Hi there guys,
Today I did a full scan of my system and avast! had some problems scanning some files. A couple of them were password-protected rars, but there was one which returned “Error: this file is a decompression bomb. (42110)”.
The file is sxei_mm.dll (part of the server-side anti-cheat sXe Injected) and seems to be encrypted with Execryptor https://www.virustotal.com/es/analisis/a71703fe1a45c6b2eb7c9d94a45a13dcf6acc62d20752340b1ccee7bef8871d5-1269051032.
You can’t send a decompression bomb to Alwil because avast! can’t scan files that’s been unpacked with enourmous amounts of data.
Execryptor is a very strong packer/encryptor made by StrongBit. Programmers, including anti-cheat developers, use this type of packer/encryptor to protect their files from being modified or cracked. That’s why the other AV vendors detects this file.
Well lets get this straight, I don’t believe avast is saying this is infected, correct, just that it can’t be scanned as when unpacked it would be excessively large.
The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.
No you can’t attach it:
a. It is likely to exceed the maximum file size allowed to attach.
b. You can only attach files of the following type, .jpg, .png, .gif, .txt and .log.
c. Were it truly a suspect/infected file then the last place we would want it is in the forums.