Resolved Decompression bomb found in D drive File E/........

[athome34GBK]

On sunday, August 29/10, I ran an Avast anti virus thorough scan.
     Vista Home Premium 32 bit edition.

 Previously,  I had a Malware attack on a formerly used web site. This scan was sucsessful and the first few infected files were placed in the Chest. The remaiming were deleted as the infected program,Java, could be uninstalled and reinstalled. All worked well.

On the 30th I ran a second scan. I think I included archived files for the first time. At the end the window showed that a file in D drive could not be scanned due to a Decompression bomb. I am sorry that I am unable to find the scan report  but I remember the file being D drive
File E/......?? 

i was given no direction so did nothing, ie: did not put the file in the chest. My D drive contains the recovery partion and 2 tiny files.
The log viewer did not show this event. It did show the infected files event in the scan before this one.
Please help me to know what to do.   Thank You, athome34GBK






 

[Pondus]

Zip bomb http://en.wikipedia.org/wiki/Zip_bomb

http://forum.avast.com/index.php?topic=8943
http://forum.avast.com/index.php?topic=15389.msg131213#msg131213

[athome34GBK]

Hi, Thank you for your quick reply. I have read the links. The Avast links reassure me to leave all as is.
The Wiki site is different and brings concern re the 2 small files on D drive I did not create. {The only other file  is the Recovery partition.}
 One is a MediaID.bin file 1kB which showed up in Feb 2010, the other an Owner-PC file 0 bytes, from the network and sharing center, July 2010.
 There are no other computers on this network and the computer has been in use under 2 years. I did not open these files as Wiki says that the decompression bomb warning could mean infection in small files  causing  malware to be released. This would then stop Anti-virus applications from working. Can I just delete these files in case they are infected?    Sorry for all the detail I am a new computer user.  Thanks,   athome34GBK 

[Pondus]

check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here

you may also run
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
DrWeb Cureit http://www.freedrweb.com/cureit/?lng=en

clean your temp files with TFC - Temp File Cleaner by OldTimer  http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC will completely clear all temp files where other temp file cleaners may fail.
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

[athome34GBK]

 Hi,
 I am ready to use Mbam and TFC for the full malware check.
Have not run them yet as I found the Avast simple user interface log reports file. I have done a snap shot of the report, Aug 30 2010. Have tried to insert via attachments but with clipped picture.
New information 1} The report.
                2} the decompression bomb in D drive was also found in the scan with the infected files, run on Aug28 2010.
                3} the previous scans ie: May 2010 show 67 GB +  scanned.
                4} the two scans above show 82 to 83 GB scanned.
 Nothing has been added to increase the GBs.
 Do I still do the above scans with this new information?

                                                       Thank you for your help, athome34GBK

[Pondus]

Do I still do the above scans with this new information?

yepp

[athome34GBK]

  Hi, Thanks, here is my report from mbam and it looks clean. I did the quick scan, as they     suggested for most users. Was I correct?
  Should I run a full scan in mbam? I don't understand the choices given to run this full scan.

My computer would not let me run TFC.  I then read their forums for help and found , that currently, a large number of people are having seriuos problems  after running TFC.
 I am too new a user to figure out if I need to proceed any further? We are getting there.
I very much appriciate your time and help.                     Athome34GBK

[YoKenny]

No problem on my Windows 7 system.

Why are you still using avast! V4

[athome34GBK]

Hi,
Below is the full scan report from mbam. It looks good.
I was able to run TFC by saving it to my desktop. Files were cleared, computer shut down and after I restarted all is well.
Is my problem must likely seen as resolved  by the mbam full scan results?
is it a good idea to udate from Avast version 4.8. How will this help?

                                        thanks again,  athome34GBK

[essexboy]

The file Avast found is marked preload which would indicate it is to do with a recovery partition 

[athome34GBK]

Hi,
I hope this means that the recovery partion is just to big to open, but received no scanning message prior to the malware attack......so could it have been attacked? It is the only file of size I show on D drive.

What do you suggest I do   Please help, and thanks so much for looking into things. athome34GBK

[essexboy]

No it just means that it is a highly compressed file, until it is expanded then it is harmless.  And if my reading is right then when expanded it will still be harmless as it will prepare your system for a recovery.  Nothing to worry about     

[athome34GBK]

Thank you all for your help.
I learned a lot.  Feel much more reassured. Avast team, your great!    athome34GBK