Just did my first scan with Avast home version. The first line in the “Results of last scan” is: “Unable to scan: The file is a decompression bomb” , this is for a file named COMMS1.cdb. I know what this file is and it is legit, or at least a file named that belongs where it is lol.
There are hundreds of files with ext cdb in the same area as this one, yet it is the only one with this error.
This is a Win XP pro machine and I have done the file compression to increase my drive capacity.
Can anyone tell me what a “decompression bomb” is?
Thank you in advance.
A decompression bomb is a file that unpacks to an enormous amount of data - thus “flooding” the unpacking engine. It’s quite hard to detect such files reliably, so it’s possible that it gives some false alarms ocassionally.
Typically such a bomb is a multi-level packing thing – data’s compressed with one packer (e.g. into a zip), then the resulting archive file is in turn packed (usually with a different packer), and so on several times.
We had a thread here a while back reporting avast and system crashes from trying to scan an apparently small file (50 or 100K, if I remember) which would have eventually expanded, if disk space and memory were available, to a couple of hundred gigs. :o
So 4.5’s new ability to at least try to detect such bombs is certainly a welcome addition.
wow, so should I be concerned that this may have been tampered with by some virus like infection?
As far as I know this file is a winzipped filed which was then compressed when I selected “compress drive” to regain some space on my poor little choked up laptop.
No, I think the file is OK - just the compression ratio is unusually high.
You may check the properties of the file - how big is the compressed and uncompressed size?
Well I have the same bomb, file name
G:\RECYCLER\S-1-5-21-789336058-2025429265-682003330-1003\Dg53.iso\EXTRAS\DOOM 3~5\DAEMON~0\DAEMON~0.EXE$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe
I dont know much about virus protection or computers that much so if anyone could help please try to simplify what I should do. :-[
Hey I’m new on the avast forum. I have no idea what a decompression bomb is or what its douse is it keylogger virus mallware spywere is it lethal or something .
i let my Avast home scan it shows me C:\System Volume Information.…\Data1.cab 3times and a C:\Documents and Settings.…\Data1.cab
Can someone pls tell me haw do deal with it or tell me what do to
Thx for Reading .
decompression bomb is just something that unpacks to an unusually big amount of data even though it’s rather small (i.e. has a high compression ratio, for example). It’s nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it’s an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)
I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files.
Click ‘Settings’ in my signature for more info
Is there any way to delete the decompression bomb, though? Because Avast found one in my temp:
C:\windows\Temp\Leg93A.tmp$INSTDIR\data.grf
I think I know what it is, and if memory serves, it pertains to an Online MMO (Ragnarok Online: Legacy) that ended up not working on my computer and I deleted it.
The better will be sent to Chest.
If the file is too big, or you’re sure it could be deleted, just do it within the virus alert (delete button) or using Windows Explorer.
Under normal circumstances I would say leave it alone as all avast is reporting it is can’t/didn’t scan the file because it is a very large archive and when unpacked (to be able to scan the contents it has to be unpacked) could be very, very large.
Now this in the dim and distant past was used to crash a system hence it got named a ‘decompression bomb’ and the term is still used today though there is much less possibility of it crashing a system as they have far more resources. So decompression bomb is very scary but not necessarily malicious.
Since this is in a Temp folder the easiest option is to clear the Temp folder.
Strange file…
Please submit it to VirusTotal and let us know the result.
I suggest:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
