« previous next »
Pages: 1 [2]   Go Down

Author Topic: Decompression bomb has activated on my C drive  (Read 9685 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Decompression bomb has activated on my C drive
« Reply #15 on: June 22, 2007, 08:16:25 PM »
Hi maybe we could have a deep look at the suspect drive.  I assume you are booting from C drive

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
Logged

TainanDC

  • Guest
Re: Decompression bomb has activated on my C drive
« Reply #16 on: June 25, 2007, 11:47:43 AM »
I first want to thank all who contributed to the thread. I very much appreciate the attempts at helping with this problem.
My computer finally went unusable friday night, its now Monday late afternoon, and I had to just shut it down. After pondering the situation for a couple of days I decided the only thing I could do was 'bite the bullet' and format my C drive.
This drive is a partition drive - 1 drive partitioned to make 2 drives - and I was able to save the info on the other drive (my 'D' drive). I, of course did lose some data and still haven't got my email up and working yet - but my computer is running again and doing well.
When this was first discovered I researched as much as I could about "Win32:agent" trojans and 'decompression/time bombs' to try and figure out how to deal with this. I am not a computer expert by any means. While the Win32:agent appears to be quite well known - the 'decompression bomb/time bomb' malware seems to be little understood beyond how it actually functions - which is quite well explained. A lot of 'experts' seem to think that this problem isn't all that serious and make more of a technical discussion out of how to build one/what it is rather than how to deal with it when it activates.

I was never able to find anything of this nature. I still don't know what to do if one activates - but it is an insidious thing to watch your drive space being slowly devoured and not being able to do a darn thing about it.

I hope this helps someone else, and again, I sincerely thank the folks who gave a hand in trying to help.
As I am a fan of AVAST I'll be lurking on the forums for the next bit of knowledge I find of use.
All the best,
TainanDC
« Last Edit: June 25, 2007, 11:53:12 AM by TainanDC »
Logged
Pages: 1 [2]   Go Up
« previous next »