1

Topic: Kompas Antivirus 3.5.0

Apa saja yang ditambahkan di versi ini?

Terdapat fitur baru Script Blocker yang terdapat pada menu Tools - Script Blocker. Fitur ini berfungsi untuk memblok file-file script berbahaya seperti .vbs, .js, .hta,  dll yang umumnya sering disertakan sebagai attachment email pada kampanye spam untuk menyebarkan malware berjenis ransomware yang sedang marak menyebar.

Beberapa bug diperbaiki terutama pada timer yang suka error out of resource di awal scan.

Validasi key dimodif dengan sedikit inline asm agar waktu debugging nambah sedikit juga.

Info lebih lanjut dapat dilihat di http://kompasantivirus.blogspot.co.id/2 … s-350.html

2

Re: Kompas Antivirus 3.5.0

Script blocker gak ditambahkan fitur batch blocker? block macro? bisa saja semua orang gak paham dengan hal ini

3

Re: Kompas Antivirus 3.5.0

Blok macro sudah secara default oleh Microsoft. Tapi saya belum cek jika macro aktif, apakah ada proses yang dipanggil, misalnya wscript.exe dsb. Jika iya, pastinya keblok juga sama Script Blocker.

Batch kayaknya ga bisa download file langsung deh, kecuali via script vbs dsb.

Mayoritas file berbahaya di attachment email yang mendownlaod ransomware akan keblok oleh fitur baru Kompas ini.

4

Re: Kompas Antivirus 3.5.0

bug kompas

date/time          : 2016-04-22, 04:24:33, 221ms
computer name      : FAIZ
user name          : AHMAD <admin>
operating system   : Windows 8 x64 build 9200
system language    : English
system up time     : 8 days 22 hours
program up time    : 1 minute 29 seconds
processors         : 4x Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
physical memory    : 4353/6044 MB (free/total)
free disk space    : (C:) 82.01 GB
display mode       : 1366x768, 32 bit
process id         : $1f98
allocated memory   : 43.83 MB
largest free block : 1.00 GB
command line       : C:\Kompas\KompasAV.exe /Auto
executable         : KompasAV.exe
exec. date/time    : 2016-04-08 22:11
version            : 3.5.59594.39944
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $3cd79017, $453dbf7a, $453dbf7a
exception number   : 1
exception class    : EListError
exception message  : List index out of bounds (1).

main thread ($16c0):
0047b2b5 +015 KompasAV.exe System.Classes          TList.Get
005c03e7 +00b KompasAV.exe Vcl.Forms               TScreen.GetMonitor
005bb7e1 +0b5 KompasAV.exe Vcl.Forms               TCustomForm.SetWindowToMonitor
005be0b5 +1d5 KompasAV.exe Vcl.Forms               TCustomForm.CMShowingChanged
0051c8bc +2d4 KompasAV.exe Vcl.Controls            TControl.WndProc
00521207 +5b3 KompasAV.exe Vcl.Controls            TWinControl.WndProc
005ba40a +5f2 KompasAV.exe Vcl.Forms               TCustomForm.WndProc
0051c4e0 +024 KompasAV.exe Vcl.Controls            TControl.Perform
00520605 +10d KompasAV.exe Vcl.Controls            TWinControl.UpdateShowing
00520714 +0bc KompasAV.exe Vcl.Controls            TWinControl.UpdateControlState
005232d2 +026 KompasAV.exe Vcl.Controls            TWinControl.CMVisibleChanged
0051c8bc +2d4 KompasAV.exe Vcl.Controls            TControl.WndProc
00521207 +5b3 KompasAV.exe Vcl.Controls            TWinControl.WndProc
005ba40a +5f2 KompasAV.exe Vcl.Forms               TCustomForm.WndProc
005bbab1 +385 KompasAV.exe Vcl.Forms               TCustomForm.SetWindowToMonitor
0051c4e0 +024 KompasAV.exe Vcl.Controls            TControl.Perform
0051aebe +026 KompasAV.exe Vcl.Controls            TControl.SetVisible
005b9ca2 +03a KompasAV.exe Vcl.Forms               TCustomForm.SetVisible
005c385b +0b3 KompasAV.exe Vcl.Forms               TApplication.Run
0078d21c +d2c KompasAV.exe Venom          255 +183 initialization
748b38f2 +022 KERNEL32.DLL                         BaseThreadInitThunk

thread $484:
748b38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $d4:
748b38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $408:
748b38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $1f7c:
748b38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

disassembling:
[...]
0078d1cd 251   mov     ecx, [$7a5f20]
0078d1d3       mov     eax, [$7a5a24]
0078d1d8       mov     eax, [eax]
0078d1da       mov     edx, [$689604]
0078d1e0       call    -$1c9b95 ($5c3650)     ; Vcl.Forms.TApplication.CreateForm
0078d1e0
0078d1e5 252   mov     ecx, [$7a590c]
0078d1eb       mov     eax, [$7a5a24]
0078d1f0       mov     eax, [eax]
0078d1f2       mov     edx, [$6f274c]
0078d1f8       call    -$1c9bad ($5c3650)     ; Vcl.Forms.TApplication.CreateForm
0078d1f8
0078d1fd 253   mov     ecx, [$7a5470]
0078d203       mov     eax, [$7a5a24]
0078d208       mov     eax, [eax]
0078d20a       mov     edx, [$706138]
0078d210       call    -$1c9bc5 ($5c3650)     ; Vcl.Forms.TApplication.CreateForm
0078d210
0078d215 255   mov     eax, [$7a5a24]
0078d21a       mov     eax, [eax]
0078d21c     > call    -$1c9a79 ($5c37a8)     ; Vcl.Forms.TApplication.Run
0078d21c
0078d221 256   mov     eax, [$7a5b84]
0078d226       cmp     byte ptr [eax], 0
0078d229       jz      loc_78d362
0078d229
0078d22f 258   mov     eax, $7c2368
0078d234       mov     edx, $78d6a4
0078d239       call    -$384bb2 ($40868c)     ; System.@UStrAsg
0078d239
0078d23e 259   mov     eax, [$7a5e3c]
0078d243       cmp     byte ptr [eax], 0
0078d246       jz      loc_78d257
0078d246
0078d248 260   mov     eax, $7c2368
0078d24d       mov     edx, $78d6c4
0078d252       call    -$383d7f ($4094d8)     ; System.@UStrCat
0078d252
0078d257     loc_78d257:
0078d257 262   lea     eax, [ebp-$128]
0078d25d       call    -$c8256 ($6c500c)      ; uWindows.GetOS
0078d25d
[...]

5 (edited by Nd4 2016-10-14 09:28:39)

Re: Kompas Antivirus 3.5.0

KompasAV ketika memperbaharui signature, tiba-tiba error. dibuka lagi, ternyata tetap error.

date/time          : 2016-10-12, 17:27:56, 835ms
computer name      : LAPTOP-8B40F5A3
user name          : Indra <admin>
operating system   : Windows 8 x64 build 9200
system language    : Indonesian
system up time     : 6 hours 29 minutes
program up time    : 133 milliseconds
processors         : 4x Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
physical memory    : 4285/8103 MB (free/total)
free disk space    : (C:) 91,23 GB
display mode       : 1366x768, 32 bit
process id         : $1d34
allocated memory   : 16,31 MB
largest free block : 1,03 GB
command line       : "C:\Users\Indra\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX /a
executable         : KompasAV.exe
exec. date/time    : 2016-04-08 22:11
version            : 3.5.59594.39944
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $d2746b48, $86721168, $86721168
exception number   : 1
exception class    : EAccessViolation
exception message  : Access violation at address 004098CF in module 'KompasAV.exe'. Read of address 01050000.

main thread ($18e4):
004098cf +023 KompasAV.exe System   14 +0 Pos
0078b4b5 +129 KompasAV.exe ZipForge       initialization
00407d22 +042 KompasAV.exe System   14 +0 InitUnits
00407d8b +03f KompasAV.exe System   14 +0 @StartExe
0040c956 +042 KompasAV.exe SysInit        @InitExe
0078c507 +017 KompasAV.exe Venom    72 +0 initialization
763c62c2 +022 KERNEL32.DLL                BaseThreadInitThunk

thread $1c60:
763c62c2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $1d74:
763c62c2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $dc0:
763c62c2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $20b4:
763c62c2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $a70:
763c62c2 +22 KERNEL32.DLL  BaseThreadInitThunk

disassembling:
004098ac    public System.Pos:               ; function entry point
004098ac 14   test    eax, eax
004098ae      jz      loc_4098f7
004098ae
004098b0      test    edx, edx
004098b2      jz      loc_4098ea
004098b2
004098b4      push    ebx
004098b5      push    esi
004098b6      push    edi
004098b7      mov     esi, eax
004098b9      mov     edi, edx
004098bb      mov     ecx, [edi-4]
004098be      push    edi
004098bf      mov     edx, [esi-4]
004098c2      dec     edx
004098c3      js      loc_4098e5
004098c3
004098c5      mov     ax, [esi]
004098c8      add     esi, 2
004098cb      sub     ecx, edx
004098cd      jle     loc_4098e5
004098cd
004098cf    loc_4098cf:
004098cf    > repne scasw
004098d2      jnz     loc_4098e5
004098d2
004098d4      mov     ebx, ecx
004098d6      push    esi
004098d7      push    edi
004098d8      mov     ecx, edx
004098da      rep cmpsw
004098dd      pop     edi
004098de      pop     esi
004098df      jz      loc_4098ed
004098df
004098e1      mov     ecx, ebx
004098e3      jmp     loc_4098cf
004098e3
004098e3    ; ---------------------------------------------------------
004098e3
004098e5    loc_4098e5:
004098e5      pop     edx
004098e6      xor     eax, eax
[...]

Trus nyoba PCMAV. Sama-sama error. Tidak menampilkan bugreport, tapi Running process tapi tiba-tiba terminate sendiri.
Windows 10 x64 build terbaru. Insider.

6 (edited by Nd4 2016-10-14 09:40:26)

Re: Kompas Antivirus 3.5.0

Sudah versi PRO, kok tidak bisa checlist Exe Blocker?

https://s3.postimg.org/aqsvhsh6r/screenshot_76.png

Lalu jika klik Update KompasAV secara terus menerus (Klik berkali-kali) pada Form Utama, membuat Explorer Restart.

Ketika Klik update, notifikasi checking update langsung di close dan notifikasi no update di close. muncul notifikasi no update ke dua. normalnya, notifikasi no update hanya sekali