Author Topic: Decompression Bombs  (Read 704 times)

0 Members and 1 Guest are viewing this topic.

Offline stephen468

  • Newbie
  • *
  • Posts: 3
Decompression Bombs
« on: November 01, 2021, 12:47:40 AM »
I just did a boot time scan.  When I did that, there were at least a dozen files that said "decompression bombs" .  I understand that this may be slowing down my computer, but probably are not harmful.  However, when I look at the report, it does not show me where those files are, or what they are.  I am not sure how to proceed.  I have premium.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37170

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86124
  • No support PMs thanks
Re: Decompression Bombs
« Reply #2 on: November 01, 2021, 12:59:23 AM »
1.  What was your reasoning for running a boot time scan.

2.  I rather doubt that they would be slowing down your system, as they are essentially very large compressed files that for the most part will be inert. So they shouldn't be slowing down your system

3.  The boot time scan should generate a scan report, from memory I think it is called aswboot.log and would be in the C:\ProgramData\AVAST Software\Avast\log folder, was that where you looked ?
But personally I wouldn't worry about them.

- Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline stephen468

  • Newbie
  • *
  • Posts: 3
Re: Decompression Bombs
« Reply #3 on: November 01, 2021, 05:33:18 PM »
Thank you David for the response
1.  reason for boot time scan:  jut an overabundance of caution.  I have done this every few months.  I have never found anything different when doing it, but as I said -- an overabundance of caution.  My computer is only about a year old, and has started slowing down in the last month...
2.  when I did a search for what is the compressed files (using c prompt), I noted that many of the "compressed" files have a "compression" ration of 1:1 -- i.e. they are not really compressed by formed into what is labelled a compressed file
3.  Where I looked was in the program for the report

if it is not a concern -- then you are right -- rename what it is  ;)


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86124
  • No support PMs thanks
Re: Decompression Bombs
« Reply #4 on: November 01, 2021, 06:24:29 PM »
You're welcome.
1.  With an on access antivirus scanner, it makes on-demand scans somewhat redundant - if files are active they get scanned by the resident on-access antivirus scanner.

2.  My pet hate is the name, it isn't really relevant in certain cases and is more likely to scare than advise that a file couldn't be scanned (not an indication that it is infected).  However as an Avast User like yourself, renaming it isn't within my control.

3. My bad not fully reading (or understanding) the post.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline stephen468

  • Newbie
  • *
  • Posts: 3
Re: Decompression Bombs
« Reply #5 on: November 02, 2021, 02:14:37 AM »
David
Yes, it is a nasty name -- hadn't watched it  while running before, so hadn't seen it before