It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The file is a decompression bomb
page: 14
share:
OK...this sounds scary
Avast just found three of these on my laptop.
What does it mean.
What should I do.
Can they be removed?
The file location is SERVICE something.....correct path to follow.
Yeah...I did a google on the decompression bomb....but not sure what can be done.
might be part of the conflict Avast has with Windows Defender
www.abovetopsecret.com...
Avast just found three of these on my laptop.
What does it mean.
What should I do.
Can they be removed?
The file location is SERVICE something.....correct path to follow.
Yeah...I did a google on the decompression bomb....but not sure what can be done.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason
given)
might be part of the conflict Avast has with Windows Defender
www.abovetopsecret.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
a reply to: mysterioustranger
Avast had this to say
forum.avast.com...
and from this year
forum.avast.com...
Avast had this to say
forum.avast.com...
and from this year
forum.avast.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
Check the properties of the file. It may just be a false alarm. Usually Avast will have a pop up asking you if you want it to destroy anything that it finds.
Check the properties of the file. It may just be a false alarm. Usually Avast will have a pop up asking you if you want it to destroy anything that it finds.
originally posted by: mysterioustranger
a reply to: DontTreadOnMe
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
99.999% of the time a PuP is absolutely harmless. Most of the time i wouldn't even recommend removing them or they could # up software you have installed.
Here's the path
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpavbase.vdm
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpengine.dll
These seem to related Windows Defender...which has been turned off.
answers.microsoft.com...
regrunreanimator.com...
Basically...nothing to be very concerned about, AFAICS.
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpavbase.vdm
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpengine.dll
These seem to related Windows Defender...which has been turned off.
answers.microsoft.com...
regrunreanimator.com...
Basically...nothing to be very concerned about, AFAICS.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
You would have to remove it in safe mode. There are websites that will walk you through a few scans, HIjack this and tell what to do from there until the scans are clean. There might even be a 1 time fix.
I like bleepingcomputer.com, go to forums. Follow the directions and get in line for help. They have always fixed any problem I had. Especially things that interfere with antivirus programs.
There should really be no reason to turn off Windows defender.
You would have to remove it in safe mode. There are websites that will walk you through a few scans, HIjack this and tell what to do from there until the scans are clean. There might even be a 1 time fix.
I like bleepingcomputer.com, go to forums. Follow the directions and get in line for help. They have always fixed any problem I had. Especially things that interfere with antivirus programs.
There should really be no reason to turn off Windows defender.
a reply to: reldra
I like Bleeping Computer...and didn't know they provided that service....so thanks for that info.
This thing is not an infected file...the scan said ZERO infected files.
Avast is having a conflict with Windows Defender.....at least on this laptop.
www.abovetopsecret.com...
I uninstalled Avast...Windows Defender worked like a charm again.
At some point, I'll be switching AVs on both computers.
I like Bleeping Computer...and didn't know they provided that service....so thanks for that info.
This thing is not an infected file...the scan said ZERO infected files.
Avast is having a conflict with Windows Defender.....at least on this laptop.
www.abovetopsecret.com...
I uninstalled Avast...Windows Defender worked like a charm again.
At some point, I'll be switching AVs on both computers.
I would check to be sure. Run malewarebytes. You could go the faster route, run hijackthis is safe mode and have a pair of eyes at bleeping computer
look at just that report.
I recommend Avira, it's light and effective. I have that on with windows defender. I run malwarebytes once a week.
I recommend Avira, it's light and effective. I have that on with windows defender. I run malwarebytes once a week.
edit on 20-8-2016 by reldra
because: (no reason given)
a reply to: reldra
Both computers are running the paid version of Malwarbytes....so we have real time protection....and scan daily.
And run CCleaner daily.
If my husband had been downloading and visiting "off" sites....I'd be more concerned.
But Avast seems to have this issue w/ decompression bombs for various reasons. AND....a know issue with Windows Defender.
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
Both computers are running the paid version of Malwarbytes....so we have real time protection....and scan daily.
And run CCleaner daily.
If my husband had been downloading and visiting "off" sites....I'd be more concerned.
But Avast seems to have this issue w/ decompression bombs for various reasons. AND....a know issue with Windows Defender.
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
originally posted by: DontTreadOnMe
a reply to: reldra
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
It is. It has much improved.
a reply to: DontTreadOnMe
A decompression bomb is designed to unzip a small file to an enourmous or even infinite size file. This is supposed to crash the AV program when internal buffers overflow.
Like the famous "halting problem" in computation, you can't know that the file cannot be successfully unzipped until you try to do it, hence the problem.
Avast decompresses in a VM and so a crash of the VM (which obviously has limited resources compared with the 'real' machine) could be taken to indicate the action of a decompression bomb. It leaves the core program executing normally (which should start a new VM and continue with the next file to scan, marking the suspect file as a potential threat or preferably, quarantining it).
Because the operating systems these days also have the capability of 'opening' zipped files, a decompression bomb can compromise OS function, too.
Where a file being scanned is not a decompression bomb but the VM crashes anyway, the AV can only assume that it must have been a decompression bomb. Normally, file locking or permissions issues cannot crash a VM (the file-opening errorslevels are different) so it isn't likely to be a case of an unreadable file causing a false positive.
It is possible that a file could randomly contain a sequence of data which will produce a large data-set if a decompression algorithm is applied. In this case, the file would be a decompression bomb, but only by acident, not design. If no decompression algorithm is ever attempted, then the file is inert and no danger.
A decompression bomb is designed to unzip a small file to an enourmous or even infinite size file. This is supposed to crash the AV program when internal buffers overflow.
Like the famous "halting problem" in computation, you can't know that the file cannot be successfully unzipped until you try to do it, hence the problem.
Avast decompresses in a VM and so a crash of the VM (which obviously has limited resources compared with the 'real' machine) could be taken to indicate the action of a decompression bomb. It leaves the core program executing normally (which should start a new VM and continue with the next file to scan, marking the suspect file as a potential threat or preferably, quarantining it).
Because the operating systems these days also have the capability of 'opening' zipped files, a decompression bomb can compromise OS function, too.
Where a file being scanned is not a decompression bomb but the VM crashes anyway, the AV can only assume that it must have been a decompression bomb. Normally, file locking or permissions issues cannot crash a VM (the file-opening errorslevels are different) so it isn't likely to be a case of an unreadable file causing a false positive.
It is possible that a file could randomly contain a sequence of data which will produce a large data-set if a decompression algorithm is applied. In this case, the file would be a decompression bomb, but only by acident, not design. If no decompression algorithm is ever attempted, then the file is inert and no danger.
edit on 21/8/2016 by chr0naut because: (no reason given)
new topics
-
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media: 2 hours ago -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 4 hours ago -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 8 hours ago -
Electrical tricks for saving money
Education and Media: 11 hours ago
top topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 13 hours ago, 10 flags -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 17 hours ago, 8 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 14 hours ago, 5 flags -
Sunak spinning the sickness figures
Other Current Events: 13 hours ago, 4 flags -
Electrical tricks for saving money
Education and Media: 11 hours ago, 4 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 15 hours ago, 2 flags -
Any one suspicious of fever promotions events, major investor Goldman Sachs card only.
The Gray Area: 4 hours ago, 2 flags -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media: 2 hours ago, 1 flags -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 8 hours ago, 0 flags
active topics
-
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues • 49 • : YourFaceAgain -
Electrical tricks for saving money
Education and Media • 6 • : lordcomac -
Scientists Say Even Insects May Be Sentient
Science & Technology • 57 • : FlyersFan -
Sunak spinning the sickness figures
Other Current Events • 16 • : Freeborn -
President BIDEN Vows to Make Americans Pay More Federal Taxes in 2025 - Political Suicide.
2024 Elections • 139 • : xuenchen -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 9 • : Vermilion -
Should Biden Replace Harris With AOC On the 2024 Democrat Ticket?
2024 Elections • 50 • : YourFaceAgain -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 57 • : baablacksheep1 -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 39 • : crayzeed -
British TV Presenter Refuses To Use Guest's Preferred Pronouns
Education and Media • 147 • : Annee
4