Startup scan, malware and compressed bombs

[emil.aretorn]

Hi!
So I noticed recently that I have some sort of malware that sends me to a specific website if I don't type in the full website adress in chrome. (i.g if i type in adidas.com it sends me to this website http://192.168.8.1/html/home.html?randid=3978944880 that wants me to download something.)
I did a startup scan and it found a bunch of compressed bombs. I don't think they would cause this but maybe I'm wrong. Should I just leave them?  I don't have a lot of space available on my computer... I can't find the logs for the scan and Avast just tells me that it found no infected files.
Also there is an icon in Avast next to the boot time scan in scan history that looks like a little ghost with an "!" on it but i don't know what that means either.

[DavidR]

1.  Have you made any changes to your HOSTS file as 192.168.8.1 is an IP address on your local computer ?
Commonly this is used to prevent you visiting adidas.com, but more so a malicious site.  However the /html/home.html and randid (random ID bit at the end is suspect).

It could also be something connected to your local network
https://www.google.co.uk/search?q=what+is+192.168.8.1

2.  Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.

3.  This little icon simply means that for some reason the avast scan wasn't able to scan a file, not infected, etc.