Author Topic: What is a decompression bomb.  (Read 375463 times)

0 Members and 1 Guest are viewing this topic.

jaespence

  • Guest
Re: What is a decompression bomb.
« Reply #75 on: May 29, 2011, 05:02:35 PM »
question: I have a number of torrent drives that were zipped as .rar files, the combined, unzipped .avi file is what avast is noting as "decompression bomb". these are just movies. is it noting these because they're large files? (like 500-600 kb/file)

REDACTED

  • Guest
Re: What is a decompression bomb.
« Reply #76 on: June 12, 2011, 09:20:11 PM »
In my case, the "decompression bombs" were simply the .VOB files from decrypting a DVD.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: What is a decompression bomb.
« Reply #77 on: June 13, 2011, 03:31:54 AM »
In my case, the "decompression bombs" were simply the .VOB files from decrypting a DVD.
Just ignore the alert.
The best things in life are free.

Naeko

  • Guest
Re: What is a decompression bomb.
« Reply #78 on: June 13, 2011, 01:12:05 PM »
The decompression bomb message is also issued for the Ragnarok Online MMORPG main client download.  I ignore the error of course since I already know that a lot of large data files are decompressed, but at the beginning are full of zeroes or some other value.  During play and initialization, the zeroes would be overwritten with other data of course.  I guess files that are full of mostly the same character would compress to small files that resemble a bomb.

VBW

  • Guest
Re: What is a decompression bomb.
« Reply #79 on: February 18, 2012, 09:10:46 PM »
It's a malicious prgram designed to totally jam up your PC.

http://en.wikipedia.org/wiki/Zip_bomb

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11194
  • No support PM's thanks
Re: What is a decompression bomb.
« Reply #80 on: February 18, 2012, 09:15:39 PM »
It's a malicious prgram designed to totally jam up your PC.

http://en.wikipedia.org/wiki/Zip_bomb
Dont know why your posting in an 8 month old thread but your wrong anyway, this is igor's post from reply 1 of this thread

(quote)
A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.
« Last Edit: February 18, 2012, 09:30:23 PM by craigb »

dasva

  • Guest
Re: What is a decompression bomb.
« Reply #81 on: February 26, 2012, 06:19:08 PM »
Hi. I'm new to avast and I've done some scans on it and got rid of everything it showed but still keep getting alerts about stuff all the time and after a bit of web use my searches keep getting hi-jacked so I did a boot up scan. It got a whole bunch of stuff but eventually got to something it listed as a decompression bomb. It wouldn't let me do anything to it including ignore it and would just keep going over it again and again and only way out of it was quitting the scan. Now I'm back up and old problems still there. Any tips? Oh and the files were avg stuff I think lol

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: What is a decompression bomb.
« Reply #82 on: February 26, 2012, 06:57:56 PM »
Well the topic and information on what a decompression bomb is haven't changed. It isn't an indication that it is infected, just a notice that it 'hasn't been scanned' and gives the reason why. This is why there are no applicable actions to be taken, they are only available for virus or malware infections, not notifications.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dasva

  • Guest
Re: What is a decompression bomb.
« Reply #83 on: February 26, 2012, 07:09:31 PM »
Well my problem sorta was it stops me from continuing my bootup scan. I either have to cancel scan or stay stuck there as it wont let me do anything else including ignore it. And there are clearly other things still on my comp that need taken care of
« Last Edit: February 26, 2012, 07:11:02 PM by dasva »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: What is a decompression bomb.
« Reply #84 on: February 26, 2012, 07:21:40 PM »
Why are you running a boot-time scan as it is a specialist scan, used when an infection can't be dealt with in normal mode ?

When selecting a boot-time scan you can change the options, if I ever run one (rare as hens teeth), then I wouldn't scan archives as:
1. this is a pointless exercise as they are inert until unpacked and any executable run; before that happens the file system shield would scan the extracted files (depending on type) and scan executables before they can run.
2. decompression bombs are archives, so by not scanning them you are less likely to encounter this notice.
3. you can also pre-select the actions to take in the scan, see image (this is from avast 7 but is essentially the same in avast 6). Yours I would guess is set to Ask, you can choose Move to Chest or No Action (you should get a list at the end of the scan or check the boot-time log file). Under no circumstances should you choose delete, you have no other options.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dasva

  • Guest
Re: What is a decompression bomb.
« Reply #85 on: February 26, 2012, 07:41:31 PM »
Why are you running a boot-time scan as it is a specialist scan, used when an infection can't be dealt with in normal mode ?

When selecting a boot-time scan you can change the options, if I ever run one (rare as hens teeth), then I wouldn't scan archives as:
1. this is a pointless exercise as they are inert until unpacked and any executable run; before that happens the file system shield would scan the extracted files (depending on type) and scan executables before they can run.
2. decompression bombs are archives, so by not scanning them you are less likely to encounter this notice.
3. you can also pre-select the actions to take in the scan, see image (this is from avast 7 but is essentially the same in avast 6). Yours I would guess is set to Ask, you can choose Move to Chest or No Action (you should get a list at the end of the scan or check the boot-time log file). Under no circumstances should you choose delete, you have no other options.

Yeah I figured it was the reason I am is because after a full scan I'm still having very obvious problems. My searches keep getting hi-jacked and avast keeps alerting me to various things all of which have globalroot\systemroot\svchost.exe for the process. These are popping up all the time. Oddly they started after I did the full scan and removed stuff.

Is there just a don't scan archives option or do I need to know what not to select? Was there an image in your post because I don't see it? Yeah pretty sure it was set to ask. I'll try that after rebooting from MBAM

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87305
  • No support PMs thanks
Re: What is a decompression bomb.
« Reply #86 on: February 26, 2012, 07:50:33 PM »
Then you really need to create your own new topic to get help, as that is unrelated to the decompression bomb notice, so as not to confuse this one further.
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.

Outline your problems there.

The image was attached and is embedded into the post and should show as a thumbnail, clicking it expands it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SpAzZ

  • Newbie
  • *
  • Posts: 1
Re: What is a decompression bomb.
« Reply #87 on: October 02, 2012, 09:08:40 PM »
   I doubt it's to be worried about going by your information and what I know about the file that my alert came from but I figured I'd make an account and add the information incase somebody else had the same and was worried...

  My fiance gave me a terrabyte portable Hard Drive so I decided to let my Action Center on my Compaq PC make a backup like it's been wanting to do since I got it but I didn't want to buy burnable DVD's for it to do so on. Then today I had Avast scan that hard drive after moving some files to it to make sure it was clean 'cause you can never be too safe  ;D. The Icon for the file file it created on the Hard Drive is odd I have no idea what it's supposed to be lol but it reads as a file folder but if you try to open it you just get a prompt to choose an option of three including restore PC. Well needless to say Avast scanned everything inside it and pointed out a small handful of files inside it as decompression bombs mostly old logs for a video game on my PC that were unknowingly backed up.

Example: H:\PC_Name\backup_12-12-12>C:\Users\Public\Pictures\Sample Pictures\neon\New folder\neon pagoda

So, basically just saying look at the beginning too if it's seperated by a > then look at the file info before the > it could just be part of a backup file.
« Last Edit: October 02, 2012, 09:17:30 PM by SpAzZ »