decompression bomb

General Topics
1

After running avast scan, it showed a file that could not be scanned because it was a decompression bomb. i tried to move to chest and tried to delete file and it says there was an error. i found the file in the temp folder, but i can’t do anything with it there either.

file is c:\windows\temp_avast4_\unp187064927.tmp{gzip}

thank you in advance for any help

2

Hi kkwilson!

A decompression bomb isn’t necessarily bad. Its just a file which is highly compressed…

So I would let it be like it is… :slight_smile:

(Possibly someone else can help any further…)

yours
onlysomeone

3

I have see posts here that the most dangerous thing about a “decompression bomb” is the terminology.
It is simply a file with an unusually high compression ratio or routine.
Chances are it is not infected, just unable to be scanned because of the compression of it.
It’s in a temp folder, so should be safe to delete within a day or two. If you cannot delete it using Windows explorer, post back, let us know.
The reason it couldn’t be moved to the chest is likely to be the file size is too large.

4

Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It’s not a big problem in this case, however - the “decompression bomb” announcement actually means something like “The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content”.

I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click ‘Settings’ in my signature for more info :wink:

5

This folder, c:\windows\temp_avast4_ is where avast unpacks files so that they may be scanned and files are given names like the one you mention unp187064927.tmp. However these files are normally removed when the scan completes, why this one was left behind is not known.

As has been mentioned this is a temporary location and the file is effectively redundant, you can delete it safely.