Ajang diskusi malware di Indonesia & reverse code engineering.
You are not logged in. Please login or register.
Dear team,
Saya menemukan masalah file vx.sig corrupt. Apakah teman2 ada yg menemukan masalah yg sama?
berikut gambar yang saya capture.
Terima kasih.
Saya Ingin Melaporkan Bug PCMAV yang ketika OS ingin di Shutdown (Lupa bagaimana bisa terjadi), Muncul error berikut ini. Isi dari bugreport tidak saya kurangi, tetapi saya bingung tidak ada bagian disasembling.
date/time : 2012-04-04, 17:14:57, 781ms
computer name : MB-89BD3596CD75
user name : mb <admin>
registered owner : MB / MB
operating system : Windows XP Service Pack 2 build 2600
system language : English
system up time : 2 hours 9 minutes
program up time : 17 minutes 52 seconds
processors : 2x Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
physical memory : 726/1014 MB (free/total)
free disk space : (C:) 93.98 GB
display mode : 1024x768, 32 bit
process id : $25c
allocated memory : 44.43 MB
executable : PCMAV.exe
exec. date/time : 2012-03-19 13:36
version : 7.0.61078.27766
compiled with : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad : $0003bfbc, $34804073, $1164c539
callstack crc : $c4a387b2, $a3d0f032, $a3d0f032
exception number : 1
exception class : Unknown
exception message : Unknown.
main thread ($ca8):
00520066 +0e2 PCMAV.exe segment%66 public%6969
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00406f7a +002 PCMAV.exe segment%0 public%260
00454e8c +03c PCMAV.exe segment%26 public%2412
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
77d4b237 +052 USER32.dll DefWindowProcW
77d4c02f +016 USER32.dll CallWindowProcW
00501ce0 +0d8 PCMAV.exe segment%62 public%6159
005a0322 +05a PCMAV.exe segment%79 public%9638
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00406924 +008 PCMAV.exe segment%0 public%227
008dbd71 +0cd PCMAV.exe segment%265 public%20726
00841371 +015 PCMAV.exe segment%171 public%18459
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
77d4b7a6 +044 USER32.dll SendMessageW
0059af80 +010 PCMAV.exe segment%79 public%9474
005a05c7 +10b PCMAV.exe segment%79 public%9643
005017e7 +1b7 PCMAV.exe segment%62 public%6158
005178f4 +06c PCMAV.exe segment%63 public%6726
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
0059e072 +5f2 PCMAV.exe segment%79 public%9586
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
7c90eae0 +010 ntdll.dll KiUserCallbackDispatcher
77d493da +162 USER32.dll PeekMessageW
005a7084 +014 PCMAV.exe segment%79 public%9876
005a718e +00a PCMAV.exe segment%79 public%9877
007c016d +141 PCMAV.exe segment%164 public%18068
008da53a +006 PCMAV.exe segment%265 public%20689
004fd7f3 +06f PCMAV.exe segment%62 public%6006
00517c2a +01e PCMAV.exe segment%63 public%6738
00518718 +010 PCMAV.exe segment%63 public%6770
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
005178f4 +06c PCMAV.exe segment%63 public%6726
004fcebc +024 PCMAV.exe segment%62 public%5992
00501d33 +023 PCMAV.exe segment%62 public%6160
005027bf +00b PCMAV.exe segment%62 public%6168
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d4b7a6 +044 USER32.dll SendMessageW
77d4c02f +016 USER32.dll CallWindowProcW
00501ce0 +0d8 PCMAV.exe segment%62 public%6159
004fdc48 +010 PCMAV.exe segment%62 public%6023
004fdbb2 +07e PCMAV.exe segment%62 public%6020
004fd298 +2d4 PCMAV.exe segment%62 public%5999
00501be3 +5b3 PCMAV.exe segment%62 public%6158
005178f4 +06c PCMAV.exe segment%63 public%6726
00501238 +02c PCMAV.exe segment%62 public%6153
0048668c +014 PCMAV.exe segment%30 public%3805
77d489e3 +00a USER32.dll DispatchMessageW
005a7163 +0f3 PCMAV.exe segment%79 public%9876
005a71a6 +00a PCMAV.exe segment%79 public%9878
005a74d9 +0c9 PCMAV.exe segment%79 public%9883
008eb1e4 +0d0 PCMAV.exe segment%393 public%20885
thread $ce4 (TWorkerThread):
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
00677a91 +19 PCMAV.exe segment%98 public%13639
004bc4c3 +2b PCMAV.exe segment%36 public%4586
00483662 +42 PCMAV.exe segment%30 public%3630
00408520 +28 PCMAV.exe segment%0 public%327
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
00677986 +16 PCMAV.exe segment%98 public%13635
thread $ce0:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
005da78f +2f PCMAV.exe segment%89 public%10955
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
005da09d +6d PCMAV.exe segment%89 public%10932
thread $f80:
7c90e9be +0a ntdll.dll NtWaitForSingleObject
7c8025d5 +85 kernel32.dll WaitForSingleObjectEx
7c80253d +0d kernel32.dll WaitForSingleObject
006b2e31 +4d PCMAV.exe segment%101 public%14689
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
005da09d +6d PCMAV.exe segment%89 public%10932
thread $d2c:
77d491c9 +26 USER32.dll GetMessageW
006b21f7 +bb PCMAV.exe segment%101 public%14679
005da352 +36 PCMAV.exe segment%89 public%10934
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
005da09d +6d PCMAV.exe segment%89 public%10932
thread $d48:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
0079487f +233 PCMAV.exe segment%150 public%17584
thread $86c:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
0079487f +233 PCMAV.exe segment%150 public%17584
thread $93c:
7c90e286 +00a ntdll.dll NtReadFile
7c80186f +061 kernel32.dll ReadFile
0079460b +1e7 PCMAV.exe segment%150 public%17583
004bc3a5 +00d PCMAV.exe segment%36 public%4584
004bc40f +037 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
0079487f +233 PCMAV.exe segment%150 public%17584
thread $ccc:
7c90d85a +a ntdll.dll NtDelayExecution
thread $ed4:
7c90e9a9 +a ntdll.dll NtWaitForMultipleObjects
thread $ba4:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
7c809c81 +13 kernel32.dll WaitForMultipleObjects
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
769c8951 +00 Userenv.dll
thread $e20:
7c90e319 +0a ntdll.dll NtRemoveIoCompletion
7c80cbd3 +23 kernel32.dll GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by main thread ($ca8) at:
77e8760d +00 RPCRT4.dll
thread $e1c:
7c90e319 +a ntdll.dll NtRemoveIoCompletion
thread $a44:
7c90e9a9 +a ntdll.dll NtWaitForMultipleObjects
thread $eb0:
7c90e319 +0a ntdll.dll NtRemoveIoCompletion
7c80cbd3 +23 kernel32.dll GetQueuedCompletionStatus
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $6d8 at:
77e8760d +00 RPCRT4.dll
thread $ff4:
7c90e9a9 +0a ntdll.dll NtWaitForMultipleObjects
7c8094ec +00 kernel32.dll WaitForMultipleObjectsEx
004bc3a5 +0d PCMAV.exe segment%36 public%4584
004bc40f +37 PCMAV.exe segment%36 public%4585
>> created by thread $fe8 at:
77a8a2fb +00 CRYPT32.dll
processes:
000 Idle 0 0
004 System 0 0 normal
268 smss.exe 0 0 normal C:\WINDOWS\system32
298 csrss.exe 66 64 normal C:\WINDOWS\system32
2b0 winlogon.exe 36 8 high C:\WINDOWS\system32
2dc services.exe 4 0 normal C:\WINDOWS\system32
2e8 lsass.exe 4 0 normal C:\WINDOWS\system32
388 svchost.exe 4 0 normal C:\WINDOWS\system32
3cc svchost.exe 4 0 normal C:\WINDOWS\system32
430 svchost.exe 11 9 normal C:\WINDOWS\System32
490 svchost.exe 4 0 normal C:\WINDOWS\system32
4b4 svchost.exe 4 0 normal C:\WINDOWS\system32
564 spoolsv.exe 4 0 normal C:\WINDOWS\system32
7d8 Explorer.EXE 408 221 normal C:\WINDOWS
7f4 alg.exe 4 0 normal C:\WINDOWS\System32
1a8 Apoint.exe 126 58 normal C:\Program Files\Apoint
39c Apntex.exe 19 3 normal C:\Program Files\Apoint
aa4 svchost.exe 4 0 normal C:\WINDOWS\system32
25c PCMAV.exe 227 112 normal C:\Documents and Settings\mb\Desktop\PC Media Predator Technical PreviewSaya Ingin melakukan cure pada file berikut, file tersebut dalam keadaan suspend
C:\Windows\System32\PCMext.dll [Heur.Crypted - File will be cured]Berikut Screenshotnya : 
Dear team,
Saya menemukan masalah file vx.sig corrupt. Apakah teman2 ada yg menemukan masalah yg sama?
berikut gambar yang saya capture.
Terima kasih.
Saya juga mengalami masalah seperti ini,
OS: win xp sp3,
Juga masalah seperti dulu muncul kembali: program-program yang dijalankan tidak mau muncul di desktop, hanya nangkring saja di task manager.
Terima kasih
PC Media © 2010 - 2013. Powered by PunBB.
[ Generated in 0.078 seconds, 10 queries executed ]