Author Topic: How do I get rid of a decompression bomb?  (Read 15984 times)

0 Members and 1 Guest are viewing this topic.

Offline maxinator500

  • Newbie
  • *
  • Posts: 3
How do I get rid of a decompression bomb?
« on: February 03, 2011, 06:48:44 PM »
I've tried to find a way, i've tried putting it in chest, reverting my pc to a past date, deleting it, but it just wont go away.
The odd thing is, the bomb is from a download that I ended up cancelling before it was even finished.
Please help, i'm worried about my PC.

Offline De Hollander

  • Jr. Member
  • **
  • Posts: 68
Re: How do I get rid of a decompression bomb?
« Reply #1 on: February 03, 2011, 07:10:37 PM »
What's the name and location of the file.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83759
  • No support PMs thanks
Re: How do I get rid of a decompression bomb?
« Reply #2 on: February 03, 2011, 07:14:16 PM »
Short answer you don't.

- Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system, also see http://forum.avast.com/index.php?topic=15389.msg131213#msg131213.
 
The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

So the file name and its location as requested will help determine that.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline maxinator500

  • Newbie
  • *
  • Posts: 3
Re: How do I get rid of a decompression bomb?
« Reply #3 on: February 03, 2011, 09:48:51 PM »
What's the name and location of the file.


I know, its real stupid but here it is:
C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\781ALJ16\DutyCallUS[1].zip\DutyCallsSetup_US.exe

It's this game i've been hearing about, thought i'd give it a try and then decided to cancel the download, yet it's still there.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: How do I get rid of a decompression bomb?
« Reply #4 on: February 03, 2011, 09:53:05 PM »
Quote
C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\781ALJ16\DutyCallUS[1].zip\DutyCallsSetup_US.exe


Try cleaning your temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC


did it work ?



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83759
  • No support PMs thanks
Re: How do I get rid of a decompression bomb?
« Reply #5 on: February 03, 2011, 10:32:15 PM »
I know, its real stupid but here it is:
C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\781ALJ16\DutyCallUS[1].zip\DutyCallsSetup_US.exe

It's this game i've been hearing about, thought i'd give it a try and then decided to cancel the download, yet it's still there.

The likelihood is just that it is a very large file which if decompressed to be scanned would be much larger.

Clearing the temp internet files should get rid of it as suggested.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline maxinator500

  • Newbie
  • *
  • Posts: 3
Re: How do I get rid of a decompression bomb?
« Reply #6 on: February 04, 2011, 02:49:22 AM »
Quote
C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\781ALJ16\DutyCallUS[1].zip\DutyCallsSetup_US.exe


Try cleaning your temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC



did it work ?



Yes, it did, thanks I really appreciate it.

Offline De Hollander

  • Jr. Member
  • **
  • Posts: 68
Re: How do I get rid of a decompression bomb?
« Reply #7 on: February 04, 2011, 09:51:02 AM »
Because it's a decompression bomb, doesn't mean at all that its dangerous  :)

If I'm not mistaking, the file it's self is +700MB. ;D

Some more info if you care to read it

http://solitude.vkps.co.uk/Archives/2006/01/08/decompressionbombs/

edit: second link removed, and typo fix
« Last Edit: February 04, 2011, 10:50:35 AM by De Hollander »

Offline A. Chung

  • Jr. Member
  • **
  • Posts: 32
Re: How do I get rid of a decompression bomb?
« Reply #8 on: February 04, 2011, 10:04:57 AM »
A complete scan by avast! Free Antivirus 5.1.889 showed that some files could not be scanned.

As noted from the results, the following were identified as decompressed bomb:

1.  Macrium Reflect Free Edition 4.2.3141 Rescue.iso;
2.  Macrium Reflect Free Edition 4.2.3141 Installers x 2.

Is it safe to ignore these files?  How to exclude these files from scanning by avast! Free Antivirus?

Any advice is highly appreciated.

A. Chung

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: How do I get rid of a decompression bomb?
« Reply #9 on: February 04, 2011, 10:13:54 AM »
Because it's a decompression bomb, doesn't mean that its automatically dangerous  :)



you mean that it doesn't mean at all that it's malware ;) ... just an archive, too big and/or too compressed to get scanned, nothing more.
w7 - ais7

Offline De Hollander

  • Jr. Member
  • **
  • Posts: 68
Re: How do I get rid of a decompression bomb?
« Reply #10 on: February 04, 2011, 10:49:20 AM »
Your right, ...fixing the type error.
 :)

@A.CHUNG

Under the Exclusion tab of the corresponding manual/scheduled scan:

Avast Help:
Exclusions
Here you can enter or modify any locations that should not be scanned. Note however, that exclusions specified here will not apply to any other manual or scheduled scans, or to the real-time shields.

To exclude files from being scanned by all parts of avast!, including manual and scheduled scans, and the real-time shields, it is necessary to specify the files or areas to be excluded in the general program settings.

To exclude a location or file, first click the box where it says <enter path> and then either type the location or file to be excluded, or alternatively, click the "Browse" button, check the box next to the location or file to be excluded, then click "ok".

If you want to exclude a folder, including all of its sub-folders, it is necessary to add "\*" to the end of the folder name e.g. C:\Windows\*.

To remove a location or a file from the exclusions list, click on it once to select it, then click the "delete" button.

Offline A. Chung

  • Jr. Member
  • **
  • Posts: 32
Re: How do I get rid of a decompression bomb?
« Reply #11 on: February 05, 2011, 05:09:29 AM »
Hi, De Hollander

Thank you for your advice.

Is there a way to exclude Windows/Installer from scanning by avast! Free Antivirus?  I do not find the folder in a normal manner.

Regards,
A. Chung

Offline De Hollander

  • Jr. Member
  • **
  • Posts: 68
Re: How do I get rid of a decompression bomb?
« Reply #12 on: February 05, 2011, 02:24:14 PM »
Any particular reason for excluding, and if you mean \Windows\Installer folder:

WIN7:  http://www.bleepingcomputer.com/tutorials/tutorial151.html
VISTA: http://www.bleepingcomputer.com/tutorials/tutorial130.html

Be carefull, windows hides certain files so that they are not able to be seen when you
exploring the files on your computer. The files it hides are Windows
System files, that if you tampered with, can cause serious problems with your computer.


« Last Edit: February 05, 2011, 02:26:02 PM by De Hollander »

Offline A. Chung

  • Jr. Member
  • **
  • Posts: 32
Re: How do I get rid of a decompression bomb?
« Reply #13 on: February 06, 2011, 03:32:22 AM »
Hi, De Hollander

Thank you for your good advice.

Regards,
A. Chung

Offline wtfwtfwtf

  • Newbie
  • *
  • Posts: 15
Re: How do I get rid of a decompression bomb?
« Reply #14 on: February 06, 2011, 07:42:56 AM »
How do you know its a decompression bomb?