It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

The file is a decompression bomb

page: 1
4

log in

join
share:

posted on Aug, 20 2016 @ 10:09 AM
link   
OK...this sounds scary
Avast just found three of these on my laptop.

What does it mean.
What should I do.
Can they be removed?

The file location is SERVICE something.....correct path to follow.

Yeah...I did a google on the decompression bomb....but not sure what can be done.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)

might be part of the conflict Avast has with Windows Defender
www.abovetopsecret.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)




posted on Aug, 20 2016 @ 10:12 AM
link   
a reply to: DontTreadOnMe

Heard of it...let us know.

Another is called and listed as a PUP (Potentially Unwanted Program)

Its a an install coming from a variety of normal everyday clicks we do...and there are many.

Thanks DTOM



posted on Aug, 20 2016 @ 10:19 AM
link   
a reply to: mysterioustranger
Avast had this to say
forum.avast.com...


and from this year
forum.avast.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)



posted on Aug, 20 2016 @ 10:20 AM
link   
a reply to: DontTreadOnMe


Check the properties of the file. It may just be a false alarm. Usually Avast will have a pop up asking you if you want it to destroy anything that it finds.



posted on Aug, 20 2016 @ 10:21 AM
link   

originally posted by: mysterioustranger
a reply to: DontTreadOnMe

Heard of it...let us know.

Another is called and listed as a PUP (Potentially Unwanted Program)

Its a an install coming from a variety of normal everyday clicks we do...and there are many.

Thanks DTOM


99.999% of the time a PuP is absolutely harmless. Most of the time i wouldn't even recommend removing them or they could # up software you have installed.



posted on Aug, 20 2016 @ 10:57 AM
link   
Here's the path
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpavbase.vdm
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpengine.dll

These seem to related Windows Defender...which has been turned off.
answers.microsoft.com...
regrunreanimator.com...

Basically...nothing to be very concerned about, AFAICS.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)



posted on Aug, 20 2016 @ 11:21 AM
link   
a reply to: DontTreadOnMe

You would have to remove it in safe mode. There are websites that will walk you through a few scans, HIjack this and tell what to do from there until the scans are clean. There might even be a 1 time fix.

I like bleepingcomputer.com, go to forums. Follow the directions and get in line for help. They have always fixed any problem I had. Especially things that interfere with antivirus programs.

There should really be no reason to turn off Windows defender.



posted on Aug, 20 2016 @ 11:31 AM
link   
a reply to: reldra

I like Bleeping Computer...and didn't know they provided that service....so thanks for that info.
This thing is not an infected file...the scan said ZERO infected files.

Avast is having a conflict with Windows Defender.....at least on this laptop.
www.abovetopsecret.com...
I uninstalled Avast...Windows Defender worked like a charm again.

At some point, I'll be switching AVs on both computers.



posted on Aug, 20 2016 @ 11:35 AM
link   
I would check to be sure. Run malewarebytes. You could go the faster route, run hijackthis is safe mode and have a pair of eyes at bleeping computer look at just that report.

I recommend Avira, it's light and effective. I have that on with windows defender. I run malwarebytes once a week.
edit on 20-8-2016 by reldra because: (no reason given)



posted on Aug, 20 2016 @ 11:39 AM
link   
a reply to: reldra

Both computers are running the paid version of Malwarbytes....so we have real time protection....and scan daily.
And run CCleaner daily.
If my husband had been downloading and visiting "off" sites....I'd be more concerned.
But Avast seems to have this issue w/ decompression bombs for various reasons. AND....a know issue with Windows Defender.

Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.



posted on Aug, 20 2016 @ 12:04 PM
link   

originally posted by: DontTreadOnMe
a reply to: reldra



Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.


It is. It has much improved.



posted on Aug, 20 2016 @ 12:42 PM
link   
a reply to: reldra

Well, then....I'll put it on my short list for AVs to consider.....many thanks.



posted on Aug, 21 2016 @ 04:23 AM
link   
a reply to: DontTreadOnMe

A decompression bomb is designed to unzip a small file to an enourmous or even infinite size file. This is supposed to crash the AV program when internal buffers overflow.

Like the famous "halting problem" in computation, you can't know that the file cannot be successfully unzipped until you try to do it, hence the problem.

Avast decompresses in a VM and so a crash of the VM (which obviously has limited resources compared with the 'real' machine) could be taken to indicate the action of a decompression bomb. It leaves the core program executing normally (which should start a new VM and continue with the next file to scan, marking the suspect file as a potential threat or preferably, quarantining it).

Because the operating systems these days also have the capability of 'opening' zipped files, a decompression bomb can compromise OS function, too.

Where a file being scanned is not a decompression bomb but the VM crashes anyway, the AV can only assume that it must have been a decompression bomb. Normally, file locking or permissions issues cannot crash a VM (the file-opening errorslevels are different) so it isn't likely to be a case of an unreadable file causing a false positive.

It is possible that a file could randomly contain a sequence of data which will produce a large data-set if a decompression algorithm is applied. In this case, the file would be a decompression bomb, but only by acident, not design. If no decompression algorithm is ever attempted, then the file is inert and no danger.

edit on 21/8/2016 by chr0naut because: (no reason given)




top topics



 
4

log in

join