Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: chesjak on October 03, 2021, 10:12:31 AM

Title: Decompression Bomb!!
Post by: chesjak on October 03, 2021, 10:12:31 AM

Hi

Just carried out a BootTime scan and looked at the report:

There is an entry on it as per below:

""The file is a decompression bomb""

I have looked this up and it appears that it a malicious archive file.  Looking back over the previous reports it would appear that it has been around for quite a while.
Any ideas how it got there and is it something I should be concerned about and if so how do I get rid of it.  I don't want to go back to a previous restore point as the bomb has been showing up in Avast scan reports for at least a couple of years according to the reports.

Any help wold be greatly appreciated.
===========================
Scan of *STARTUP

File C:\Downloads\memtest86-usb.zip|>memtest86-usb.img Error 42110 {The file is a decompression bomb.}
Number of searched folders: 67207
Number of tested files: 652379
Number of infected files: 0
======================================

Title: Re: Decompression Bomb!!
Post by: DavidR on October 03, 2021, 12:12:05 PM

Short answer is NO.

I have posted this on a number of occasions:
Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.

Title: Re: Decompression Bomb!!
Post by: chesjak on October 03, 2021, 12:44:15 PM

Hi DavidR

Many thanks for a quick reply.

So when you said No - No to what??

Am I able to get rid of it or not?

Many thanks

Title: Re: Decompression Bomb!!
Post by: DavidR on October 03, 2021, 01:11:19 PM

You're welcome.

Sorry, the NO relates to should I be worried, which in my haste I didn't post.

There is no (or should be) need to get rid of it, it is doing no harm in its inert state, should you have installed that program, then Avast would scan its contents as it is unpacked to install the program.  Any potentially harmful element would have been detected at the point of unpacking and prevented from running.

If however you no longer need this memtest86-usb.zip file in your downloads folder then yes you could remove it.