Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: justfoo on November 19, 2004, 04:15:27 PM
-
Just did my first scan with Avast home version. The first line in the "Results of last scan" is: "Unable to scan: The file is a decompression bomb" , this is for a file named COMMS1.cdb. I know what this file is and it is legit, or at least a file named that belongs where it is lol.
There are hundreds of files with ext cdb in the same area as this one, yet it is the only one with this error.
This is a Win XP pro machine and I have done the file compression to increase my drive capacity.
Can anyone tell me what a "decompression bomb" is?
Thank you in advance.
-
A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.
-
Thanks very much for your quick reply :)
-
Typically such a bomb is a multi-level packing thing -- data's compressed with one packer (e.g. into a zip), then the resulting archive file is in turn packed (usually with a different packer), and so on several times.
We had a thread here a while back reporting avast and system crashes from trying to scan an apparently small file (50 or 100K, if I remember) which would have eventually expanded, if disk space and memory were available, to a couple of hundred gigs. :o
So 4.5's new ability to at least try to detect such bombs is certainly a welcome addition.
-
wow, so should I be concerned that this may have been tampered with by some virus like infection?
As far as I know this file is a winzipped filed which was then compressed when I selected "compress drive" to regain some space on my poor little choked up laptop.
Thanks for all the help, you guys are excellent !
-
No, I think the file is OK - just the compression ratio is unusually high.
You may check the properties of the file - how big is the compressed and uncompressed size?
-
Can I delete compression bomb files that Avast has identified without worrying about consequence?
-
Of course you can if you don't care of the consequences, but why do anything.
Other than the fact it is a highly compressed file that would take up large amounts of HDD space if uncompressed nothing has been found to be wrong.
You don't mention the file name or its location ?
-
Well I have the same bomb, file name
G:\RECYCLER\S-1-5-21-789336058-2025429265-682003330-1003\Dg53.iso\EXTRAS\DOOM 3~5\DAEMON~0\DAEMON~0.EXE\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe
I dont know much about virus protection or computers that much so if anyone could help please try to simplify what I should do. :-[
-
***
Welcome to the forums, Kraven88. :)
Well I have the same bomb, file name
G:\RECYCLER\S-1-5-21-789336058-2025429265-682003330-1003\Dg53.iso\EXTRAS\DOOM 3~5\DAEMON~0\DAEMON~0.EXE\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe
I dont know much about virus protection or computers that much so if anyone could help please try to simplify what I should do. :-[
Well, I do not think you have the same decompression bomb, but none the less ...
This executable ... DaemonTools_WhenUSave_Installer.exe ... is adware. Did you installed WhenUSave?
Please see the below links ...
http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810
http://www.threatexpert.com/report.aspx?uid=a10b9ab0-5b36-41dc-b6f0-90fbb5ad5972
My suggestion is to first try to remove WhenUSave by using Add/Remove Programs if possible.
Then, download malwarebytes anti-malware (MBAM), update it, and then run MBAM ...
http://www.malwarebytes.org/mbam.php
***
-
Forget DaemonTools... it's adware :P
Use Magic Disk instead!
-
Well I completely removed daemon tools and all its components so hopefully that worked. Thanx again guys.
-
Well I completely removed daemon tools and all its components so hopefully that worked. Thanx again guys.
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
-
Hey I'm new on the avast forum. I have no idea what a decompression bomb is or what its douse is it keylogger virus mallware spywere is it lethal or something .
i let my Avast home scan it shows me C:\System Volume Information\...\Data1.cab 3times and a C:\Documents and Settings\...\Data1.cab
Can someone pls tell me haw do deal with it or tell me what do to
Thx for Reading .
-
decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)
I'd suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click 'Settings' in my signature for more info ;)
-
Is there any way to delete the decompression bomb, though? Because Avast found one in my temp:
C:\windows\Temp\Leg93A.tmp\$INSTDIR\data.grf
I think I know what it is, and if memory serves, it pertains to an Online MMO (Ragnarok Online: Legacy) that ended up not working on my computer and I deleted it.
Yet this was over a year ago.
-
Is there any way to delete the decompression bomb, though?
The better will be sent to Chest.
If the file is too big, or you're sure it could be deleted, just do it within the virus alert (delete button) or using Windows Explorer.
-
Under normal circumstances I would say leave it alone as all avast is reporting it is can't/didn't scan the file because it is a very large archive and when unpacked (to be able to scan the contents it has to be unpacked) could be very, very large.
Now this in the dim and distant past was used to crash a system hence it got named a 'decompression bomb' and the term is still used today though there is much less possibility of it crashing a system as they have far more resources. So decompression bomb is very scary but not necessarily malicious.
Since this is in a Temp folder the easiest option is to clear the Temp folder.
-
I also was notified of a decompression file. What concerns me most is that when I tried to have Avast delete the file, it was unable to. The file is:
ta03upsw.exe
Located in a subdirectory of my Documents folder.
Any suggestions?
-
ta03upsw.exe
Strange file...
Please submit it to VirusTotal (http://www.virustotal.com/xhtml/index_en.html) and let us know the result.
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
I also was notified of a decompression file. What concerns me most is that when I tried to have Avast delete the file, it was unable to. The file is:
ta03upsw.exe
Located in a subdirectory of my Documents folder.
This just means a highly compressed file, that when unpacked to be scanned would be very large. However in that location it does seem strange and a google search on the file returns zero hits which is in itself suspicious.
What reason did avast give for not being able to delete it ?
However, deletion isn't a good idea/habit to get into, even more so for a file that just can't be scanned as it isn't a clear indication of an infected file just because of it can't be scanned, no matter how scary the name decompression bomb is. Though in this case it is suspicious and should be checked out.
-
Back up some in this thread, Daemon problems were mentioned in conjunction with "decompression bomb." I remembered seeing that word flitting about on my system so did a search on it and found
cidaemon.exe in C:\WINDOWS\system32
cidaemon.exe in C:\WINDOWS\system32\dllcache
HandleCollector$Daemon.class in com/ms/wfc/util (twice)
Are these legitimate files?
Finally, with regard to decompression bombs. I have two that are legitimate files that brought down some music and a video of my fav Scottish pipe and drum group. I have unzipped them. Can I delete these two compressed files w/o losing what I unzipped?
-
Are these legitimate files?
Can you submit them to www.virustotal.com ?
Can I delete these two compressed files w/o losing what I unzipped?
Deleting the original archive won't delete the extracted files.
-
Thank you Tech... :)
-
Thank you Tech... :)
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
-
:( I will begin by making it known that I am inexperienced at this. I downloaded the avast free home version 4.8 I believe. I do regular antivirus scans as well as boot scans. I have been told that I have 3 decompression bombs that avast is unable to scan. All three are movies I downloaded. I also have been noticing my PC slowing down and my internet explorer crashing with the usual error report asking me to send, not send, or debug. I have done some research and understand that a decompression bomb can be malicious but also avast has made some mistakes and at times detects some files that are not a problem. I think mine are a problem. I also have noticed fake antivirus icons popping up in my bottom bar. Avast is not catching these as viruses...but I did not download them. I don't know if these are old and recently resurfacing or what. I am still learning a lot about this stuff and have limited knowledge of how to handle this stuff. I used to have spybot antivirus and I deleted all of its log files when avast said it was unable to scan them. I am not sure what else may be helpful info except that I have windows xp media center edition graphics is a NVIDIA geforce 6150 le and I am running an amd athlon 64 and as a side note I have been trying to gradually learn about Linux and switch...but have not found the best version for my system to work with. If anyone has any suggestions on that please feel free to educate me. My main concern however is with avast and my processor slowing down.
-
Well as explained inthis topic you have nothing to worry about.
The term decompression bomb is more scary than what it is actually reporting, that the file is highly compressed and if it were unpacked for scanning it would be exceptionally large (par for the course of a large movie file) and for that reason alone avast hasn't scanned it, no other reason. How could it determine anything, malicious or otherwise, as it hasn't scanned them.
Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
So deleting those S&D files was wrong.
So I would say these files have nothing to do with your other issue with IE slowing down, that is likely to do with other undetected malware.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
- 1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
- 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
-
avast! found 3 files that couldn't be scanned that are in an invalid folder. They also cannot be moved, deleted or repaired, claiming it's a decompression bomb.
C:\FOUND.81\FILE0013.CHK\(gzip)
C:\FOUND.81\FILE0014.CHK\(gzip)
C:\FOUND.81\FILE0018.CHK\(gzip)
Should I be concerned?
Thanks!
-
As has been said many time in this topic, no there is nothing to worry about it is just the files are just very large and the gzip format compresses then highly.
-
Should I be concerned?
No. See my reply #14 to understand what is a decompression bomb.
-
Hey guys thanks for helping so many people.
I have a new question about this topic though. I have 40 bombs and 285 "Unable to scan: file is password protected"
Should I be concerned with the amount of bombs I have? I download a lot of videos, I think that's why I have so many. But Avast scanned them while they were being DL'd so they should be fine.
How can I remove the PW protection on those other 285 files so they can be scanned?
Thanks Dylan
-
Should I be concerned with the amount of bombs I have?
No. Not really.
How can I remove the PW protection on those other 285 files so they can be scanned?
avast can't scan files that are password protected, it doesn't know the password.
There are many legitimate reasons why a file was password protected. For instance, Lavasoft Ad-aware and SpyBot store their data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It's really nothing to worry about - it's normal.
In AdAware and S&D, when you fix/remove things it keeps backup/recovery information so you can restore anything that was mistakenly fixed/removed, etc. After a reasonable time your system has suffered no adverse effects, you can get rid of the older recovery/backup points. This should reduce the number of protected files.
-
Oh ok thanks
So should I move these things into a chest, delete or "move" or something? Sorry Im new to Avast.
-
Oh ok thanks
So should I move these things into a chest, delete or "move" or something? Sorry Im new to Avast.
No. They could stay as they are. You can set the report options to "Infected" only files and no "errors", than these files won't be showed in the report.
If any infected file come "out" of the bomb or the passworded files, they will be caught by the avast resident. Don't worry.
-
great thanks bud, youre the best!
-
great thanks bud, youre the best!
You're welcome ;)
-
NEED HELP...GOT THIS RESULT AFTER SCANNING: Please see attachment... I just made a screen shot since there so many of them...please help...thanks!!!
-
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it's safer to send them to Chest instead of deleting them.
This way you can further analysis them.
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.
1. Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
2. Also, the packaging of the file could have some error, or use a non-standard pattern...
3. Access denied means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!
4. avast can't scan files that are password protected, it doesn't know the password. There are many legitimate reasons why a file was password protected. For instance, Lavasoft Ad-aware and SpyBot store their data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It's really nothing to worry about - it's normal.
-
I was wondering if anyone can help me make sense out of thse decompression bombs? Would they be okay to delete?
(http://i186.photobucket.com/albums/x51/lewislink2/testresult.jpg)
-
It is no different from the various answers given throughout this and other topics, they are just very large compressed files, which when uncompressed would be very large. So you only need to check the tvDebug.zip (whatever that is) file size to see that they are very large.
I would also suggest that you do some house keeping and remove some of the old log files within it (tvDebug.zip) as the ones shown in yo image date back to April. This would free up valuable free space and reduce the numbers reported as decompression bombs.
As has been said numerous times, Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
-
This is what happens when I try to delete the bombs:
(http://i186.photobucket.com/albums/x51/lewislink2/error.jpg)
-
That is I believe a repercussion of what is reported of it being a decompression bomb, the file ee.g. the zip file would have to be opened and delete the file/s inside.
Don't try to delete them from avast, use explorer and open the tvDebug.zip file and delete some of the old .log files contained inside.
-
Hello, a new user with another new angle on this decompression bomb business. I note all the preceding caveats about how they probably are nothing to worry about, and how they can be checked out outside of Avast if necessary. The one Avast just reported for me is associated with the intray of a user email account:
... email/mail/local folders/PartNo_0#1328536678
How can I identify which email is responsible? At the very least I want to know what it is and who sent it.
Andy
-
What is your emai program ?
It probably won't be one email, rather the mailbox concerned.
have you any idea how many email programs work in relation to mailboxes (inbox, etc), well it is just a single (database) file with all the emails in that email folder contained within it. That could make for a very large file.
If you use your inbox for general storage, then I suggest you treat it like an in tray in an office, stuff comes in and is place in the in tray. It is then read and any action taken and is then filed into another tray, 'pending,' 'out' and from there is filed in a filing cabinet under a folder more appropriate for its content. The same applied to your email once dealt with place in a differen folder.
That way you keep the inbox relatively empty; the inbox is the most likely to be corrupted and or deleted as it is to one usually open if you have a crash, etc. This also has the effect of balancing the email folder sizes so one doesn't get enormous.
So I don't know what your email client is or how your email folder structure looks like, e.g. if you have one called PartNo_0#1328536678 or if you have an email with that subject title, as such I can't suggest how to find it.
-
We're using Thunderbird. Yes, I did know that email was often treated as a database, and Thunderbird certainly does - however, it would not have occurred to me that a virus scanner would have to scan the entire intray as a single file, though. I have checked the size of the intray of the user in question and it is nearly 900 MB! Next closest is 230 MB, then 80 MB, then mine at 29 MB. I have had a polite word in the ear concerned and offered assistance in major surgery ;)
-
It only scans the inbox as a single file during an on-demand scan when it only sees it as a single file.
For scanning inbound email it scans that email in the Internet Mail localhost proxy, before it gets to the inbox. So your issue with very large file size only happens during on-demand scans.
There are many that would recommend that you exclude these Thunderbird email database files as effectively if avast actually found anything in there, it wouldn't really be able to extract the infected email and may corrupt the file if it couldn't. This could result in loss of the remainder of emails contained in that file.
You should also consider regularly backing-up your email database files against any such eventuality, not just AV related.
-
I use Avast! once a week, been clean for many weeks now. Today two files are marked as decompression bombs. They could not be moved to Chest or deleted by Avast. I then tried Repair. That gave me a nice message (successful) on the screen, but the report still said it was a problem.
C:\DocumentsandSettings\LocalSettings\ApplicationData\Mozilla\Firefox\Profiles\g5gu17hs.default\Cache\...\{gzip}
... is FC120747d01 for 1st file and
BCA62344d01 for 2nd file.
I have used Mozilla Firefox for years, and get its updates regularly. Why did this suddenly appear? Should I do a boot scan? Why does Mozilla suddenly have 2 files so large? My knowledge of software innards is not good enough to know why a file in Profiles should be so large.
Thanks for any guidance. Scary term, decompression bomb, even when explained.
Sarah
-
The cache file/folder can be very large and that is all it means, nothing more nothing less. Exactly what has been covered in this topic.
You should a) periodically clear out the cache, b) restrict the size it can grow to.
-
I'm just recovering from a virus, and avast reported a lot of these decompression bombs on my external drive afterward, all in files that have been on my drive for over a year and accessed periodically. What are the chances a virus could've slipped into one of the files in those archives? And what purpose would there be to making them decompression bombs; if the intent of a decompression bomb is to completely lock up system resources, would there be any CPU left for a virus to spread?
I've deleted some of these, but when I looked into a few I found that some, although large, are packed close to a 1:1 ratio -- so what the heck is the criteria for labeling an archive a decompression bomb?
-
If you read this thread, you'll see that decompression bomb is not a thing to worry that much.
It's always better send a file to Chest than direct deleting it.
-
When it goes to the Chest, isn't it compressed into yet another format? What actions can I take on it then?
This decompression bomb detection sounds like a good idea, but it doesn't seem complete yet. Can't the end user have at scanned at their own discretion anyway? Should the other issues I brought up be ignored? -- ie: why would decompression bombs be considered a primary threat, and under which criteria is an archive identified as a decompression bomb?
-
When it goes to the Chest, isn't it compressed into yet another format? What actions can I take on it then?
It's encrypted. Outside of the Chest, the files are inert. You can copy, move, paste... you can't edit, open, etc.
Within Chest, you can scan the file, send it to Alwil for analysis, etc.
-
Just did my first scan with Avast home version. The first line in the "Results of last scan" is: "Unable to scan: The file is a decompression bomb" , this is for a file named COMMS1.cdb. I know what this file is and it is legit, or at least a file named that belongs where it is lol.
There are hundreds of files with ext cdb in the same area as this one, yet it is the only one with this error.
This is a Win XP pro machine and I have done the file compression to increase my drive capacity.
Can anyone tell me what a "decompression bomb" is?
Thank you in advance.
I have a file doing this as well, it is avi file (movie), so it is probly compressed. Think this is the prob?
Never mind, scanned the file by itself and scanned just fine.
-
And I have a file, called decompression bomb. It is C:\program files\Nero\Nero8\Nero backitup. I really don't understand anything of computers.Do you think that it might be sth dangerous?Thanx in advance.
-
And I have a file, called decompression bomb. It is C:\program files\Nero\Nero8\Nero backitup. I really don't understand anything of computers.Do you think that it might be sth dangerous?Thanx in advance.
No, it's not. Don't worry.
Decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)
-
Thanx very much :).I have just noticed that in fact it is written C:\program files\nero\Nero8\Nero backitup\...\root.img. I didn't write it that way before(I missed root.img) but I guess it is the same?
-
But I guess it is the same?
Yes, it is.
-
Hi all,
How is avast! able to identify decompression bombs? Does it attempt to extract the contents of an archive, then abort once the extracted contents reach some pre-determined "suspicious" size? Does it estimate the extracted size and compare it to the compressed size? If so, is it able to estimate the sizes of recursively compressed archives?
Thanks in advance!
-
I also have a question. I don't see this feature into avast5 GUI. Seems that is "hidden" as in avast4.
Am I right? Would people be able to configure the compression rates, the alerts, etc.?
-
Ok so I just did a scan today (Home edition 4.8 with thorough and archives enabled) and ended up with like 39 different 'unscanables' as such. Most of them said that it was due to them being compression bombs that they couldn't be scanned. I've read through this thread but was wondering if it is safe for these not to be scanned?
-
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.
Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
Also, the packaging of the file could have some error, or use a non-standard pattern...
avast can't scan files that are password protected, it doesn't know the password.
-
I'm new around here so I apologise if these forums are just inactive and I need to give it more time, but could anyone shed some light on my previous question?
-
We as avast users like yourself don't know the parameters that avast would use to determine what would be considered a decompression bomb/Highly compressed file. That is why I believe no one has answered specifically.
The main thing is that there is nothing to worry about.
-
I just got the "decompression bomb" also.
It is a Big compress EntireBible.tar.gz that is 813MB and has 67 other zips inside of it of the other books of the Bible.
You can see it here.
http://bibleforums.org/MP3/kjv/
It is safe but Avast is not able to get into it to scan but can can the zips inside of it if I take then out of the .tar.gz.
-
Welcome hewee
Unfortunatly "decompression bomb" is bad terminology and just means that it is a large file that needs to be decompressed first and when each component is accessed it will be scanned by avast! for infection.
-
I just got the "decompression bomb" also.
It is a Big compress EntireBible.tar.gz that is 813MB and has 67 other zips inside of it of the other books of the Bible.
<snip>
It is safe but Avast is not able to get into it to scan but can can the zips inside of it if I take then out of the .tar.gz.
avast isn't saying it isn't safe, just that it can't be scanned and has been said so many times in this and other topics, that doesn't mean it is suspicious or infected just can't be scanned.
The .gz file size of 813MB in itself isn't large, but with 87 other zips inside to be able to scan those, avast has to unpack them (decompress) and that would be much greater in size than the original file size and that is all that avast is indicating.
-
Hey good seeing yea YoKenny. :)
I know the file is safe.
Now I have lots of other zip file with more zips inside of them but not as many and as big as that one so they got scanned OK.
Only other files are ones that are password protected like files from Real Alternative and another 44 MB zip that has a folder with 600 images in it. It says they are password protected and that is true.
-
If that is true, then you have nothing to worry about either, avast doesn't know the passwords so can't open them to scan.
-
If that is true, then you have nothing to worry about either, avast doesn't know the passwords so can't open them to scan.
I already knew that there was nothing to worry about and was just posting about the safe bomb I had. ;D
-
Sorry to bring up a dead post, but all these guys only have 2 or 3 compression bombs...is it unusual to have 25 at once?
-
Numbers don't matter either, either the file is very large or it isn't and if it would be much larger when decompressed would register the warning.
What does matter is what the file is and is there a legitimate reason for why there are so many.
So if you have a large collection of .ico files a file is an image of a CD, etc. this can be burnt directly to create a copy of the original. Or other very large files.
-
this topic has been posted as file report
Probably it would be fine when using the file does not require that avast! to be temporary disabled. However, if the file would be used as operating system, service pack, or bootable disk, probably would be better to ensure security by using another antivirus software ~
- Page Link: http://www.microsoft.com/downloads/details.aspx?familyid=F559842A-9C9B-4579-B64A-09146A0BA746&displaylang=en
- File SHA1: B8A3FA8F819269E37D8ACDE799E7A9AEA3DD4529 (checked by PeaZip)
- avast! version 4.8 Home Edition (4.8.1368), 100104-0
P.S. as suggestion, couldn't avast! add "scan selected file" in context menu of the report? ~
-
My Avast Home edition also detected a file I downloaded as a "decompression bomb". That file was the ubunu desktop 9.10 ISO image i downloaded from ubuntu.com...
-
I also have a question about a decompression bomb from my computer. I was transferring some files from one computer to this one when a decompression bomb popped up and it said it was from a MMORPG that I had been playing for a while and hadn't had any problems with. When I restarted my computer, I couldn't log into my personal profile that I had the game installed on so I don't know if it's okay to reinstall the game, or if it will just cause more problems.
-
My Avast Home edition also detected a file I downloaded as a "decompression bomb". That file was the ubunu desktop 9.10 ISO image i downloaded from ubuntu.com...
It doesn't matter what the file is, just that it is very large and even more so if it were unpacked (high compression ratio) to scan the contents.
-
question: I have a number of torrent drives that were zipped as .rar files, the combined, unzipped .avi file is what avast is noting as "decompression bomb". these are just movies. is it noting these because they're large files? (like 500-600 kb/file)
-
In my case, the "decompression bombs" were simply the .VOB files from decrypting a DVD.
-
In my case, the "decompression bombs" were simply the .VOB files from decrypting a DVD.
Just ignore the alert.
-
The decompression bomb message is also issued for the Ragnarok Online MMORPG main client download. I ignore the error of course since I already know that a lot of large data files are decompressed, but at the beginning are full of zeroes or some other value. During play and initialization, the zeroes would be overwritten with other data of course. I guess files that are full of mostly the same character would compress to small files that resemble a bomb.
-
It's a malicious prgram designed to totally jam up your PC.
http://en.wikipedia.org/wiki/Zip_bomb
-
It's a malicious prgram designed to totally jam up your PC.
http://en.wikipedia.org/wiki/Zip_bomb
Dont know why your posting in an 8 month old thread but your wrong anyway, this is igor's post from reply 1 of this thread
(quote)
A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.
-
Hi. I'm new to avast and I've done some scans on it and got rid of everything it showed but still keep getting alerts about stuff all the time and after a bit of web use my searches keep getting hi-jacked so I did a boot up scan. It got a whole bunch of stuff but eventually got to something it listed as a decompression bomb. It wouldn't let me do anything to it including ignore it and would just keep going over it again and again and only way out of it was quitting the scan. Now I'm back up and old problems still there. Any tips? Oh and the files were avg stuff I think lol
-
Well the topic and information on what a decompression bomb is haven't changed. It isn't an indication that it is infected, just a notice that it 'hasn't been scanned' and gives the reason why. This is why there are no applicable actions to be taken, they are only available for virus or malware infections, not notifications.
-
Well my problem sorta was it stops me from continuing my bootup scan. I either have to cancel scan or stay stuck there as it wont let me do anything else including ignore it. And there are clearly other things still on my comp that need taken care of
-
Why are you running a boot-time scan as it is a specialist scan, used when an infection can't be dealt with in normal mode ?
When selecting a boot-time scan you can change the options, if I ever run one (rare as hens teeth), then I wouldn't scan archives as:
1. this is a pointless exercise as they are inert until unpacked and any executable run; before that happens the file system shield would scan the extracted files (depending on type) and scan executables before they can run.
2. decompression bombs are archives, so by not scanning them you are less likely to encounter this notice.
3. you can also pre-select the actions to take in the scan, see image (this is from avast 7 but is essentially the same in avast 6). Yours I would guess is set to Ask, you can choose Move to Chest or No Action (you should get a list at the end of the scan or check the boot-time log file). Under no circumstances should you choose delete, you have no other options.
-
Why are you running a boot-time scan as it is a specialist scan, used when an infection can't be dealt with in normal mode ?
When selecting a boot-time scan you can change the options, if I ever run one (rare as hens teeth), then I wouldn't scan archives as:
1. this is a pointless exercise as they are inert until unpacked and any executable run; before that happens the file system shield would scan the extracted files (depending on type) and scan executables before they can run.
2. decompression bombs are archives, so by not scanning them you are less likely to encounter this notice.
3. you can also pre-select the actions to take in the scan, see image (this is from avast 7 but is essentially the same in avast 6). Yours I would guess is set to Ask, you can choose Move to Chest or No Action (you should get a list at the end of the scan or check the boot-time log file). Under no circumstances should you choose delete, you have no other options.
Yeah I figured it was the reason I am is because after a full scan I'm still having very obvious problems. My searches keep getting hi-jacked and avast keeps alerting me to various things all of which have globalroot\systemroot\svchost.exe for the process. These are popping up all the time. Oddly they started after I did the full scan and removed stuff.
Is there just a don't scan archives option or do I need to know what not to select? Was there an image in your post because I don't see it? Yeah pretty sure it was set to ask. I'll try that after rebooting from MBAM
-
Then you really need to create your own new topic to get help, as that is unrelated to the decompression bomb notice, so as not to confuse this one further.
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.
Outline your problems there.
The image was attached and is embedded into the post and should show as a thumbnail, clicking it expands it.
-
I doubt it's to be worried about going by your information and what I know about the file that my alert came from but I figured I'd make an account and add the information incase somebody else had the same and was worried...
My fiance gave me a terrabyte portable Hard Drive so I decided to let my Action Center on my Compaq PC make a backup like it's been wanting to do since I got it but I didn't want to buy burnable DVD's for it to do so on. Then today I had Avast scan that hard drive after moving some files to it to make sure it was clean 'cause you can never be too safe ;D. The Icon for the file file it created on the Hard Drive is odd I have no idea what it's supposed to be lol but it reads as a file folder but if you try to open it you just get a prompt to choose an option of three including restore PC. Well needless to say Avast scanned everything inside it and pointed out a small handful of files inside it as decompression bombs mostly old logs for a video game on my PC that were unknowingly backed up.
Example: H:\PC_Name\backup_12-12-12>C:\Users\Public\Pictures\Sample Pictures\neon\New folder\neon pagoda
So, basically just saying look at the beginning too if it's seperated by a > then look at the file info before the > it could just be part of a backup file.