3. Restore Internet Explorer Start Page
    Will just return the start page in Internet Explorer browser
    Recommendations for use: if you changed the start page
  4. Reset Internet Explorer Search Settings to Standard
    Restores search settings in Internet Explorer
    Recommendations for use: The "Search" button leads to the "left" sites
  5. Restoring Desktop Preferences
    Removes all active ActiveDesktop controls and wallpaper, unlocks the desktop customization menu.
    Recommendations for use: display on the desktop of third-party inscriptions and (or) drawings
  6. Removing all Policies (restrictions) of the current user
    removal of restrictions on user actions caused by changing Policies.
    Recommendations for use: the functionality of the explorer or other functionality of the system was blocked.
  7. Clearing the message displayed during WinLogon
    Restore a standard message at system startup.
    Recommendations for use: A third party message is observed during system boot.
  8. Restore Explorer Settings
    Brings all Explorer settings to their standard form.
    Recommendations for use: Inadequate Explorer Settings
  9. Removing system process debuggers
    System process debuggers are launched secretly, which is very beneficial for viruses.
    Recommendations for use: for example, after loading, the desktop disappears.
  10. Restoring Boot Settings in Safe Mode (SafeMode)
    Reanimates the effects of Bagle worms, etc.
    Recommendations for use: problems with loading into SafeMode, otherwise it is not recommended to use.
  11. Unlocking Task Manager
    Unblocks any attempts to invoke the Task Manager.
    Recommendations for use: if instead of the task manager you see the message "The task manager is blocked by the administrator"
  12. Clearing the ignore list of the HijackThis utility
    The HijackThis utility saves its settings in the system registry, in particular, the list of exclusions is stored there. Viruses masquerading as HijackThis are logged in this exclusion list.
    Recommendations for use: You suspect that the HijackThis utility does not display all information about the system.

  13. All uncommented lines are removed and the only meaningful line "127.0.0.1 localhost" is added.
    Recommendations for use: changed the Hosts file. You can check the Hosts file using the Hosts file manager built into AVZ.
  14. Automatic correction of SPl / LSP settings
    SPI settings are analyzed and errors found are automatically corrected if necessary. The firmware can be safely rerun many times. After completion, a computer restart is required. Attention!!! Firmware cannot be used from a terminal session
    Recommendations for use: After treatment for the virus, Internet access was lost.
  15. Reset SPI / LSP and TCP / IP Settings (XP +)
    The firmware runs exclusively on XP, Windows 2003 and Vista. The standard utility "netsh" from Windows is used. Detailed in the Microsoft Knowledge Base - http://support.microsoft.com/kb/299357
    Recommendations for use: After treatment for the virus, Internet access was lost and firmware # 14 did not help.
  16. Explorer startup key recovery
    Restore system registry keys responsible for starting Explorer.
    Recommendations for use: After the system boots, explorer.exe can only be launched manually.
  17. Unlock Registry Editor
    Unlocks the Registry Editor by removing the policy that prevents it from starting.
    Recommendations for use: When I try to start Registry Editor, I get a message that the administrator has blocked it from starting.
  18. Full re-creation of SPI settings
    It backs up all SPI / LSP settings, then creates their reference, which is in the database.
    Recommendations for use: When restoring SPI settings, firmware # 14 and # 15 did not help you. Dangerous, apply at your own risk!
  19. Clear MountPoints Base
    The base in the system registry for MountPoints and MountPoints2 is cleared.
    Recommendations for use: for example, disks cannot be opened in Explorer.
  20. Replace DNS of all connections with Google Public DNS
    Change all DNS addresses of the used servers to 8.8.8.8

Some useful tips:

  • Most of the problems with Hijacker can be cured by three programs - # 4 "Reset Internet Explorer search settings to standard", # 3 "Restore Internet Explorer start page" and # 2 "Reset Internet Explorer protocol prefixes to standard".
  • All firmware except # 5 and # 10 can be safely executed multiple times.
  • And naturally it is useless to fix anything without first removing the virus.
Did you like the article? To share with friends:
You may also be interested in