> PENGUMUMAN <

**rendy** · 24-10-2011 08:31:59

rendy
Junior Member
Offline

From: Bekasi
Registered: 31-03-2011
Posts: 62

Topic: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

!) kmarin saya bru nyoba pke pcmav asgard. proses scanny terasa jauh lebih cepat dibanding versi valhalla , tapi saat sudah di tengah proses scan, % estimated completed ny berhenti tpi scan progress ny tetep bjalan trus. ini bug ato bukan ya??
2) pas ngescan harddisk pke asgard, kok slalu muncul pesan "Oh Dear - Crash" lalu muncul laporan bug spt ini:
(oia, bersihkan.exe dan asgard.exe itu pcmav scanner yg saya rename)
**bug report yg muncul saat pke OS Windows 7 Home Basic-64 bit

date/time         : 2011-10-23, 12:49:58, 472ms
computer name     : JOKAMERS-PC
user name         : Rendy <admin>
registered owner  : Rendy
operating system  : Windows 7 x64 build 7600
system language   : Indonesian
system up time    : 2 hours 38 minutes
program up time   : 29 minutes 1 second
processors        : 4x Intel(R) Atom(TM) CPU 330 @ 1.60GHz
physical memory   : 989/2038 MB (free/total)
free disk space   : (C:) 29,24 GB (D:) 50,37 GB
display mode      : 1280x800, 32 bit
process id        : $da0
allocated memory  : 283,37 MB
command line      : "D:\PCAntiOkt11\Bersihkan.exe" /FORCE
executable        : Bersihkan.exe
exec. date/time   : 2011-09-07 16:42
version           : 6.0.0.0
compiled with     : Delphi 2006/07
madExcept version : 3.0m beta 1
Bersihkan.exe.mad : $00026e28, $4d433f27, $4a241791
callstack crc     : $4d25f1c4, $c27ad7a6, $c27ad7a6
exception number  : 1
exception class   : EThread
exception message : Thread creation error: Not enough storage is available to process this command.

main thread ($150c):
00474860 +094 Bersihkan.exe segment%31  public%3426
005f1b9b +043 Bersihkan.exe segment%242 public%11758
0067f64b +00b Bersihkan.exe segment%291 public%13012
00490e5b +00f Bersihkan.exe segment%48  public%4327
00490d3f +02b Bersihkan.exe segment%48  public%4322
00475ecc +014 Bersihkan.exe segment%31  public%3532
7626810d +00a USER32.dll                DispatchMessageA
004c47f4 +0fc Bersihkan.exe segment%58  public%6000
004c482e +00a Bersihkan.exe segment%58  public%6002
004c4b3f +0b3 Bersihkan.exe segment%58  public%6007
0069027d +1c9 Bersihkan.exe segment%423 public%13231
76883675 +010 kernel32.dll              BaseThreadInitThunk

thread $1548 (TWndProc): <suspended>
0066786b +1f Bersihkan.exe segment%282 public%12790

thread $15b8:
76ed1edf +0b ntdll.dll     NtWaitForWorkViaWorkerFactory
76883675 +10 kernel32.dll  BaseThreadInitThunk

thread $157c:
76ed00f6 +0e ntdll.dll     NtWaitForMultipleObjects
76883675 +10 kernel32.dll  BaseThreadInitThunk

thread $b2c (TRegMonitorThread):
76ecf86a +0e ntdll.dll                  NtWaitForSingleObject
769e0810 +92 KERNELBASE.dll             WaitForSingleObjectEx
7688117f +3e kernel32.dll               WaitForSingleObjectEx
76881133 +0d kernel32.dll               WaitForSingleObject
00678eae +12 Bersihkan.exe  segment%288 public%12949
00452c7b +2b Bersihkan.exe  segment%23  public%2342
00474758 +34 Bersihkan.exe  segment%31  public%3425
004056f4 +28 Bersihkan.exe  segment%0   public%250
00452b5d +0d Bersihkan.exe  segment%23  public%2340
00452bc7 +37 Bersihkan.exe  segment%23  public%2341
76883675 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($150c) at:
00678d98 +18 Bersihkan.exe  segment%288 public%12946

thread $1774 (TRegMonitorThread):
76ecf86a +0e ntdll.dll                  NtWaitForSingleObject
769e0810 +92 KERNELBASE.dll             WaitForSingleObjectEx
7688117f +3e kernel32.dll               WaitForSingleObjectEx
76881133 +0d kernel32.dll               WaitForSingleObject
00678eae +12 Bersihkan.exe  segment%288 public%12949
00452c7b +2b Bersihkan.exe  segment%23  public%2342
00474758 +34 Bersihkan.exe  segment%31  public%3425
004056f4 +28 Bersihkan.exe  segment%0   public%250
00452b5d +0d Bersihkan.exe  segment%23  public%2340
00452bc7 +37 Bersihkan.exe  segment%23  public%2341
76883675 +10 kernel32.dll               BaseThreadInitThunk
>> created by main thread ($150c) at:
00678d98 +18 Bersihkan.exe  segment%288 public%12946

thread $1498:
76ecf86a +0e ntdll.dll       NtWaitForSingleObject
769e0810 +92 KERNELBASE.dll  WaitForSingleObjectEx
7688117f +3e kernel32.dll    WaitForSingleObjectEx
76883675 +10 kernel32.dll    BaseThreadInitThunk

thread $1124:
76ed1edf +0b ntdll.dll     NtWaitForWorkViaWorkerFactory
76883675 +10 kernel32.dll  BaseThreadInitThunk

thread $11bc:
76ed1edf +0b ntdll.dll     NtWaitForWorkViaWorkerFactory
76883675 +10 kernel32.dll  BaseThreadInitThunk

processes:
0000 Idle                    0 0   0
0004 System                  0 0   0
01a4 smss.exe                0 0   0   normal
0224 csrss.exe               0 0   0   normal
0250 wininit.exe             0 0   0   high
0268 csrss.exe               1 174 80  normal
0298 services.exe            0 0   0   normal
02b0 winlogon.exe            1 6   0   high
02cc lsass.exe               0 0   0   normal
02d4 lsm.exe                 0 0   0   normal
0338 svchost.exe             0 0   0   normal
0384 svchost.exe             0 0   0   normal
03d4 svchost.exe             0 0   0   normal
00f8 svchost.exe             0 0   0   normal
022c svchost.exe             0 0   0   normal
0418 svchost.exe             0 0   0   normal
04a0 svchost.exe             0 0   0   normal
0540 spoolsv.exe             0 0   0   normal
055c svchost.exe             0 0   0   normal
05d8 mdm.exe                 0 0   0   normal       C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG
060c StartManSvc.exe         0 0   0   normal       C:\Program Files (x86)\Common Files\PC Tools\sMonitor
07f0 taskhost.exe            1 162 64  normal
0604 dwm.exe                 1 15  2   high
0504 explorer.exe            1 672 456 above normal
07e8 RAVCpl64.exe            1 54  12  normal
0454 sidebar.exe             1 113 65  above normal
0998 SearchIndexer.exe       0 0   0   normal
0bdc MzCPUAccelerator.exe    1 79  38  normal
0930 MemoryImproveMaster.exe 1 658 227 normal       C:\Program Files (x86)\Memory Improve Master
07b0 localcooling2.exe       1 49  58  normal       C:\Program Files (x86)\Uniblue\LocalCooling
0568 svchost.exe             0 0   0   normal
08bc svchost.exe             0 0   0   normal
015c taskhost.exe            1 9   5   normal
0a50 svchost.exe             0 0   0   below normal
11c8 igfxsrvc.exe            1 9   2   normal
0da0 Bersihkan.exe           1 254 176 above normal D:\PCAntiOkt11
0bc0 WUDFHost.exe            0 0   0   normal
11ec SearchProtocolHost.exe  0 0   0   idle
15f0 audiodg.exe             0 0   0
132c SearchFilterHost.exe    0 0   0   idle

cpu registers:
eax = 7eb98900
ebx = 00000000
ecx = 00000000
edx = 00474860
esi = 0e1cae00
edi = 00000000
eip = 00474860
esp = 0018fcfc
ebp = 0018fd50

stack dump:
0018fcfc  60 48 47 00 de fa ed 0e - 01 00 00 00 07 00 00 00  `HG.............
0018fd0c  10 fd 18 00 60 48 47 00 - 00 89 b9 7e 00 00 00 00  ....`HG....~....
0018fd1c  00 ae 1c 0e 00 00 00 00 - 50 fd 18 00 2c fd 18 00  ........P...,...
0018fd2c  58 fd 18 00 d0 4f 40 00 - 50 fd 18 00 00 ae 1c 0e  X....O@.P.......
0018fd3c  00 00 00 00 00 00 00 00 - 58 1d 7c 02 0b 47 40 00  ........X.|..G@.
0018fd4c  78 13 7c 00 80 fd 18 00 - a0 1b 5f 00 64 fd 18 00  x.|......._.d...
0018fd5c  d0 4f 40 00 80 fd 18 00 - 98 fd 18 00 67 51 40 00  .O@.........gQ@.
0018fd6c  80 fd 18 00 00 ae 1c 0e - 4c 0e 49 00 78 13 7c 02  ........L.I.x.|.
0018fd7c  00 00 00 01 b4 fd 18 00 - 50 f6 67 00 00 00 00 00  ........P.g.....
0018fd8c  5e 0e 49 00 bc fd 18 00 - 44 0d 49 00 60 fe 18 00  ^.I.....D.I.`...
0018fd9c  a0 4d 40 00 b4 fd 18 00 - 00 00 00 00 a6 0d 7c 00  .M@...........|.
0018fdac  00 00 00 00 78 13 7c 02 - cc fd 18 00 ce 5e 47 00  ....x.|......^G.
0018fdbc  13 01 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fdcc  f8 fd 18 00 38 62 26 76 - 98 04 32 00 13 01 00 00  ....8b&v..2.....
0018fddc  01 00 00 00 00 00 00 00 - a6 0d 7c 00 cd ab ba dc  ..........|.....
0018fdec  00 00 00 00 00 00 00 00 - a6 0d 7c 00 70 fe 18 00  ..........|.p...
0018fdfc  ea 68 26 76 a6 0d 7c 00 - 98 04 32 00 13 01 00 00  .h&v..|...2.....
0018fe0c  01 00 00 00 00 00 00 00 - 99 48 5e 5a 0c ff 18 00  .........H^Z....
0018fe1c  04 ff 18 00 10 0e d6 00 - 24 00 00 00 01 00 00 00  ........$.......
0018fe2c  00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff  ........0.......

disassembling:
004747cc public segment%31.public%3426 (Bersihkan.exe):  ; function entry point
004747cc   push    ebp
004747cd   mov     ebp, esp
004747cf   add     esp, -$10
004747d2   push    ebx
004747d3   push    esi
004747d4   xor     ebx, ebx
004747d6   mov     [ebp-$10], ebx
004747d9   test    dl, dl
004747db   jz      loc_4747e5
004747db
004747dd   add     esp, -$10
004747e0   call    -$6fd05 ($404ae0)      ; segment%0.public%212 (Bersihkan.exe)
004747e0
004747e5 loc_4747e5:
004747e5   mov     ebx, ecx
004747e7   mov     [ebp-1], dl
004747ea   mov     esi, eax
004747ec   xor     eax, eax
004747ee   push    ebp
004747ef   push    $474876                ; segment%0.public%227 (Bersihkan.exe)
004747f4   push    dword ptr fs:[eax]
004747f7   mov     fs:[eax], esp
004747fa   xor     edx, edx
004747fc   mov     eax, esi
004747fe   call    -$700b7 ($40474c)      ; segment%0.public%189 (Bersihkan.exe)
004747fe
00474803   call    -$2d4 ($474534)        ; segment%31.public%3422 (Bersihkan.exe)
00474803
00474808   mov     [esi+$e], bl
0047480b   mov     [esi+$c], bl
0047480e   push    esi
0047480f   push    4
00474811   lea     eax, [esi+8]
00474814   push    eax
00474815   mov     ecx, $474724           ; segment%31.public%3425 (Bersihkan.exe)
0047481a   xor     edx, edx
0047481c   xor     eax, eax
0047481e   call    -$6f11f ($405704)      ; segment%0.public%251 (Bersihkan.exe)
0047481e
00474823   mov     ebx, eax
00474825   mov     [esi+4], ebx
00474828   test    ebx, ebx
0047482a   jnz     loc_474860
0047482a
0047482c   call    -$6c29d ($408594)      ; segment%3.public%558 (Bersihkan.exe)
0047482c
00474831   lea     edx, [ebp-$10]
00474834   call    -$17945 ($45cef4)      ; segment%26.public%2599 (Bersihkan.exe)
00474834
00474839   mov     eax, [ebp-$10]
0047483c   mov     [ebp-$c], eax
0047483f   mov     byte ptr [ebp-8], $b
00474843   lea     eax, [ebp-$c]
00474846   push    eax
00474847   push    0
00474849   mov     ecx, [$6a22b8]
0047484f   mov     dl, 1
00474851   mov     eax, [$469248]
00474856   call    -$1702b ($45d830)      ; segment%26.public%2617 (Bersihkan.exe)
00474856
0047485b   call    -$6f76c ($4050f4)      ; segment%0.public%230 (Bersihkan.exe)
0047485b
00474860 loc_474860:
00474860 > xor     eax, eax
00474862   pop     edx
00474863   pop     ecx
00474864   pop     ecx
00474865   mov     fs:[eax], edx
00474868   push    $47487d
00474865
0047486d loc_47486d:
0047486d   lea     eax, [ebp-$10]
00474870   call    -$6f0f5 ($405780)      ; segment%0.public%253 (Bersihkan.exe)
00474870
00474875   ret
00474875
00474875 ; ---------------------------------------------------------
00474875
00474876   jmp     -$6f92b ($404f50)      ; segment%0.public%227 (Bersihkan.exe)
00474876
0047487b   jmp     loc_47486d
0047487b
0047487b ; ---------------------------------------------------------
0047487b
0047487d   mov     eax, esi
0047487f   cmp     byte ptr [ebp-1], 0
00474883   jz      loc_474894
00474883
00474885   call    -$6fd52 ($404b38)      ; segment%0.public%214 (Bersihkan.exe)
00474885
0047488a   pop     dword ptr fs:[0]
00474891   add     esp, $c
0047488a
00474894 loc_474894:
00474894   mov     eax, esi
00474896   pop     esi
00474897   pop     ebx
00474898   mov     esp, ebp
0047489a   pop     ebp
0047489b   ret

**bug report yg muncul saat pke OS Mini WinXP dari Hiren

date/time         : 2011-10-23, 23:07:59, 62ms
computer name     : MiniXP
user name         : SYSTEM <admin>
registered owner  : Hiren / [url]http://www.hiren.info[/url]
operating system  : Windows XP build 2600
system language   : English
system up time    : 9 minutes 11 seconds
program up time   : 4 minutes
processor         : Intel(R) Atom(TM) CPU 330 @ 1.60GHz
physical memory   : 1253/2038 MB (free/total)
free disk space   : (X:) 18.78 MB (D:) 50.17 GB
display mode      : 800x600, 32 bit
process id        : $56c
allocated memory  : 265.19 MB
command line      : Asgard.exe /FORCE
executable        : Asgard.exe
exec. date/time   : 2011-09-07 09:42
version           : 6.0.0.0
compiled with     : Delphi 2006/07
madExcept version : 3.0m beta 1
Asgard.exe.mad    : $00026e28, $4d433f27, $4a241791
callstack crc     : $51779c63, $596aadf8, $596aadf8
count             : 2
exception number  : 1
exception class   : EThread
exception message : Thread creation error: Not enough storage is available to process this command.

main thread ($578):
00474860 +094 Asgard.exe segment%31  public%3426
005f1b9b +043 Asgard.exe segment%242 public%11758
0067f64b +00b Asgard.exe segment%291 public%13012
00490e5b +00f Asgard.exe segment%48  public%4327
00490d3f +02b Asgard.exe segment%48  public%4322
00475ecc +014 Asgard.exe segment%31  public%3532
7e4196c2 +00a USER32.dll             DispatchMessageA
004c47f4 +0fc Asgard.exe segment%58  public%6000
004c482e +00a Asgard.exe segment%58  public%6002
004c4b3f +0b3 Asgard.exe segment%58  public%6007
0069027d +1c9 Asgard.exe segment%423 public%13231

thread $558 (TWndProc): <suspended>
0066786b +1f Asgard.exe segment%282 public%12790

thread $574:
7c90d9ba +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
005b674d +1e5 Asgard.exe   segment%208 public%10609
00452b5d +00d Asgard.exe   segment%23  public%2340
00452bc7 +037 Asgard.exe   segment%23  public%2341
>> created by thread $598 at:
005b69bc +22c Asgard.exe   segment%208 public%10610

thread $5a0:
7c90d1fa +a ntdll.dll  NtDelayExecution

thread $590:
7c90da2a +a ntdll.dll  NtRemoveIoCompletion

thread $58c:
7c90df2a +a ntdll.dll  NtWaitForMultipleObjects

thread $238 (TRegMonitorThread):
7c90df3a +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
00678eae +12 Asgard.exe   segment%288 public%12949
00452c7b +2b Asgard.exe   segment%23  public%2342
00474758 +34 Asgard.exe   segment%31  public%3425
004056f4 +28 Asgard.exe   segment%0   public%250
00452b5d +0d Asgard.exe   segment%23  public%2340
00452bc7 +37 Asgard.exe   segment%23  public%2341
>> created by main thread ($578) at:
00678d98 +18 Asgard.exe   segment%288 public%12946

thread $51c (TRegMonitorThread):
7c90df3a +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
00678eae +12 Asgard.exe   segment%288 public%12949
00452c7b +2b Asgard.exe   segment%23  public%2342
00474758 +34 Asgard.exe   segment%31  public%3425
004056f4 +28 Asgard.exe   segment%0   public%250
00452b5d +0d Asgard.exe   segment%23  public%2340
00452bc7 +37 Asgard.exe   segment%23  public%2341
>> created by main thread ($578) at:
00678d98 +18 Asgard.exe   segment%288 public%12946

thread $5dc:
7c90df2a +0a ntdll.dll               NtWaitForMultipleObjects
7c80956e +00 kernel32.dll            WaitForMultipleObjectsEx
7e4195f3 +00 USER32.dll              MsgWaitForMultipleObjectsEx
7e4196a3 +1a USER32.dll              MsgWaitForMultipleObjects
00452b5d +0d Asgard.exe   segment%23 public%2340
00452bc7 +37 Asgard.exe   segment%23 public%2341
>> created by thread $570 at:
100048c3 +00 catchnet.dll

thread $5c4:
7c90d9ba +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
005b674d +1e5 Asgard.exe   segment%208 public%10609
00452b5d +00d Asgard.exe   segment%23  public%2340
00452bc7 +037 Asgard.exe   segment%23  public%2341
>> created by thread $570 at:
005b69bc +22c Asgard.exe   segment%208 public%10610

thread $640:
7c90da8a +0a ntdll.dll             NtReplyWaitReceivePortEx
00452b5d +0d Asgard.exe segment%23 public%2340
00452bc7 +37 Asgard.exe segment%23 public%2341
>> created by main thread ($578) at:
77e7df36 +00 RPCRT4.dll

thread $5b4:
7c90d1fa +0a ntdll.dll               NtDelayExecution
7c8023eb +4b kernel32.dll            SleepEx
7c802450 +0a kernel32.dll            Sleep
00452b5d +0d Asgard.exe   segment%23 public%2340
00452bc7 +37 Asgard.exe   segment%23 public%2341
>> created by main thread ($578) at:
7752fd64 +00 ole32.dll

thread $5bc:
7c90da8a +0a ntdll.dll             NtReplyWaitReceivePortEx
00452b5d +0d Asgard.exe segment%23 public%2340
00452bc7 +37 Asgard.exe segment%23 public%2341
>> created by thread $640 at:
77e7df36 +00 RPCRT4.dll

thread $5ec:
7c90da8a +0a ntdll.dll             NtReplyWaitReceivePortEx
00452b5d +0d Asgard.exe segment%23 public%2340
00452bc7 +37 Asgard.exe segment%23 public%2341
>> created by thread $5bc at:
77e7df36 +00 RPCRT4.dll

thread $650:
>> stack not accessible

thread $5f0 (TSearchThread):
7c90d09a +00a ntdll.dll                NtCreateFile
7c8109a0 +1b0 kernel32.dll             CreateFileW
7c801a4e +026 kernel32.dll             CreateFileA
005f8a4a +07a Asgard.exe   segment%260 public%11947
00683e6b +5eb Asgard.exe   segment%291 public%13034
005a4abf +0cf Asgard.exe   segment%206 public%10417
005a4e41 +181 Asgard.exe   segment%206 public%10426
005a4f93 +2d3 Asgard.exe   segment%206 public%10426
005a4caf +043 Asgard.exe   segment%206 public%10425
005a487c +02c Asgard.exe   segment%206 public%10413
004056f4 +028 Asgard.exe   segment%0   public%250
00452b5d +00d Asgard.exe   segment%23  public%2340
00452bc7 +037 Asgard.exe   segment%23  public%2341
>> created by main thread ($578) at:
005a4813 +01f Asgard.exe   segment%206 public%10412

processes:
000 Idle         0   0
004 System       0   0   normal
09c smss.exe     0   0   normal X:\i386\system32
0c4 csrss.exe    52  48  normal X:\i386\system32
0d8 winlogon.exe 4   1   high   X:\i386\system32
100 services.exe 4   0   normal X:\i386\system32
10c lsass.exe    4   0   normal X:\i386\system32
114 PELoader.exe 4   0   normal X:\i386\system32
124 explorer.exe 131 48  normal X:\i386
1ac svchost.exe  4   0   normal X:\i386\system32
1d4 svchost.exe  4   0   normal X:\i386\system32
1e4 svchost.exe  4   1   normal X:\i386\System32
56c Asgard.exe   234 148 normal D:\PCAntiOkt11

cpu registers:
eax = 7a7a9140
ebx = 00000000
ecx = 00000000
edx = 00474860
esi = 054c3680
edi = 0012fe7c
eip = 00474860
esp = 0012fd44
ebp = 0012fd98

stack dump:
0012fd44  60 48 47 00 de fa ed 0e - 01 00 00 00 07 00 00 00  `HG.............
0012fd54  58 fd 12 00 60 48 47 00 - 40 91 7a 7a 00 00 00 00  X...`HG.@.zz....
0012fd64  80 36 4c 05 7c fe 12 00 - 98 fd 12 00 74 fd 12 00  .6L.|.......t...
0012fd74  a0 fd 12 00 d0 4f 40 00 - 98 fd 12 00 80 36 4c 05  .....O@......6L.
0012fd84  00 00 00 00 00 00 00 00 - 48 57 a8 42 0b 47 40 00  ........HW.B.G@.
0012fd94  38 87 2d 00 c8 fd 12 00 - a0 1b 5f 00 ac fd 12 00  8.-......._.....
0012fda4  d0 4f 40 00 c8 fd 12 00 - e0 fd 12 00 67 51 40 00  .O@.........gQ@.
0012fdb4  c8 fd 12 00 80 36 4c 05 - 4c 0e 49 00 38 87 2d 01  .....6L.L.I.8.-.
0012fdc4  00 00 00 01 fc fd 12 00 - 50 f6 67 00 00 00 00 00  ........P.g.....
0012fdd4  5e 0e 49 00 04 fe 12 00 - 44 0d 49 00 98 fe 12 00  ^.I.....D.I.....
0012fde4  a0 4d 40 00 fc fd 12 00 - 7c fe 12 00 a6 0d ea 00  .M@.....|.......
0012fdf4  00 00 00 00 38 87 2d 01 - 14 fe 12 00 ce 5e 47 00  ....8.-......^G.
0012fe04  13 01 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00  ................
0012fe14  40 fe 12 00 34 87 41 7e - 06 01 07 00 13 01 00 00  @...4.A~........
0012fe24  01 00 00 00 00 00 00 00 - a6 0d ea 00 cd ab ba dc  ................
0012fe34  00 00 00 00 7c fe 12 00 - a6 0d ea 00 a8 fe 12 00  ....|...........
0012fe44  16 88 41 7e a6 0d ea 00 - 06 01 07 00 13 01 00 00  ..A~............
0012fe54  01 00 00 00 00 00 00 00 - 44 ff 12 00 3c ff 12 00  ........D...<...
0012fe64  98 10 ab 00 14 00 00 00 - 01 00 00 00 00 00 00 00  ................
0012fe74  00 00 00 00 10 00 00 00 - 00 00 00 00 00 00 00 00  ................

disassembling:
004747cc public segment%31.public%3426 (Asgard.exe):  ; function entry point
004747cc   push    ebp
004747cd   mov     ebp, esp
004747cf   add     esp, -$10
004747d2   push    ebx
004747d3   push    esi
004747d4   xor     ebx, ebx
004747d6   mov     [ebp-$10], ebx
004747d9   test    dl, dl
004747db   jz      loc_4747e5
004747db
004747dd   add     esp, -$10
004747e0   call    -$6fd05 ($404ae0)      ; segment%0.public%212 (Asgard.exe)
004747e0
004747e5 loc_4747e5:
004747e5   mov     ebx, ecx
004747e7   mov     [ebp-1], dl
004747ea   mov     esi, eax
004747ec   xor     eax, eax
004747ee   push    ebp
004747ef   push    $474876                ; segment%0.public%227 (Asgard.exe)
004747f4   push    dword ptr fs:[eax]
004747f7   mov     fs:[eax], esp
004747fa   xor     edx, edx
004747fc   mov     eax, esi
004747fe   call    -$700b7 ($40474c)      ; segment%0.public%189 (Asgard.exe)
004747fe
00474803   call    -$2d4 ($474534)        ; segment%31.public%3422 (Asgard.exe)
00474803
00474808   mov     [esi+$e], bl
0047480b   mov     [esi+$c], bl
0047480e   push    esi
0047480f   push    4
00474811   lea     eax, [esi+8]
00474814   push    eax
00474815   mov     ecx, $474724           ; segment%31.public%3425 (Asgard.exe)
0047481a   xor     edx, edx
0047481c   xor     eax, eax
0047481e   call    -$6f11f ($405704)      ; segment%0.public%251 (Asgard.exe)
0047481e
00474823   mov     ebx, eax
00474825   mov     [esi+4], ebx
00474828   test    ebx, ebx
0047482a   jnz     loc_474860
0047482a
0047482c   call    -$6c29d ($408594)      ; segment%3.public%558 (Asgard.exe)
0047482c
00474831   lea     edx, [ebp-$10]
00474834   call    -$17945 ($45cef4)      ; segment%26.public%2599 (Asgard.exe)
00474834
00474839   mov     eax, [ebp-$10]
0047483c   mov     [ebp-$c], eax
0047483f   mov     byte ptr [ebp-8], $b
00474843   lea     eax, [ebp-$c]
00474846   push    eax
00474847   push    0
00474849   mov     ecx, [$6a22b8]
0047484f   mov     dl, 1
00474851   mov     eax, [$469248]
00474856   call    -$1702b ($45d830)      ; segment%26.public%2617 (Asgard.exe)
00474856
0047485b   call    -$6f76c ($4050f4)      ; segment%0.public%230 (Asgard.exe)
0047485b
00474860 loc_474860:
00474860 > xor     eax, eax
00474862   pop     edx
00474863   pop     ecx
00474864   pop     ecx
00474865   mov     fs:[eax], edx
00474868   push    $47487d
00474865
0047486d loc_47486d:
0047486d   lea     eax, [ebp-$10]
00474870   call    -$6f0f5 ($405780)      ; segment%0.public%253 (Asgard.exe)
00474870
00474875   ret
00474875
00474875 ; ---------------------------------------------------------
00474875
00474876   jmp     -$6f92b ($404f50)      ; segment%0.public%227 (Asgard.exe)
00474876
0047487b   jmp     loc_47486d
0047487b
0047487b ; ---------------------------------------------------------
0047487b
0047487d   mov     eax, esi
0047487f   cmp     byte ptr [ebp-1], 0
00474883   jz      loc_474894
00474883
00474885   call    -$6fd52 ($404b38)      ; segment%0.public%214 (Asgard.exe)
00474885
0047488a   pop     dword ptr fs:[0]
00474891   add     esp, $c
0047488a
00474894 loc_474894:
00474894   mov     eax, esi
00474896   pop     esi
00474897   pop     ebx
00474898   mov     esp, ebp
0047489a   pop     ebp
0047489b   ret

apa masalahny ada di memory compie ya? saya udh coba pke memory diagnostic tool dr OSny tp gak ada error apapun. spec RAM saya 2 GB. mohon pencerahan dan solusinya...

Last edited by rendy (02-11-2011 12:59:56)

Indahnya saling berbagi kebaikan ^^

**fajar.anggiawan** · 24-10-2011 09:51:37

fajar.anggiawan
Super ModeratoЯ
Offline

Registered: 02-04-2010
Posts: 442
User Karma: 18

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

Memang ada ketidakcocokan PCMAV dengan lib ClamAV terbaru. Silahkan menggunakan lib ClamAV versi sebelumnya yang dapat di download di _http://www.sendspace.com/file/0rgasu agar tidak terjadi permasalahan serupa.

**rendy** · 31-10-2011 10:07:59

rendy
Junior Member
Offline

From: Bekasi
Registered: 31-03-2011
Posts: 62

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

fajar.anggiawan wrote:

Memang ada ketidakcocokan PCMAV dengan lib ClamAV terbaru. Silahkan menggunakan lib ClamAV versi sebelumnya yang dapat di download di _http://www.sendspace.com/file/0rgasu agar tidak terjadi permasalahan serupa.

masalah dgn clamav nya udh teratasi mas fajar ^^. tp knapa ya, waktu pas nyoba ngescan virus ramnit pke OS Win7 Home Basic 64 bit atopun pke OS mini WinXP dari Hiren kok gak kedetek?? pdhl klo nyoba discan pke RamnitKiller langsung kedetek sbg varian Ramnit.A.html. (Apa ketidakcocokan dgn Clamav nya hanya pada lib Clamav ny aja? bgmn dgn file Microsoft.VC80.CRT.manifest, msvcm80.dll, msvcp80.dll, dan msvcr80.dll?)
itu yg pertama, yg kedua juga begitu. pas ngescan fd yg berisi folder Recycler yg notabene ny virus, kok gak kedetek sama scannernya ya? RTPny juga gak ngedetek. tp pas saya coba kopikan folder Recycler itu ke fd td, RTP bru beraksi utk mencegat varian Ramnit.B.dropper yg ada dlm folder Recycler itu. Nah, pas saya coba scan pke RamnitKiller, baru deh langsung bersih virusnya. knpa bisa bgini ya?? apa ada hubungannya dgn system volume information harddisk dan system restore yg gak pernah saya matikan ketika ngescan??
oia, apakah smw versi PCMAV Express itu masih blum bisa kompatibel dgn OS yg 64 bit spt Win7 Home Basic ya? Soalnya pas saya pke PCMAV Express di Win7 64 bit, pasti ngehang di tengah proses, tp pas saya pke di mini WinXP Hiren baru bisa lancar.
mohon pencerahannya... maju terus PC Media n PCMAV nya!!

Last edited by rendy (31-10-2011 10:12:22)

Indahnya saling berbagi kebaikan ^^

**rendy** · 02-11-2011 15:52:18

rendy
Junior Member
Offline

From: Bekasi
Registered: 31-03-2011
Posts: 62

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

saya punya sampel virus ramnit yg saya ambil link ny dari lapak sebelah...
http://www.mediafire.com/?502z0bekl89din1
klo pas saya scan pke Asgard (plus update-an tgl 2/11/2011) +Clamav 0.95.3 (lib tgl 22/11/2009; daily.cvd tgl 22/10/2011; main.cvd tgl 14/11/2010) di kompie dgn OS Win7 64 bit, gak kedetek sama skali.. apa ini ramnit varian baru ya?? klo saya scan pke segitiga ijo versi 8.7, kedetek dgn nama Ramnit.A dan Ramnit.H
bgi temen2 forum yg mw donlot, monggo... passwordny: virus

Last edited by rendy (15-11-2011 14:44:30)

Indahnya saling berbagi kebaikan ^^

**rendy** · 15-11-2011 14:56:26

rendy
Junior Member
Offline

From: Bekasi
Registered: 31-03-2011
Posts: 62

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

rendy wrote:

saya punya sampel virus ramnit yg saya ambil link ny dari lapak sebelah...
http://www.mediafire.com/?502z0bekl89din1
klo pas saya scan pke Asgard (plus update-an tgl 2/11/2011) +Clamav 0.95.3 (lib tgl 22/11/2009; daily.cvd tgl 22/10/2011; main.cvd tgl 14/11/2010) di kompie dgn OS Win7 64 bit, gak kedetek sama skali.. apa ini ramnit varian baru ya?? klo saya scan pke segitiga ijo versi 8.7, kedetek dgn nama Ramnit.A dan Ramnit.H
bgi temen2 forum yg mw donlot, monggo... passwordny: virus

Ternyata setelah saya coba jalankan PCMAV Asgard 6.0 dari DVD PC Media utk mengescan virus di atas, masih tdk terdetek juga. Tapi setelah saya scan pke PCMAV Valhalla 5.3, virus itu terdeteksi sbg Ramnit dan bisa dihapus. Saya bingung, apa ada masalah di file tertentu dlm folder PCMAV Asgard 6.0? Lalu saya coba timpa satu per satu file lib PCMAV Valhalla 5.3 ke folder lib PCMAV Asgard 6.0, namun tetap saja Asgard tdk bisa mendeteksi virus Ramnit di atas. Setelah itu, saya kembalikan folder lib versi 6.0 ke folder PCMAV Asgard 6.0 lagi, tp kali ini saya coba ganti file .exe versi 6.0 dgn file .exe versi 5.3, dan HASILNYA adl virus Ramnit tsb terdeteksi!! [Saya jalankan scanner ny di OS WinXP SP3, tp mungkin bukan masalah pd OS nya]
Jadi kesimpulan saya, mungkin file .exe PCMAV versi 6.0 ada sedikit masalah sampai2 tdk bisa mendeteksi virus Ramnit yg varianny udh dikenal sejak versi 5.3 bahkan virus Dewasa dan ServMouse juga tdk terdeteksi. Mohon tim PCMAV bs melakukan klarifikasi agar tdk terjadi hal serupa di versi2 PCMAV selanjutnya... Maju terus PCMAV!!

Last edited by rendy (15-11-2011 14:58:19)

Indahnya saling berbagi kebaikan ^^

**Rahman** · 15-11-2011 22:43:33

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 724
User Karma: 32

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

Tim pcmav apa yg di sampaikan Mas Rendi itu sangat benar, saat scanning berlangsung pcmav tidak mendeteksi adanya viruz tetapi rtpnya aja yg proaktif. kenapa demikian tim pcmav, apa yg menyebabkan Scanner dan RTP nggk kompak deteknya. seperti contoh virus ramnit dan ngerbot yg menjangkiti PC dan saat dilakukan scanning PCMAV 6.1 tidak mendteksi keberadaan virus di Local disk C; padahl tiap flash disk yg di colok di PC tersebut langsung deh jadi shorcut dan kalau di scan dgn PCMAV di PC lain terdeteksi sebagai ngrbot.A. dan juga file RECYCLER yang di deteksi pcmav sebagai Ramnit, ada 1 yg tidak terdeteksi padahl itu virus bila di scan pakai clamav. samplenya sudah saya upload tapi sampai sekarang belum keluar updatenya.
untuk hal yang lain PCMAV 6.1 top markotop,

"APA YANG MENYEBABKAN SAAT SCANNER PCMAV 6.1 TIDAK MENDETEKSI KEBERADAAN VIRUS YANG TERINFEKSI DI SYSTEM PADAHAL VIRUS TERSEBUT SUDAH ADA DALAM DATABASE PCMAV (TERUTAMA RAMNIT DAN NGRBOT) ANEHNYA RTP PCMAV mengenal dan mendetksi virus tersebut.???

Last edited by Rahman (15-11-2011 22:46:36)

**joko.nurjadi** · 16-11-2011 08:11:31

joko.nurjadi
Super Moderator
Offline

Registered: 24-12-2009
Posts: 200
User Karma: 11

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

@rendy & Rahman, terima kasih buat laporannya, akan kami ujicoba lagi. Untuk menyamakan persepsi, apakah virus Ramnit dalam keadaan sudah aktif atau belum? Kalau dalam keadaan tidak aktif, barusan saya coba PCMAV 5.3 maupun 6.0 dapat mendeteksi Ramnit dari link yang diberikan rendy, nanti saya coba dengan kondisi virus sengaja diaktifkan.

.: PC Media :.

**rendy** · 17-11-2011 09:02:35

rendy
Junior Member
Offline

From: Bekasi
Registered: 31-03-2011
Posts: 62

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

joko.nurjadi wrote:

@rendy & Rahman, terima kasih buat laporannya, akan kami ujicoba lagi. Untuk menyamakan persepsi, apakah virus Ramnit dalam keadaan sudah aktif atau belum? Kalau dalam keadaan tidak aktif, barusan saya coba PCMAV 5.3 maupun 6.0 dapat mendeteksi Ramnit dari link yang diberikan rendy, nanti saya coba dengan kondisi virus sengaja diaktifkan.

Klo saya sih sngaja nyimpen sampel virus Ramnit, ServMouse, dan Dewasa yg saya ambil dari link di forum ini. tp sampel itu saya kompres ke file .zip mas, biar gak nyebar. cuma utk nyoba scanner ny aja, brgkali gak bisa mendeteksi lagi. oia, pernah juga pas ngaktifin RTP Asgard 6.0 dan coba mengakses folder RECYCLER di fdisk yg notabene ny bawa virus Ramnit, RTP gak mendeteksiny sbg virus. tp anehny, pas saya coba kopikan folder RECYCLER tsb ke fdisk td, RTP nya baru aktif dan mendeteksiny sbg virus Ramnit (stlh itu langsung saya clean dari RTP, jd gak sempet nyoba scannerny).
pdhl sblum saya kopikan folder tsb, baik scanner maupun RTP sama2 tdk bs mendeteksinya.

Last edited by rendy (17-11-2011 09:08:29)

Indahnya saling berbagi kebaikan ^^

**Rahman** · 17-11-2011 12:18:52

Rahman
VIP
Offline

Registered: 31-05-2010
Posts: 724
User Karma: 32

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

TEAM PCMAV ADA LAGI NIH BUG PCMAV ASGARD 6.1
Chef extman.exe koq manglami stop working saat kita gunakan extension manager (attribut fixer) kemudian di exit langsung muncul deh pesan bahwa extman.exe stop working.

"saran untuk tim pcmav, extension managernya di tes semua dulu dan di exit, supaya tim pcmav tahu pesan error yg terjadi pada pcmav di windows 7 ultimate build 7600.

VARIANT RAMNIT TERBARU YANG BELUM TERDETEKSI PCMAV 6.1, SAMPLENYA SUDAH SAYA UPLOAD TETAPI SAMPAI SEKARANG KOQ BELUM BS DI TANGANI PCMAV ASGARD 6.1. MOHON DIPERHATIKAN VIRUS YANG SAYA UPLOAD DENGAN NAMA e5188982.exe

Last edited by Rahman (17-11-2011 12:31:35)

> PENGUMUMAN <

Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

Posts [ 9 ]

1 Topic by rendy 24-10-2011 08:31:59

Topic: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

2 Reply by fajar.anggiawan 24-10-2011 09:51:37

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

3 Reply by rendy 31-10-2011 10:07:59

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

4 Reply by rendy 02-11-2011 15:52:18

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

5 Reply by rendy 15-11-2011 14:56:26

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

6 Reply by Rahman 15-11-2011 22:43:33

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

7 Reply by joko.nurjadi 16-11-2011 08:11:31

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

8 Reply by rendy 17-11-2011 09:02:35

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

9 Reply by Rahman 17-11-2011 12:18:52

Re: Problem PCMAV Asgard dgn Clamav dlm fitur scanner dan RTP

Posts [ 9 ]