Author Topic: Decompression Bomb!!  (Read 457 times)

0 Members and 1 Guest are viewing this topic.

Offline chesjak

  • chesjak
  • Newbie
  • *
  • Posts: 19
Decompression Bomb!!
« on: October 03, 2021, 10:12:31 AM »
Hi

Just carried out a BootTime scan and looked at the report:

There is an entry on it as per below:

""The file is a decompression bomb""

I have looked this up and it appears that it a malicious archive file.  Looking back over the previous reports it would appear that it has been around for quite a while.
Any ideas how it got there and is it something I should be concerned about and if so how do I get rid of it.  I don't want to go back to a previous restore point as the bomb has been showing up in Avast scan reports for at least a couple of years according to the reports.

Any help wold be greatly appreciated.
===========================
Scan of *STARTUP

File C:\Downloads\memtest86-usb.zip|>memtest86-usb.img Error 42110 {The file is a decompression bomb.}
Number of searched folders: 67207
Number of tested files: 652379
Number of infected files: 0
======================================

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85949
  • No support PMs thanks
Re: Decompression Bomb!!
« Reply #1 on: October 03, 2021, 12:12:05 PM »
Short answer is NO.

I have posted this on a number of occasions:
Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline chesjak

  • chesjak
  • Newbie
  • *
  • Posts: 19
Re: Decompression Bomb!!
« Reply #2 on: October 03, 2021, 12:44:15 PM »
Hi DavidR

Many thanks for a quick reply.

So when you said No - No to what??

Am I able to get rid of it or not?

Many thanks

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85949
  • No support PMs thanks
Re: Decompression Bomb!!
« Reply #3 on: October 03, 2021, 01:11:19 PM »
You're welcome.

Sorry, the NO relates to should I be worried, which in my haste I didn't post.

There is no (or should be) need to get rid of it, it is doing no harm in its inert state, should you have installed that program, then Avast would scan its contents as it is unpacked to install the program.  Any potentially harmful element would have been detected at the point of unpacking and prevented from running.

If however you no longer need this memtest86-usb.zip file in your downloads folder then yes you could remove it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security