What does Unable to scan: The file is a decompression bomb mean?

Decompression bomb is just something that unpacks to an unusually big amount of data even though it’s rather small (i.e. has a high compression ratio, for example). It’s nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it’s an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)

Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It’s not a big problem in this case, however - the “decompression bomb” announcement actually means something like “The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content”.

I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click ‘Settings’ in my signature for more info

how did that happen? it never appeared before.

Which is the file being shown as a decompression bomb?
Maybe a new one, that wasn’t in your system before?

they are one of the bonic project’s that i’m running. it’s called climateprediction.

And them? Are the new ones? These could explain they were not a problem before.
Anyway, decompression bombs could not be such a problem… you may have set the proper configuration if you get rid from this alert. You need to change avast4.ini file. Click ‘Settings’ in my signature.
But you can just ignore the message the most of the time, specially if you trust the source of the files…

so then i don’t need to move it to the virus cheats?

Most probably not.
You can:

1. Check these files against JOTTI and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
2. If they are false positives, you can add these files to the exclusion lists.

Well, they’re not infected as far I can see. Decompression bombs is a prevention test, not a virus itself.

Whislt you may not need to send it to the virus chest (after checking with Jotti, etc.) if it is a false positive detection.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

JOTTI said that those files where clean. Should I send it to avast?

No need for this.
There are two exclusion lists: one in program settings, for the on-demand scanning.
And other in Standard Shield settings, for the on-access protection (residents).
Wildcards are allowed 8)

I just got infected with a MS06-001 WMF Exploit. I tried moving it to Virus Chest and Repair because it is being used by another program. How do I get rid of it?

When reporting something like this please help us to help you.

• What OS are you using? is it up to date?
  probably not as the wmf vulnerability has been patched by MS, so a visit to windows update is in order.

• What was the virus name, what was the file name, where was it found
  example (C:\windows\system32\infected-file-name.xxx)?
  I would have thought it would have first gone through the web shield, which should have caught it (if standard shield can detected so should web shield), so it would be interesting to know how it got on your system.

If you have XP try scheduling a boot-time scan from within avast.

Windows XP Home Edition Service Pack 2

Program and Vps are up to date

Malware name MS06-001 WMF Exploit

Malware type Virus/Worm

File name C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\SLKZ8ZC3\M3BqQ1JFVXl0Sm9BQUhRSjNzRUFBQUNR[1].wmf

Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.

Access denied means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!

I was able to get the file to the virus chest. Thanks.

I don’t doubt that the avast Program and VPS are up to date, however, if your OS were fully up to date there has been a security update to patch the vulnerability. The virus name indicates the security update - MS06-001 - so it would appear that you need that patch.

I’m also surprised that the web shield didn’t detect it when it was on its way to the browser cache, do you have the web shield enabled ?

How was this virus detected, I’m assuming by standard shield when you were browsing, or during a routine scan ?

The web sheild is enabled. What should I do with the infected file?

Move it to the virus chest and see how your system runs for about 2 weeks. It is fine in the virus chest there it can do no harm. After about 2 weeks with your VPS up to date right click the file in the chest and see if it is still detected as a virus if so, you have waited long enough and your system is fine so it is ok to delete.

thank you.