Decompression Bomb

[phir]

I'm new to this forum and I'm hoping someone can help me.  I'm pretty sure i picked up a decompression bomb.  I cannot even run avast to scan for this file without my computer locking up.  it only makes it to about 9% of a scan and then freezes up.  does anyone know where the locations are that this file is normally sent to?  i just don't have any time to do anything when i turn on my computer, it freezes after about 10 minutes, which doesn't give me much time to look for the file manually.  i'm basically trying to get potential file names and possible locations if the information is available.  this damn thing just keeps opening applications that open applications that open applications... you get the point.  PLEASE HELP!!!

please advise!

[igor]

Do you use ZoneAlarm?
If yes, please check this thread.

[phir]

no, what's that?

[igor]

It's a firewall.

Try to enable the creation of the report file in program settings, and let everything - even "OK files", be included there.
Then, when the scan progress stops, you can terminate the scanner and check the end of the report (the last one will be a file that was still scanned successfully, but it should be close to the one you're looking for).

[phir]

is ZoneAlarm a firewall setting in avast?  sorry, i just recently started using avast and don't know it very well.

[igor]

No, ZoneAlarm is a completely different program from a different company

[phir]

is there any way to do this without buying zone alarm?

this is basically due to the fact that i can't download anything on that computer

[igor]

I guess there's a little misunderstanding here. I was just asking if you use ZoneAlarm, because it's known to cause similar problems; certainly not wanting you to buy it - on contrary maybe

So, let's forget about ZoneAlarm - check my second answer, please.

[phir]

i'll give it a try, thanks

[phir]

i still can't find the file.  i can find all the ones that it creates, but cannot find the damn file.  the closest i've been able to narrow it down is C:/Documents and Settings/administrator/Local Settings/Temp/"most files are here"

[phir]

any advise?

[Lisandro]

If you can't find a temporary file, just forget it... it should be deleted and does not configure a risk for you anymore...

[phir]

it is still a risk, it is somewhere in documents and settings but i can't find it.  there is a visual basic file somewhere controlling my desktop settings that i can't find either.  it is definitely still a problem, i can't even get to task manager, CTRL + ALT + Delete is locked out.  is there anything i can do other than good ole' format C:?

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[phir]

1. system restore is controlled by virus
steps 2-5 i've done all that
i haven't tried 6-8, so i guess i'll try runscanner, spyware blaster, and secunia sortware inspector.

this sucks