Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: zanthal on March 28, 2010, 11:43:20 PM

Title: Decompression bomb, doesn't look legitimate
Post by: zanthal on March 28, 2010, 11:43:20 PM

http://class0702.com/zanthal/decompressionbomb1.jpg (http://class0702.com/zanthal/decompressionbomb1.jpg)


I've read several other threads that indicate that avast! will notify about decompression bombs, when those files are actually safe and normal.

I just did a full system scan for PUPs and the works and got two threats as seen above in the image linked.

One is a high severity threat that ended up in the chest as instructed, and the other looks very similar in path and file name (part of a restore point?) and is indicated to be a decompression bomb.


So that leaves me questioning, what should I do with this decompression bomb file?  Avast! hasn't done anything with it I don't believe.


Thanks for the help

Title: Re: Decompression bomb, doesn't look legitimate
Post by: Hermite15 on March 29, 2010, 12:11:25 AM

you know what a decompression bomb is, right? ... anyway, one file on your pic, it appears one file was clearly malware and sent to chest, so not much to add there...as to the other one, the decompression bomb, attempt to scan it anyway, and see what gives...

Title: Re: Decompression bomb, doesn't look legitimate
Post by: zanthal on March 29, 2010, 12:36:50 AM

 

 There's something dangerous about it being called a "bomb", yeah I read up on it.   Can't find the file now.  What's more I can't find the "G:\System Volume Information\" path, the directory doesn't appear to exist.

 

Title: Re: Decompression bomb, doesn't look legitimate
Post by: .: L' arc :. on March 29, 2010, 12:43:32 AM

Welcome to the forums zanthal,

G:\System Volume Information\ refers to System Restore and is a system protected location so I suggest, if you want to get rid of it:

Clear Restore Points

• On the Desktop, right-click My Computer > Properties > System Restore tab
• Check Turn off System Restore.
  
• Click Apply, and then click OK.
  
• Restart your computer
• On the Desktop, right-click My Computer > Properties > System Restore tab
• Uncheck Turn off System Restore.
  
• Click Apply, and then click OK.

Title: Re: Decompression bomb, doesn't look legitimate
Post by: Hermite15 on March 29, 2010, 12:55:17 AM

Quote from: zanthal on March 29, 2010, 12:36:50 AM

 

 There's something dangerous about it being called a "bomb", yeah I read up on it.   Can't find the file now.  What's more I can't find the "G:\System Volume Information\" path, the directory doesn't appear to exist.

 

OK thought so ;D ... so no, a decompression bomb is just an archive with either a too high level of compression or with too many sub-archives inside for Avast to scan it. It would take ages and Avast just skips it. Whether it contains malware or not is another story. You won't find out unless you ask Avast to explicitly scan all of it - which I wouldn't do, or open it, and chances are that it's a safe file.
 You cannot find the path to your file because it's in a system restore folder, and you have an acess denied, that's normal. You should delete all your restore points now anyway as there's some malware inside, and make sure your system is clean before you create a new one.

Title: Re: Decompression bomb, doesn't look legitimate
Post by: zanthal on March 29, 2010, 02:15:20 AM

 Done and re-scanning ... thanks guys.