Hi there, my other computer in the house received a lot of virus warnings the other day.
I had a trojan and some other things, so I scheduled a boot time scan. The boot time scan didn’t find all the viruses however, because after it booted up, I was receiving warnings again.
I booted into safe mode to perform a scan. Avast found the viruses and deleted them. There was also an archive that it was unable to scan - I knew what it was, and didn’t need it, so I deleted it.
However, the last item in the list was called a “decompression bomb” and it was located in a place on my hard drive that I am unfamiliar with.
Here is the path of the file (note that the E drive does not contain the folder mentioned):
E:\System Volume Information_restore{A2DF8360-4853-45B9-B89A-51D7E4D4A1BE}\RP162\S0044977.Acl\EXCEL.EXE
What is this mysterious folder on my E drive, and what’s with excel being there as a “bomb”? I’m leaving my computer in safe mode, not touching it, until someone replies to this post and I can get rid of the file if necessary.
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
Use the immunization of [url=SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It’s not a big problem in this case, however - the “decompression bomb” announcement actually means something like “The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content”.
I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click ‘Settings’ in my signature for more info
Maybe it’s hidden just…
Follow the rule number 1 as I’ve posted above.