1

Topic: Kompas Antivirus 3.3.0

Telah rilis Kompas Antivirus 3.3.0

http://1.bp.blogspot.com/-7e9UuLLkgQo/VjCpKCgzqSI/AAAAAAAAAHo/kHGo3wz1wRY/s1600/Capture.PNG

Apa Yang Terbaru (28 Oktober 2015)
----------------------------------
- Penambahan shell extension untuk Windows dengan arsitektur 64 bit.
- Penambahan file log ketika scan melalui command line.
- Scaling dinonaktifkan sehingga tampilan tidak terpotong pada DPI yang diperbesar.
- Perbaikan minor bugs.

Scan melalui context menu pada Windows Explorer hanya menscan per satu file atau per satu folder.
Subfolder tidak akan ikut discan ketika menscan folder melalui context menu.

Download: http://www.softpedia.com/get/Antivirus/ … irus.shtml

Enjoy.

2 (edited by f412mukhl15 2015-11-26 19:35:54)

Re: Kompas Antivirus 3.3.0

bug ketika update DB 837

date/time          : 2015-11-26, 19:32:34, 607ms
computer name      : DESKTOP-S6APTIP
user name          : AHMAD <admin>
operating system   : Windows 8 x64 build 9200
system language    : English
system up time     : 6 hours 40 minutes
program up time    : 2 minutes 21 seconds
processors         : 4x Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
physical memory    : 4677/6044 MB (free/total)
free disk space    : (C:) 92.95 GB
display mode       : 1366x768, 32 bit
process id         : $d7c
allocated memory   : 55.21 MB
largest free block : 987.87 MB
command line       : C:\Kompas\KompasAV.exe /Auto
executable         : KompasAV.exe
exec. date/time    : 2015-10-28 15:12
version            : 3.3.59757.27409
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $015cee7c, $62f5354d, $bb1589e9
exception number   : 1
exception class    : EAccessViolation
exception message  : Access violation at address 015CEE7C. Read of address 015CEE7C.

main thread ($d2c):
015cee7c +000 ???
0051c498 +038 KompasAV.exe Vcl.Controls            TControl.DoMouseUp
0051c514 +070 KompasAV.exe Vcl.Controls            TControl.WMLButtonUp
0051bb04 +2d4 KompasAV.exe Vcl.Controls            TControl.WndProc
0052007e +1e2 KompasAV.exe Vcl.Controls            TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls            TWinControl.MainWndProc
0051b728 +024 KompasAV.exe Vcl.Controls            TControl.Perform
0051fd30 +0ac KompasAV.exe Vcl.Controls            TWinControl.IsControlMouseMsg
005202cb +42f KompasAV.exe Vcl.Controls            TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls            TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes          StdWndProc
751062eb +00b USER32.dll                           DispatchMessageW
005c25eb +0f3 KompasAV.exe Vcl.Forms               TApplication.ProcessMessage
005c262e +00a KompasAV.exe Vcl.Forms               TApplication.HandleMessage
005c2961 +0c9 KompasAV.exe Vcl.Forms               TApplication.Run
0078a21c +d2c KompasAV.exe Venom          254 +183 initialization
775c38f2 +022 KERNEL32.DLL                         BaseThreadInitThunk

thread $11a4:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $11a8:
758fa593 +93 KERNELBASE.dll  SleepEx
758fa4ea +0a KERNELBASE.dll  Sleep
775c38f2 +22 KERNEL32.DLL    BaseThreadInitThunk

thread $11b4:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $528:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $112c (TWndProc): <suspended>
006c58d9 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $c48:
758fa324 +104 KERNELBASE.dll           WaitForMultipleObjectsEx
004cb795 +00d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept ThreadExceptFrame
775c38f2 +022 KERNEL32.DLL             BaseThreadInitThunk
>> created by main thread ($d2c) at:
75d0484b +000 combase.dll

thread $afc:
00719470 +030 KompasAV.exe madCodeHook 504 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
775c38f2 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($d2c) at:
00719948 +270 KompasAV.exe madCodeHook 504 +0 CreateLpcQueue

thread $17b0: <priority:1>
758ee08b +08b KERNELBASE.dll                    WaitForSingleObjectEx
758edfed +00d KERNELBASE.dll                    WaitForSingleObject
007190f6 +012 KompasAV.exe   madCodeHook 504 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
775c38f2 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($d2c) at:
00719969 +291 KompasAV.exe   madCodeHook 504 +0 CreateLpcQueue

thread $7bc:
00719470 +030 KompasAV.exe madCodeHook 504 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
775c38f2 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($d2c) at:
00719948 +270 KompasAV.exe madCodeHook 504 +0 CreateLpcQueue

thread $d5c: <priority:1>
758ee08b +08b KERNELBASE.dll                    WaitForSingleObjectEx
758edfed +00d KERNELBASE.dll                    WaitForSingleObject
007190f6 +012 KompasAV.exe   madCodeHook 504 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
775c38f2 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($d2c) at:
00719969 +291 KompasAV.exe   madCodeHook 504 +0 CreateLpcQueue

thread $174c (TRegistryWatchdog):
758ee08b +8b KERNELBASE.dll                       WaitForSingleObjectEx
758edfed +0d KERNELBASE.dll                       WaitForSingleObject
00725403 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
775c38f2 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($d2c) at:
007252be +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $e30 (TRegistryWatchdog):
758ee08b +8b KERNELBASE.dll                       WaitForSingleObjectEx
758edfed +0d KERNELBASE.dll                       WaitForSingleObject
00725403 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
775c38f2 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($d2c) at:
007252be +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $26c:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $da4:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $15d8:
775c38f2 +22 KERNEL32.DLL  BaseThreadInitThunk

disassembling:
[...]
0078a1cd 250   mov     ecx, [$7a2e98]
0078a1d3       mov     eax, [$7a29a0]
0078a1d8       mov     eax, [eax]
0078a1da       mov     edx, [$688af0]
0078a1e0       call    -$1c7aa5 ($5c2740)     ; Vcl.Forms.TApplication.CreateForm
0078a1e0
0078a1e5 251   mov     ecx, [$7a2888]
0078a1eb       mov     eax, [$7a29a0]
0078a1f0       mov     eax, [eax]
0078a1f2       mov     edx, [$6f1bdc]
0078a1f8       call    -$1c7abd ($5c2740)     ; Vcl.Forms.TApplication.CreateForm
0078a1f8
0078a1fd 252   mov     ecx, [$7a23ec]
0078a203       mov     eax, [$7a29a0]
0078a208       mov     eax, [eax]
0078a20a       mov     edx, [$7048e8]
0078a210       call    -$1c7ad5 ($5c2740)     ; Vcl.Forms.TApplication.CreateForm
0078a210
0078a215 254   mov     eax, [$7a29a0]
0078a21a       mov     eax, [eax]
0078a21c     > call    -$1c7989 ($5c2898)     ; Vcl.Forms.TApplication.Run
0078a21c
0078a221 255   mov     eax, [$7a2afc]
0078a226       cmp     byte ptr [eax], 0
0078a229       jz      loc_78a362
0078a229
0078a22f 257   mov     eax, $7bf35c
0078a234       mov     edx, $78a6a4
0078a239       call    -$381be2 ($40865c)     ; System.@UStrAsg
0078a239
0078a23e 258   mov     eax, [$7a2db4]
0078a243       cmp     byte ptr [eax], 0
0078a246       jz      loc_78a257
0078a246
0078a248 259   mov     eax, $7bf35c
0078a24d       mov     edx, $78a6c4
0078a252       call    -$380daf ($4094a8)     ; System.@UStrCat
0078a252
0078a257     loc_78a257:
0078a257 261   lea     eax, [ebp-$128]
0078a25d       call    -$c5dc6 ($6c449c)      ; uWindows.GetOS
0078a25d
[...]

3 (edited by f412mukhl15 2015-12-06 05:15:03)

Re: Kompas Antivirus 3.3.0

FP atau bukan, sensitive scan tidak dicentang
http://i64.tinypic.com/2myaijm.jpg

Upload: http://anti.malware.web.id/kirim-virus. … zipnew.rar

4

Re: Kompas Antivirus 3.3.0

f412mukhl15 wrote:

FP atau bukan, sensitive scan tidak dicentang
http://i64.tinypic.com/2myaijm.jpg

Upload: http://anti.malware.web.id/kirim-virus. … zipnew.rar

Ok, akan dicek. Terima kasih.

5

Re: Kompas Antivirus 3.3.0

FP lagi
http://i66.tinypic.com/1zf1ttd.jpg
http://i63.tinypic.com/6zwvg1.png

upload : http://anti.malware.web.id/kirim-virus. … e=Test.rar

6

Re: Kompas Antivirus 3.3.0

FP Bro..

Udah ane upload.

Generic.991130341http://anti.malware.web.id/kirim-virus. … 130341.zip

7

Re: Kompas Antivirus 3.3.0

39c31eab wrote:

FP Bro..

Udah ane upload.

Generic.991130341http://anti.malware.web.id/kirim-virus. … 130341.zip

FP segera diperbaiki (terjadi di database utama). Hari ini database utama akan dimasukan ke update sehingga ukuran file upadata akan bertambah.

8

Re: Kompas Antivirus 3.3.0

Bug di Windows 10 32bit. Selalu ketika kompasav download signature, saya cek tidak ada process kompasav.exe, gak tau terminate sendiri ketika proses apa

9

Re: Kompas Antivirus 3.3.0

Nd4 wrote:

Bug di Windows 10 32bit. Selalu ketika kompasav download signature, saya cek tidak ada process kompasav.exe, gak tau terminate sendiri ketika proses apa

segera diproses dalam 1x24 jam.

10

Re: Kompas Antivirus 3.3.0

admin wrote:
Nd4 wrote:

Bug di Windows 10 32bit. Selalu ketika kompasav download signature, saya cek tidak ada process kompasav.exe, gak tau terminate sendiri ketika proses apa

segera diproses dalam 1x24 jam.

ternyata setelah proses download signature, tidak memanggil process kompasav lagi.

bugreport, baru tau ada log nya

date/time          : 2015-11-30, 22:04:18, 568ms
computer name      : LAPTOP-8B40F5A3
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 8 x64 build 9200
system language    : Indonesian
system up time     : 23 hours 47 minutes
program up time    : 9 minutes 12 seconds
processors         : 4x Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
physical memory    : 359/1963 MB (free/total)
free disk space    : (C:) 440,86 GB
display mode       : 1366x768, 32 bit
process id         : $13a8
allocated memory   : 51,16 MB
largest free block : 993,25 MB
command line       : C:\Users\Indra\AppData\Roaming\IDM\KompasAV\KompasAV.exe /Auto
executable         : KompasAV.exe
exec. date/time    : 2015-10-28 15:12
version            : 3.3.59757.27409
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $ec249709, $77018adc, $530bbdef
exception number   : 1
exception class    : EExternalException
exception message  : External exception C0150010.

thread $3a4:
77cccb7e +4b97e ntdll.dll                         RtlDeactivateActivationContextUnsafeFast
77c823b0 +00120 ntdll.dll                         LdrShutdownThread
77ca259b +0002b ntdll.dll                         RtlExitUserThread
004081c9 +00015 KompasAV.exe System         14 +0 EndThread
004882fb +0009f KompasAV.exe System.Classes       ThreadProc
00408128 +00028 KompasAV.exe System         14 +0 ThreadWrapper
004cb795 +0000d KompasAV.exe madExcept            CallThreadProcSafe
004cb7ff +00037 KompasAV.exe madExcept            ThreadExceptFrame
77a33742 +00022 KERNEL32.DLL                      BaseThreadInitThunk

main thread ($13f4):
76db8d03 +093 KERNELBASE.dll                          WaitForSingleObjectEx
76db8c5d +00d KERNELBASE.dll                          WaitForSingleObject
005dc049 +01d KompasAV.exe   DirWatch        336   +8 TDirectoryWatch.ReleaseWatchThread
005dc38c +010 KompasAV.exe   DirWatch        523   +3 TDirectoryWatch.Stop
005dc0d5 +00d KompasAV.exe   DirWatch        378   +1 TDirectoryWatch.Destroy
00406584 +008 KompasAV.exe   System           14   +0 TObject.Free
0072e15d +089 KompasAV.exe   uVenom         1888  +17 TForm1.FormCloseQuery
005bd82d +055 KompasAV.exe   Vcl.Forms                TCustomForm.CloseQuery
005bd755 +021 KompasAV.exe   Vcl.Forms                TCustomForm.Close
0072e0ce +00e KompasAV.exe   uVenom         1867   +2 TForm1.Exit1Click
005aa137 +0a7 KompasAV.exe   Vcl.Menus                TMenuItem.Click
005ab73b +013 KompasAV.exe   Vcl.Menus                TMenu.DispatchCommand
005ac9ce +082 KompasAV.exe   Vcl.Menus                TPopupList.WndProc
005ac91d +01d KompasAV.exe   Vcl.Menus                TPopupList.MainWndProc
0048b2c8 +014 KompasAV.exe   System.Classes           StdWndProc
756d3e4b +00b USER32.dll                              DispatchMessageW
005c25eb +0f3 KompasAV.exe   Vcl.Forms                TApplication.ProcessMessage
005c262e +00a KompasAV.exe   Vcl.Forms                TApplication.HandleMessage
005c2961 +0c9 KompasAV.exe   Vcl.Forms                TApplication.Run
0078a21c +d2c KompasAV.exe   Venom           254 +183 initialization
77a33742 +022 KERNEL32.DLL                            BaseThreadInitThunk

thread $194c (TWndProc): <suspended>
006c58d9 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $1414:
76dc1280 +130 KERNELBASE.dll           WaitForMultipleObjectsEx
004cb795 +00d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept ThreadExceptFrame
77a33742 +022 KERNEL32.DLL             BaseThreadInitThunk
>> created by main thread ($13f4) at:
7509dc7b +000 combase.dll

thread $1788:
00719470 +030 KompasAV.exe madCodeHook 504 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
77a33742 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($13f4) at:
00719948 +270 KompasAV.exe madCodeHook 504 +0 CreateLpcQueue

thread $179c: <priority:1>
76db8d03 +093 KERNELBASE.dll                    WaitForSingleObjectEx
76db8c5d +00d KERNELBASE.dll                    WaitForSingleObject
007190f6 +012 KompasAV.exe   madCodeHook 504 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
77a33742 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($13f4) at:
00719969 +291 KompasAV.exe   madCodeHook 504 +0 CreateLpcQueue

thread $fbc:
00719470 +030 KompasAV.exe madCodeHook 504 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
77a33742 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($13f4) at:
00719948 +270 KompasAV.exe madCodeHook 504 +0 CreateLpcQueue

thread $cc4: <priority:1>
76db8d03 +093 KERNELBASE.dll                    WaitForSingleObjectEx
76db8c5d +00d KERNELBASE.dll                    WaitForSingleObject
007190f6 +012 KompasAV.exe   madCodeHook 504 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
77a33742 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($13f4) at:
00719969 +291 KompasAV.exe   madCodeHook 504 +0 CreateLpcQueue

thread $fa8 (TRegistryWatchdog):
76db8d03 +93 KERNELBASE.dll                       WaitForSingleObjectEx
76db8c5d +0d KERNELBASE.dll                       WaitForSingleObject
00725403 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
77a33742 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($13f4) at:
007252be +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $14c4 (TRegistryWatchdog):
76db8d03 +93 KERNELBASE.dll                       WaitForSingleObjectEx
76db8c5d +0d KERNELBASE.dll                       WaitForSingleObject
00725403 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
77a33742 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($13f4) at:
007252be +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

disassembling:
004081b4    public System.EndThread:         ; function entry point
004081b4 14   push    ebx
004081b5      mov     ebx, eax
004081b7      cmp     dword ptr [$78b03c], 0
004081be      jz      loc_4081c8
004081be
004081c0      mov     eax, ebx
004081c2      call    dword ptr [$78b03c]
004081c2
004081c8    loc_4081c8:
004081c8      push    ebx
004081c9    > call    -$591a ($4028b4)       ; System.ExitThread
004081c9
004081ce      pop     ebx
004081cf      ret

11

Re: Kompas Antivirus 3.3.0

FP Bro...

KompasAV menganggap file "prefs.js" milik Mozilla Firefox terinfeksi virus JS.NemucodX.Crypted (Mungkin bacanya nemu codex smile ).
Setahu ane (sudah ane lihat sendiri) file tersebut hanya berisi preference dari si-fox.
Seperti: userpref("blabla", 1)

Ane ngak bisa kirim samplenya. Soalnya ada pref. pribadi disana.
ini Checksumnya.
crc32->5dfc0073
md5->0edf963a2b13d8fb2040710fa3406cf5
sha1->d2626c329032d4818e4fbf0295049093571fe780
sha256->eea46fdc24baa9c840d014aed3e74116c729879ed59ffcc32c9178e87abaf189

Oh ya, bisa ngak KompasAV punya opsi di GUI-nya untuk menonaktifkan atau mengaktifkan Shell-Menu-nya (kcm).
Thanks.

12

Re: Kompas Antivirus 3.3.0

@Nd4, bug akan diperbaiki di update versi selanjutnya dalam 1x24 jam
@39c31eab, sudah ada revisi untuk pendeteksian ini beberapa waktu lalu. mudah2an sudah tidak FP.