Free Antivirus Help Contact Us  |   FAQ Help  |  Why Free
  Home Download Instructions Antivirus Reviews News

AVZ Antiviral Toolkit Review by Kaspersky

Saturday, 02 April 2011 14:35:58 (US Mountain Standard Time, UTC-07:00)

    AVZ Antiviral Toolkit is an advanced malware removal tool that is sponsored by Kaspersky.  The program can detect and remove all forms of malware including viruses, adware, spyware, hack tools, and riskware quickly.  The main purpose is to give the user the capability to find obscure malware and remove it.  While the interface may not be the prettiest, the software has an update utility (definitions released as recently as March 31) and 288,197 signatures.  AVZ also uses advanced heuristics to check for suspicious services and TCP stack entries.  Surprisingly, the program even includes a real time shield.
    The installation of AVZ was simple.  The download size was only 5.88 megabytes and comes in a zip file.  When extracted the program uses approximately 6.5 megabytes of hard drive space and doesn’t need to be installed; simply run the main executable.  Given the functionality, it’s clearly a tightly coded program when compared to the standard free antivirus.  I updated the program after the install (a ridiculously small 800 kilobytes in size) via the File menu, Database update option.

    AVZ Antiviral Toolkit has several scanning and removal options.  For each of the detectable malicious items listed above, one can have it remove, report, or ask the user.  The scanner also looks at running processes, heuristic system check, and can also search for vulnerabilities.  As far as automatic removal goes, I would precede with caution given that the program inherently has false positives because of its heuristic system.  To just scan active processes (essentially a quick scan) do not select a drive and click start.  This scan finished within in about 1 minute and scanned 300 items.  I then tested out a scan of the local C drive.  The scanner is unfortunately kind of slow and accesses the hard drive at about 4 megabyte per second.  This is slower than the benchmark free antivirus and also Kaspersky’s own scanners (4 times slower).  However, scanning is really quite in-depth.  The scanner looks at suspicious open ports (an IDS system), detects suspicious keyboard hooks (keyloggers), attempts to detect rootkits via API hooks, scans for suspicious system drivers, analyzes the Winsock stack, checks for dangerous services (found Remote registry and remote desktop services enabled), verifies if disk autoruns are enabled, checks for administrative shares, whether anonymous access is enabled and more. The heuristic sensitivity can also be modified via a convenient slider.  AVZ Antiviral Toolkit didn’t detect any specific malware on the system but highlighted risky areas.  One will have to a do a bit of digging through the log file to find what was detected.  There is also the option to run the standard or user created scripts to automate scans etc.

    The real treats of the program are the tools which number about 50.  A neat feature is the disk inspector in which one can take a previously scanned log and run a comparison of the system at a later date to show which files were modified.  The system analysis area is like HijackThis on steroids and outputs a handy html report with tons of system information.  The system restore option can reset all critical areas of Windows including unlocking the registry editor to repairing DNS.  The services and drivers manager can do an analysis via the registry to enumerate all known entries (great for finding rootkits).  There is an IE extensions manager, printing system extensions, protocols and handlers, and windows explorer extensions manger etc.  Basically, if one has malware AVZ Antiviral Toolkit can help one find it and is the most advanced I have seen. 

    Resource usage is on par with most on demand scanners.  The program uses approximately 72 megabytes of RAM and about 12 percent CPU power.

    The technology in AVZ is excellent but the interface has problems.  If the publisher could package this program in a new interface, it would be great.