Compression bomb.

Viruses and worms
1

[color=Red]What is a compression bomb? Must it be deleted, and how? Can’t find it w/explorer as shown on “couldn’t scan” screen, but the first part of the name, w/o the zeros and the .fin extension do appear.

There were 4, all of which appear to be Family tree maker data files (2 files & 2 backups). When I tried to delete, move, vault, or scan, program showed error & action didn’t take place.

Help! Thanks!

Bimo

2

Hi Bimo,

Here you can find all sorts of info on compression bombs:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html

Deform is a free tool to remove the form.virus from your system, download the zip.file from here:
http://www.ciac.org/ciac/ToolsDOSVirus.html#Deform

polonus

3

I have several files that avast is saying are compression bombs. I also have a registry editor that compresses the registry for faster searching and to free up space. I have read many replies in the Compression bomb forum which say that sometimes avast picks files up as the compression bomb and it isn’t. How would I tell?

4

http://forum.avast.com/index.php?topic=84249.0
http://forum.avast.com/index.php?topic=8943.msg73950#msg73950
http://forum.avast.com/index.php?topic=15389.msg131213#msg131213

5

For the most part they are not an issue - Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. There is no easy way to determine what that size might be. Many file types can be highly compressed, without examples we can’t say one way or another.

This used to be a tactic long ago to swamp the system, also see http://forum.avast.com/index.php?topic=15389.msg131213#msg131213.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally ‘archive’ files which are inert, don’t present an immediate risk until they are unpacked. If you happen to select ‘All packers’ in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning ‘all packers’ and that is why it isn’t enabled by default.