The Avenger

Program Usage

You can think of The Avenger as a scripting engine.

  1. You give The Avenger commands to execute (the script) consisting of files to delete, registry keys to delete, drivers to disable, and so on.
  2. The Avenger reboots your computer (it is common for it to reboot twice, as necessary) and executes those commands during the reboot(s).
  3. Afterwards, Windows restarts, and opens the log generated by The Avenger so you can see the results.
An example usage

An example program usage with example script

Inputting a script

The main Avenger window allows you to input a script of commands to be executed. You may do this by:

  1. Typing directly into the text box in the center of the screen,
  2. Loading a script from a file (plain text, ANSI encoded) using the toolbar button,
  3. Loading a script from an Internet URL using the toolbar button, or
  4. Pasting a script directly from the clipboard using the toolbar button.

The last three options may also be selected from the "Load Script" menu.

Script syntax is discussed in detail in the script tutorial.

Rootkit scanning

  • Starting with Version 2.0, The Avenger can scan your computer for rootkits hidden from the Windows operating system. Check the "Scan for rootkits" box to enable this feature. It is enabled by default.

  • You may also authorize Avenger to disable any rootkits found automatically.
    It is strongly recommended to examine the results of a rootkit scan before you authorize Avenger to disable anything.

Execution process

  • Click the "Execute" button to begin execution of the current script. The Avenger will prompt you to reboot.
  • The Avenger makes backups of all actions it takes, and saves those backups in the folder C:\Avenger (if C:\ is your system drive).
  • The backups are zipped and password-protected with password "infected", to prevent accidental reinfection when viewing backups of live malware.
  • The most recent backup is called "", and the rest are named by date and time of creation.
  • Registry backups are contained within the zip archives and named "backup.reg". They are in standard .REG file format, and can be restored simply by double-clicking on them.
  • The Avenger's log file is also contained within the zip archive, named "avenger.txt". You may view the log from the most recent execution of The Avenger by selecting Open Log File from the File menu. This most recent log is stored at C:\avenger.txt (if C:\ is your system drive), and is not deleted until the next time The Avenger executes commands.

Script Syntax

The core of The Avenger is its script-processing functionality, and thus I must discuss script syntax. This will be the subject of the next tutorial.

Continue to Script Tutorial

Other Documentation

What's New in Version 2.0
Command-Line Usage
License and Acknowledgements
FarCry - Mollio