Test Performa Antivirus

Postingan kale ini saya akan memberikan tutorial bagaimana cara menguji performa antivirus anda. Dalam uji coba ini saya tidak menggunakan virus yang sebenar nya, melainkan test standard antivirus untuk mengetahui kinerja feature resident shield (feature monitor antivirus secara real time terhadap suatu process). Perlu anda ketahui, test ini disediakan oleh “EICAR” sebuah organisasi security ahli di Eropa. Test ini di distribusikan sebagai “EICAR Standard Anti-Virus Test File”. Test file ini aman, karena bukan sebuah virus, dan tidak menyertakan sedikitpun code yang membahayakan. Anti-virus akan mengenali sebagai “EICAR-AV-Test” atau sejenis nya.
Step :
1. Buka Notepad
2. Ketikkan atau paste text berikut :

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

3. Simpan dengan ekstensi *.com (Ketika save pilih “Save as type” dengan “All Files”, kemudian pada notepad simpan dengan tanda petik, misalnya “EICAR.COM”).
4. Jika antivirus berjalan baik, maka sebelum file dijalankan pun antivirus terlebih dahulu mengenali. Jika tidak, maka jalankan file tersebut dengan double click atau melalui DOS Prompt

Karena saya menggunakan antivirus Kaspersky, maka tampilan nya seperti ini :

Jika ingin mengetahui maksud dari susunan karakter atau kalimat diatas silahkan klik disini.

Semoga berhasil..^^

Memberantas virus Kido “Autorun.inf”

Belakangan ini marak virus yang beredar dalam dunia teknologi komputer. Ini membuat pemilik komputer waswas dengan ada nya serangan virus besar-besaran ini. Contoh nya saja virus Kido.:hammer:

Awal nya saya berpikir jika Autorun.inf buatan Kido tidak dapat dihapus karena masih bersembunyi didalam memori. Lantas saya berfikir, masa sih bisa gitu?! Padahal PC yang saya gunakan ini sudah terdapat antivirus sebut saja Kaspersky. Ternyata Kido masih belum bisa di disinfect…:nohope:

Kali ini saya akan memberikan tips memberantas virus Kido bagi yang terinfeksi. Langkah awalnya jangan lupa untuk menginstall patch Microsoft untuk Windows XP SP2 seperti yang disarankan, disini. Download tool khusus pemberantas Kido yang disebut Kido Killer, disini.

Iseng-iseng saya membuka help Kido Killer ini dari command prompt. Ternyata ada beberapa parameter yang dapat dimanfaatkan, berikut daftarnya:

C:\>kkiller.exe –help

Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2009
version 3.4.1 Mar 17 2009 14:06:06

USAGE:

kkiller.exe [-a] [-x] [-z] [-l ] [-y] [-s] [-v] [-n] [-r] [-f]
[-p ] [--] [--version] [-h]

Where:

-a, –dautorun
Disable autorun on all drive types

-x, –showhid
Show hidden and system files

-z, –services
Restore services

-l , –log
Log file name

-y, –autofinish
End program without pressing any key.

-s, –silent
Runs program in silent mode

-v, –verbose
Output every scanning object

-n, –network
Scan remote drives

-r, –removable
Scan removable drives and ramdisks

-f, –fixed
Scan fixed drives

-p , –path
Path to scan

–, –ignore_rest
Ignores the rest of the labeled arguments following this flag.

–version
Displays version information and exits.

-h, –help
Displays usage information and exits.

use spaces between ‘\’ and ‘”‘

Tanpa berfikir lama saya langsung mengetikan perintah “C:\>kkiller -p c:
Nb: Dengan asumsi parameter c: pada akhir adalah drive yang saya scan.

Dan ini hasil nya…:)

Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2009
version 3.4.1 Mar 17 2009 14:06:06
scanning jobs …
scanning threads …

scanning modules in svchost.exe…
scanning modules in services.exe…
scanning modules in explorer.exe…

scanning c: …
C:\\autorun.inf infected Net-Worm.Win32.Kido … cured
fsearch::FolderTraveller: cd (???!)?????????????????? ?????: invalid name
123

completed
Infected jobs: 0
Infected files: 1
Infected threads: 0
Splices functions: 0
Cured files: 1
Fixed registry keys: 0

Press any key to continue . . .

Setelah itu saya check lagi pada direktory c: saya. Dan ternyata Autorun.inf telah wafat..:D dan lenyap tanpa bekas. HuurrrRRRrray…:D

Semoga bermanfaat..:)

Kaspersky Internet Security 10

Berbahagialah bagi pengguna KIS. Tentu nya bagi yang selalu up to date. File bisa di unduh disini
Monggo diprisani..:beer:

Keterangan:
A. PDM (system of proactive defense, which is based on application behavior analysis for malicious/suspicious activities)
1) Firewall (personal protection screen)
2) Malware protection
-Protection of files and memory (File-Antivirus)
-Protection of email and IM (Mail-Antivirus)
-Protection of WEB (Web-Antivirus)
3) Online Security
-Protection from Phishing (Anti-Phishing)
-Protection against network attacks (IDS)
-Protection from auto-dialers (Anti-Dialer)
4) Content Filtering
-Spam Filtering (Anti-Spam)
-Banner Filtering (Anti-Banner)
-Parental Control
5) On Demand Scanning (Scan tasks)
6) Updater

Aggregated protection system status is displayed on a separate screen, from which modifications can be made to allow for “Your computer is protected”. Several parts of product functionality are implemented using special tasks, which are on separate tabs for following components:

1) Window displays an overall system status
-Analyzer of current system protection (heuristically)
-Master to create RescueCD
-Master of configuration problems troubleshooting
2) System Watch
-Monitor of connected networks (with support for Wi-Fi and IPv6)
-Monitor of network activities of applications
-Packet sniffer (analysis of network packets)
3) Online Security
-Master of Internet browser setup (Browser tweaker)
-Master of system cleanup (Privacy tweaker)
-Virtual Keyboard, protected against screenshot captures
4) Content Filtering
-Anti-Spam training wizard

B. Graphical Interface
Product’s graphical interface was again written “from scratch”. With goals of code optimization and simplification, with dialogs some dialogs borrowed from 6.0/7.0. Main window changed considerably: to allow easier comprehension of longer lists the main window became resizable, to decrease the number of separate dialogs, which opened in separate windows before, the main structure became table like – in addition navigator in the left side is combined with upper tabs; by grouping several elements together main navigator is not tree like anymore.
All-in-one settings window of v7.0 is now a much simpler (Options) window, whereby only the main product settings remained, with some new additional options. All settings which are component specific are directly linked and changed through the main window. The support for more contextual menu system, which was previously available, makes it more scalable.
Alerts (dialogs for user actions) are changed to include more information and simplification for correct actions for non-savvy users.
To enhance readability and flexibility of controlling multiple lists a new control method was developed, which replaced all default windows listing controls. It allows to do sorting, grouping (by multiple fields) and data filtering. Scheme of control using external buttons in such controls is replaced with “in-place” editing possibility.

C. Antivirus Protection
This build utilizes a new AV core engine, developed by Kaspersky Labs specialists. It allows to improve protection levels and speedup scanning through optimization of object handling and maximum utilization possibility of the hardware platform.
Technologies for object detection added with suspicious packers and multi-layered packing, which can be another characteristic for malware.
Possibility for granular threat type detection, including such category as “mostly unwanted software applications”.

D. Content Filtering
In Anti-Spam new technologies will be integrated, which are now in use in server products, and showed consistent efficiency (some of them will appear as early as KIS 7.0 MP1)

E. Scan Tasks
One of the tasks will be a vulnerability scanner of the user using an external updatable threat database.
Mechanism for earlier scan storage reports is changed to avoid problems, which were encountered with chkdsk utility.

F. System Watch
Main protection component of a new product, based on combination of reactive and proactive technologies. Main task of this component is to control the rights of active system applications, behavioral analysis, and also logging critical events, occurring in the system – for later analysis, for example to handle occurred incidents
Control of application rights is based on a system of rules and application resources which are available on the system and execution environment. Resources can be of different types, including file system objects, system registry, hardware devices, rights (interception of keyboard entry etc.), access operations, which was previously controlled by “Confidential Data”
Firewall is now logically part of System Watch, since its rules are part of application rights, in which the resource is network interactions. By default the product will pass all year end 2007 leaktests.

G. Additional Technologies:
Technologies based on AVZ engine: detailed computer analysis with a possibility of scripted disinfection; troubleshooting masters, browser settings configuration and system cleanup.
System to report detected objects onto a centralized KL database. This database will allow for better protection for most apparent threats and to notify users faster about epidemics. This feature can be switched off, although confidential data is never sent anyways.
Base driver klif.sys on all supported OS is replaced with a new version, which is not vulnerable to current known exploits.

Update Kaspersky pada Jaringan Lokal

Kabar gembira buat user yang pake anti-virus Kaspersky. Moga dengan ne yang punya jaringan network luas, update Kaspersky nya jadi lebih mudah dan efisien.:D

Asumsi : Ada kompute server buat nyimpen update Kaspersky, dan folder dalam keadaan di share. Setelah tu client dapat update jaringan lokal lewat komputer server.

Langkah2 nya gw kasi pict nya :
1. Masuk Setting

2. Lalu pilih update disitu ada configure

3. Pilih add

4. Trus ketikan path local nya di source

5. Tara…