It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The file is a decompression bomb
page: 14
share:
OK...this sounds scary
Avast just found three of these on my laptop.
What does it mean.
What should I do.
Can they be removed?
The file location is SERVICE something.....correct path to follow.
Yeah...I did a google on the decompression bomb....but not sure what can be done.
might be part of the conflict Avast has with Windows Defender
www.abovetopsecret.com...
Avast just found three of these on my laptop.
What does it mean.
What should I do.
Can they be removed?
The file location is SERVICE something.....correct path to follow.
Yeah...I did a google on the decompression bomb....but not sure what can be done.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason
given)
might be part of the conflict Avast has with Windows Defender
www.abovetopsecret.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
a reply to: mysterioustranger
Avast had this to say
forum.avast.com...
and from this year
forum.avast.com...
Avast had this to say
forum.avast.com...
and from this year
forum.avast.com...
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
Check the properties of the file. It may just be a false alarm. Usually Avast will have a pop up asking you if you want it to destroy anything that it finds.
Check the properties of the file. It may just be a false alarm. Usually Avast will have a pop up asking you if you want it to destroy anything that it finds.
originally posted by: mysterioustranger
a reply to: DontTreadOnMe
Heard of it...let us know.
Another is called and listed as a PUP (Potentially Unwanted Program)
Its a an install coming from a variety of normal everyday clicks we do...and there are many.
Thanks DTOM
99.999% of the time a PuP is absolutely harmless. Most of the time i wouldn't even recommend removing them or they could # up software you have installed.
Here's the path
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpavbase.vdm
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpengine.dll
These seem to related Windows Defender...which has been turned off.
answers.microsoft.com...
regrunreanimator.com...
Basically...nothing to be very concerned about, AFAICS.
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpavbase.vdm
C:WindowsServiceProfilesNetworkServiceAppDataLocalTempmpam-86e5c9d0.exe|>mpengine.dll
These seem to related Windows Defender...which has been turned off.
answers.microsoft.com...
regrunreanimator.com...
Basically...nothing to be very concerned about, AFAICS.
edit on Sat Aug 20 2016 by DontTreadOnMe because: (no reason given)
a reply to: DontTreadOnMe
You would have to remove it in safe mode. There are websites that will walk you through a few scans, HIjack this and tell what to do from there until the scans are clean. There might even be a 1 time fix.
I like bleepingcomputer.com, go to forums. Follow the directions and get in line for help. They have always fixed any problem I had. Especially things that interfere with antivirus programs.
There should really be no reason to turn off Windows defender.
You would have to remove it in safe mode. There are websites that will walk you through a few scans, HIjack this and tell what to do from there until the scans are clean. There might even be a 1 time fix.
I like bleepingcomputer.com, go to forums. Follow the directions and get in line for help. They have always fixed any problem I had. Especially things that interfere with antivirus programs.
There should really be no reason to turn off Windows defender.
a reply to: reldra
I like Bleeping Computer...and didn't know they provided that service....so thanks for that info.
This thing is not an infected file...the scan said ZERO infected files.
Avast is having a conflict with Windows Defender.....at least on this laptop.
www.abovetopsecret.com...
I uninstalled Avast...Windows Defender worked like a charm again.
At some point, I'll be switching AVs on both computers.
I like Bleeping Computer...and didn't know they provided that service....so thanks for that info.
This thing is not an infected file...the scan said ZERO infected files.
Avast is having a conflict with Windows Defender.....at least on this laptop.
www.abovetopsecret.com...
I uninstalled Avast...Windows Defender worked like a charm again.
At some point, I'll be switching AVs on both computers.
I would check to be sure. Run malewarebytes. You could go the faster route, run hijackthis is safe mode and have a pair of eyes at bleeping computer
look at just that report.
I recommend Avira, it's light and effective. I have that on with windows defender. I run malwarebytes once a week.
I recommend Avira, it's light and effective. I have that on with windows defender. I run malwarebytes once a week.
edit on 20-8-2016 by reldra
because: (no reason given)
a reply to: reldra
Both computers are running the paid version of Malwarbytes....so we have real time protection....and scan daily.
And run CCleaner daily.
If my husband had been downloading and visiting "off" sites....I'd be more concerned.
But Avast seems to have this issue w/ decompression bombs for various reasons. AND....a know issue with Windows Defender.
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
Both computers are running the paid version of Malwarbytes....so we have real time protection....and scan daily.
And run CCleaner daily.
If my husband had been downloading and visiting "off" sites....I'd be more concerned.
But Avast seems to have this issue w/ decompression bombs for various reasons. AND....a know issue with Windows Defender.
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
originally posted by: DontTreadOnMe
a reply to: reldra
Is Avira the umbrella icon one?
I used it for a few years....until it got bloaty for me....would not update definitions in a timely fashion.
It is. It has much improved.
a reply to: DontTreadOnMe
A decompression bomb is designed to unzip a small file to an enourmous or even infinite size file. This is supposed to crash the AV program when internal buffers overflow.
Like the famous "halting problem" in computation, you can't know that the file cannot be successfully unzipped until you try to do it, hence the problem.
Avast decompresses in a VM and so a crash of the VM (which obviously has limited resources compared with the 'real' machine) could be taken to indicate the action of a decompression bomb. It leaves the core program executing normally (which should start a new VM and continue with the next file to scan, marking the suspect file as a potential threat or preferably, quarantining it).
Because the operating systems these days also have the capability of 'opening' zipped files, a decompression bomb can compromise OS function, too.
Where a file being scanned is not a decompression bomb but the VM crashes anyway, the AV can only assume that it must have been a decompression bomb. Normally, file locking or permissions issues cannot crash a VM (the file-opening errorslevels are different) so it isn't likely to be a case of an unreadable file causing a false positive.
It is possible that a file could randomly contain a sequence of data which will produce a large data-set if a decompression algorithm is applied. In this case, the file would be a decompression bomb, but only by acident, not design. If no decompression algorithm is ever attempted, then the file is inert and no danger.
A decompression bomb is designed to unzip a small file to an enourmous or even infinite size file. This is supposed to crash the AV program when internal buffers overflow.
Like the famous "halting problem" in computation, you can't know that the file cannot be successfully unzipped until you try to do it, hence the problem.
Avast decompresses in a VM and so a crash of the VM (which obviously has limited resources compared with the 'real' machine) could be taken to indicate the action of a decompression bomb. It leaves the core program executing normally (which should start a new VM and continue with the next file to scan, marking the suspect file as a potential threat or preferably, quarantining it).
Because the operating systems these days also have the capability of 'opening' zipped files, a decompression bomb can compromise OS function, too.
Where a file being scanned is not a decompression bomb but the VM crashes anyway, the AV can only assume that it must have been a decompression bomb. Normally, file locking or permissions issues cannot crash a VM (the file-opening errorslevels are different) so it isn't likely to be a case of an unreadable file causing a false positive.
It is possible that a file could randomly contain a sequence of data which will produce a large data-set if a decompression algorithm is applied. In this case, the file would be a decompression bomb, but only by acident, not design. If no decompression algorithm is ever attempted, then the file is inert and no danger.
edit on 21/8/2016 by chr0naut because: (no reason given)
new topics
-
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness: 1 hours ago -
D.B. Cooper mystery may be solved
General Conspiracies: 6 hours ago
top topics
-
D.B. Cooper mystery may be solved
General Conspiracies: 6 hours ago, 17 flags -
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness: 1 hours ago, 10 flags
active topics
-
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness • 19 • : Kaiju666 -
I thought Trump was the existential threat?
World War Three • 85 • : fringeofthefringe -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7834 • : baddmove -
Interesting Video-UFO?
Aliens and UFOs • 18 • : ManSizedSquirrel -
Federal law trumps state and local law every time
Social Issues and Civil Unrest • 32 • : marg6043 -
Well, here we go red lines crossed Biden gives the go ahead to use long range missiles
World War Three • 400 • : marg6043 -
Results of the use of the Oreshnik missile system in Dnepropetrovsk
World War Three • 243 • : Oldcarpy2 -
D.B. Cooper mystery may be solved
General Conspiracies • 20 • : Flyingclaydisk -
How Long have You been Alive?
General Chit Chat • 34 • : Flyingclaydisk -
Mood Music Part VI
Music • 3717 • : BrucellaOrchitis
4