Heuristic.ArchiveBomb, a squared, & avg75free

Discussion in 'Malware Help (A Specialist Will Reply)' started by DoubleGoat, Nov 9, 2006.

  1. DoubleGoat

    DoubleGoat Private E-2

    When I research information on Heuristic.ArchiveBomb...I have read a lot about "false positives". It doesn't appear a false positive to me. I have had it run (opening many windows), hit ctrl alt del, and shut off the computer before it could crash.

    This is emsisoft's definition: Archive Bombs are not really Malware, but can crash Malware scanners. The idea behind is simple: A Malware writer creates an archive file such as zip that is very small, but contains very large files. If a file is filled with the same characters, a 1 GB file can be compressed down to a few bytes. A Malware scan engine that supports scanning of archive files would try to unpack the content to the harddisk to scan, but fill up the disk with unpacked data until the system crashes. Other archive bombs are manipulated archive files, that let the scanner unpack and scan in an endless loop.

    Mine is located in
    C:\\WINDOWS\Downloaded Installations\avg75free_428a818.exe/files.dat

    I tried downloading the newest version of AntiVir and it said it was flawed. I run windows '98 and use dial up (it took forever). Any suggestions? (Besides updating windows and internet speed) I suppose it involves downloading AntiVir again?
     
    DoubleGoat, Nov 9, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    A heuristic detection is not a positive detection of malware so deleting them is not recommended without confirmation. I would follow the steps below.

    http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    • Make sure you check version numbers and get all updates.
    http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

    http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis
    • Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
    http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:
    • CounterSpy - ONLY IF you were not able to run Windows Defender
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs![/FONT]
     
    bjgarrick, Nov 9, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds