UNable to scan:This is a Decompression BomB....

hi,
I recently ran a thorough scan of my system in safe mode as my cd drive keeps ejecting unneceesarily without warning…
After scan was completed under the scan results it showed a list of files and saays that it couldn’t scan it as it was corrupted.
but on attempting to scan it again it shows thw msg “unable to scan:it is a decompression bomb”
what does this mean ?
Is it a virus? how to handle it?

A decompression bomb is a DoS attempt (denial of service attack), its basically a compressed/archived file that expands to an enormous size using a hell of alot of system resources and crashes the computer.

Could you post the avast log file of this scan so we can futher help you with this problem please?

–lee

Like Lee said, decompression bomb is just something that unpacks to an unusually big amount of data even though it’s rather small (i.e. has a high compression ratio, for example). It’s nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it’s an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)

I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files. Click ‘Settings’ in my signature for more info :wink:

Thanks for the information, Igor. Avast! found 5 of them on my D: drive this morning (5/17/20080, and I am not even running a server–at least, not that I know of. Can I safely delete them? The program recommends moving them to the chest.

rl

Why would you want to delete them, avast hasn’t said that they are infected, it is just saying why they can’t be scanned. There is no physical recommendation for files that are in the list of files that can’t be scanned, all you are seeing is a list of possible options.

As far as files that can’t be scanned the best option is to ignore, take no action, just close the window, remember they will be on the list the next time also.

OK. Thanks. Ignore is easy. I can do that!

rl

No problem, welcome to the forums.

Thanks.

I have had another issue concerning this come up. All five of these decompression bombs are in one backup on my D: drive. I have run out of space on that drive, and can no longer do backups until I free some space up. I would like to delete that particular backup. Can I safely do so?

Of course you could safely delete that back-up, but you wouldn’t be able to use that back-up.

You shouldn’t be deleting it, just because of the decompression bomb report, back-ups by there nature are most likely to be highly compressed and unpacking would result in massive size.

If you are trying to recover space, you should be removing the oldest back-ups in order aas they are the least useful, rather than because the decompression bomb report. This is just good housekeeping, clearing out the oldest first, I do regular weekly disk image back-ups but only keep the last five, the oldest being deleted on the creation of the new disk image.