Hi, I just ran a scan overnight and had 10 of these found. 1 is in my docs. and sets.-root image and the others are image iso’s. I don’t know any thing about this stuff, so I’ve been looking it up. Wikipedia says it could fill my computer, a post on here basically says its nothing don’t worry about it. The thing is I got an alert yesterday while I was downloading something from what claimed to be my “Windows Security Center”. The alert said 9 viruses were found a couple being trojans. So I aborted the download closed everything and did a deep scan. While scanning I opened the Windows Security… to see if the alert was still viewable, and saw that the only AV listed is Avast. This makes me wonder if the file I was downloading was the problem, because I should have received the alert from Avast. At any rate, all this makes me a little nervous just dismissing the decompression bombs as nothing. The alert said 9 viruses and my Avast scan turned up 10 d. bombs. If Avast was unable to open them, does that mean that I’ve never opened them? Would it ever be possible that a picture or a video of my kids that I uploaded, be referred to as a d. bomb? I know that sounds dumb, but I don’t want to get rid of something I want. Finally, if I’ve never opened these, I might as well get rid of them - do I move them to the chest or delete them? sorry this was so long.
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It’s not a big problem in this case, however - the “decompression bomb” announcement actually means something like “The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content”.
I’d suggest to ignore these files. Don’t worry.
K., if you say so. Thanks
Hi malware fighters,
Here is a nice test site to test the detection of various decompression bombs and see what av flags them:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Removal of these are not very intricate - just delete: decompression bomb’s are a sort of “Denial of service attack”. Its a small file, triggered by the right circumstances (usually in the form of visiting certain web pages which uses Gzip transfer encoding). The file will then expand, making all services nearly impossible to function properly…
polonus