Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decompression Bomb Found By Avast!


  • Please log in to reply
5 replies to this topic

#1 weybrew

weybrew

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 28 May 2008 - 11:06 AM

A recent avast! scan found an archive file it tagged as a "decompression bomb." The program couldn't do anything with it. I tried following the path with Windows Explorer and doing a Search without finding it. How in the world do you get rid of this thing!

Windows XP

Edit: Moved topic from XP to the more appropriate forum and added product name to title. ~ Animal

BC AdBot (Login to Remove)

 


#2 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:02:44 PM

Posted 28 May 2008 - 11:21 AM

An explaination is here:

http://forum.avast.com/index.php?topic=8943

I would suggest that you join their site and post your problem there and let them give you the best advice on how to deal with it.
Does this look like an OldGrumpyBastard or what?

#3 weybrew

weybrew
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 28 May 2008 - 12:15 PM

I'll give that a try. Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:44 PM

Posted 28 May 2008 - 02:01 PM

A decompression bomb is a highly compressed archive of a large amount of uncompressed data. In other words, it is a file that looks small as a result of multiple compression methods but is actually very large when decompressed. Such files could potentially crash a system when unpacked and in the past they were known for targeting anti-virus programs during scanning. Your anti-virus will not attempt to scan/unpack the file but will alert you to the high compression ratio which it considers suspicious.

This is a common issue for avast anti-virus users.

Generally, there is not need to be worried about. Decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process...I'd suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.

forum.avast
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mtr18103

mtr18103

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ny
  • Local time:02:44 PM

Posted 18 February 2010 - 10:37 AM

Can anyone recommend Anti Malware software that scans compressed files? Even recursive files like the one mentioned here.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:44 PM

Posted 18 February 2010 - 11:15 AM

Due to most anti-virus scanning engines used today, it is not unusual for them to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files.

Most anti-virus programs will allow you to right-click on a file and from the context menu scan the compressed file individually. However, that does not guarantee the anti-virus scanning engine will not encounter the problems described above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users