What Is Avis?

Is it a lightwieght antivirus? what is it used for?


  • rootkit
    rootkit ✭✭✭
    edited October 2008

    Is not an antivirus !

    It's a scanning tool without definitions and a diagnostic tool (something like Hijackthis, but better).


  • ok so um, does anyone one how how to use it and interpret the logs

  • Hello VirusPING,

    You need to examine the entire output because it just logs everything. It doesn't distinguish legit from malicious. It's handy to see the section were malware install it normally.All the mem-address entries refers to all loaded processes and all loaded .dll files that are running in your computer memory. Also hidden files,services and there status (running,stopped) are displayed. Next also all installed drivers are recorded. Also other things are logged such as executable files located in program files subfolders.

    I still work with combofix, deckard scanner to see if I can find anything malicious on a computer. AVIS is mostly used by the virus researchers. I don't examine the AVIS log that many.

    Kind regards,


  • Hi all,

    I have taken a look at AVIS and I think it is a very useful tool. I also

    think it would be more usefull if used in conjunction with Bart PE to

    scan and repair infected systems when booting from Bart's CD.

    I've tried to create a BartPE plugin but it is not working for me, AVIS

    has a lot of registery entries and maybe depend on Windows functions

    that are not included in the subset "BartPE".

    Does anybody have any ideas on how to make it work on PE environments

    or can provide a "portable" version that can be run from a USB flash disk

    or any CDROM.


  • well i just unzip it onto my flash drive. It works for me. So i guess it is portable

  • rootkit
    rootkit ✭✭✭

    Remember that AVIS is not a toy :)

  • alexcrist
    edited October 2008

    As far as I know, it's portable. It doesn't require any installation (just unzip and run), which means it's not dependent of any registry entries which would require installation or anything.

    On the other hand, it's very probable that it depends on many APIs (which are probably not implemented in PE environments).

    Also, Avis logs should only be analyzed by authorized personnel only (eg Virus Analysts, which know what they are looking for).

    Also, the content of those logs shouldn't be made publicly available, as they might contain some sensitive data. This is a very good reason why the logs should only be posted on request, and only on the Malware Talk section (so nobody else except Virus Analysts and Moderators have access to them). Also, you can use the option Compress log, which will not only archive the log, but it will also protect it using a password (known only by us).