Author Topic: What is a decompression bomb.  (Read 230274 times)

Offline justfoo

  • Newbie
  • *
  • Posts: 3
  • I'm a llama!
    • Personal Message (Offline)
What is a decompression bomb.
« on: November 19, 2004, 02:15:27 PM »
Just did my first scan with Avast home version. The first line in the "Results of last scan" is: "Unable to scan: The file is a decompression bomb" , this is for a file named COMMS1.cdb. I know what this file is and it is legit, or at least a file named that belongs where it is lol.
There are hundreds of files with ext cdb in the same area as this one, yet it is the only one with this error.
 
This is a Win XP pro machine and I have done the file compression to increase my drive capacity.
Can anyone tell me what a "decompression bomb" is?
Thank you in advance.

Offline igor

  • avast! team
  • Serious Graphoman
  • *
  • Posts: 11333
  • Gender: Male
    • AVAST Software
    • Personal Message (Offline)
Re:What is a decompression bomb.
« Reply #1 on: November 19, 2004, 02:20:54 PM »
A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.

Offline justfoo

  • Newbie
  • *
  • Posts: 3
  • I'm a llama!
    • Personal Message (Offline)
Re:What is a decompression bomb.
« Reply #2 on: November 19, 2004, 02:25:35 PM »
Thanks very much for your quick reply :)

Offline MikeBCda

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2142
  • Gender: Male
    • Personal Message (Offline)
Re:What is a decompression bomb.
« Reply #3 on: November 19, 2004, 07:03:58 PM »
Typically such a bomb is a multi-level packing thing -- data's compressed with one packer (e.g. into a zip), then the resulting archive file is in turn packed (usually with a different packer), and so on several times.

We had a thread here a while back reporting avast and system crashes from trying to scan an apparently small file (50 or 100K, if I remember) which would have eventually expanded, if disk space and memory were available, to a couple of hundred gigs.  :o

So 4.5's new ability to at least try to detect such bombs is certainly a welcome addition.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 28.0 (default). 320 gig HD, 6Mb DSL, Win firewall, Avast 2014.9.0.2018 free, SpywareBlaster, MBAM Pro

Offline justfoo

  • Newbie
  • *
  • Posts: 3
  • I'm a llama!
    • Personal Message (Offline)
Re:What is a decompression bomb.
« Reply #4 on: November 20, 2004, 06:52:31 AM »
wow, so should I be concerned that this may have been tampered with by some virus like infection?
  As far as I know this file is a winzipped filed which was then compressed when I selected "compress drive" to regain some space on my poor little choked up laptop.

Thanks for all the help, you guys are excellent !

Offline igor

  • avast! team
  • Serious Graphoman
  • *
  • Posts: 11333
  • Gender: Male
    • AVAST Software
    • Personal Message (Offline)
Re:What is a decompression bomb.
« Reply #5 on: November 20, 2004, 11:25:24 AM »
No, I think the file is OK - just the compression ratio is unusually high.
You may check the properties of the file - how big is the compressed and uncompressed size?

Offline badbob13

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #6 on: July 27, 2008, 06:22:10 PM »
Can I delete compression bomb files that Avast has identified without worrying about consequence?

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #7 on: July 27, 2008, 10:01:46 PM »
Of course you can if you don't care of the consequences, but why do anything.

Other than the fact it is a highly compressed file that would take up large amounts of HDD space if uncompressed nothing has been found to be wrong.

You don't mention the file name or its location ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Kraven88

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #8 on: October 13, 2008, 05:15:37 AM »
Well I have the same bomb, file name
G:\RECYCLER\S-1-5-21-789336058-2025429265-682003330-1003\Dg53.iso\EXTRAS\DOOM 3~5\DAEMON~0\DAEMON~0.EXE\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe

I dont know much about virus protection or computers that much so if anyone could help please try to simplify what I should do.  :-[

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #9 on: October 13, 2008, 07:31:03 AM »
***

Welcome to the forums, Kraven88.   :)

Well I have the same bomb, file name
G:\RECYCLER\S-1-5-21-789336058-2025429265-682003330-1003\Dg53.iso\EXTRAS\DOOM 3~5\DAEMON~0\DAEMON~0.EXE\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe

I dont know much about virus protection or computers that much so if anyone could help please try to simplify what I should do.  :-[

Well, I do not think you have the same decompression bomb, but none the less ...

This executable ... DaemonTools_WhenUSave_Installer.exe ... is adware. Did you installed WhenUSave?

Please see the below links ...

http://research.sunbelt-software.com/threatdisplay.aspx?name=WhenU.Save&threatid=10810

http://www.threatexpert.com/report.aspx?uid=a10b9ab0-5b36-41dc-b6f0-90fbb5ad5972

My suggestion is to first try to remove WhenUSave by using Add/Remove Programs if possible.

Then, download malwarebytes anti-malware (MBAM), update it, and then run MBAM ...

http://www.malwarebytes.org/mbam.php


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #10 on: October 13, 2008, 02:22:11 PM »
Forget DaemonTools... it's adware  :P
Use Magic Disk instead!
The best things in life are free.

Offline Kraven88

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #11 on: October 13, 2008, 08:28:27 PM »
Well I completely removed daemon tools and  all its components so hopefully that worked. Thanx again guys.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #12 on: October 13, 2008, 08:34:53 PM »
Well I completely removed daemon tools and  all its components so hopefully that worked. Thanx again guys.
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
The best things in life are free.

Offline Tom.k

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #13 on: December 25, 2008, 09:03:01 PM »
Hey I'm new on the avast forum. I have no idea what a decompression bomb is or what its douse is it keylogger virus mallware spywere is it lethal or something .
i let my Avast home scan it shows me C:\System Volume Information\...\Data1.cab 3times and a C:\Documents and Settings\...\Data1.cab
Can someone pls tell me haw do deal with it or tell me what do to
Thx for Reading .

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: What is a decompression bomb.
« Reply #14 on: December 25, 2008, 09:19:35 PM »
decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)

I'd suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click 'Settings' in my signature for more info  ;)
The best things in life are free.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now