What do these antivirus scan results mean to you? | Gen-Tech | Forums

A A A

Please consider registering
guest

Log In Register

Register | Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
What do these antivirus scan results mean to you?
Topic Rating: 0 (0 votes) 
February 17, 2010
9:55 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
1
0

Avast 4.8 antivirus certified my system to be clean after I did a thorough scan with it.

I write this thread despite that for 2 reasons & am confident that dottechies would benefit because of those 2 reasons:-  Smile

1) An antivirus scan report categorizes scan results into a few categories. Useful to understand those categories.

2) Within each category it names the apps. Useful to know which apps they are because to be forewarned is to be forearmed.

By inference things may not be hunky dory just because you got a clean chit. If you read the categories you’ll know why! Frown  I am hoping some of our members could throw some light on this. Smile

I thought scheduling this forum thread after the recent main blog thread  – “on good antivirus freewares” could provide some synergies. It would be useful if others could share the picture as far as Avira & AVG if / when they reply to this post. That way you’d not only choose your antivirus wisely but after having done so would also understand its scan results better. Laugh I read & save some antivirus scan logs because they can provide useful early warning signals.

RameshSmile

February 17, 2010
9:57 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
2
0

Avast antivirus categorizes issues into 7 categories:- Smile

1)      The process cannot access the file because it is being used by another process (32) – Sad but there’s nothing I could do about it. Or is there? BTW when I ran antivirus I ran nothing no other app.

2)      Archive is password protected. (42056) – Sad but there’s nothing I could do about it. Or is there?

3)      The file pointer cannot be set on the specified device or file (132) – Sad but there’s nothing I could do about it. Or is there?

4)      CAB archive is corrupted. (42127) 

5)      Installer archive is corrupted. (42146)

6)      ZIP archive is corrupted. (42125)

7)      The file is a decompression bomb. (42110) – Sad but there’s nothing I could do about it. Or is there?

 

Do Avira & AVG classify virus scan results differently? Kindly share your experience regarding Avira & AVG virus scan report. Your reply would be helpful to everyone.

RameshSmile

February 17, 2010
10:01 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
3
0

Some issues I could not figure out. So kindly help me.

I think I have figured out other issues. So kindly reconfirm if indeed I have as follows. These are the issues I think I have figured out:-

1)  The corrupted CAB archive can be overwritten by downloading it afresh & putting it into the correct folder right?

2)  The same goes for the corrupted installer archive & corrupted ZIP archive. Am I right?

3)  Google tells me that a decompression bomb is horrible thing. It is an exe or zip which has been zipped more than once. That is a zip on a zip on a zip on a zip on a ….. * The file is so highly compressed that it has a very high compression ratio. When this file decompresses (upon unzip) it could analogically be like a “nuclear bomb” – it could just flood your hard disk rapidly & crash your computer. Frown If you have enough hard disk space you are saved but if you don’t you could suffer a computer crash simply because of the decompression. :eek

4)  My question is why would an app developer do such a thing? Can it not be avoided? Is the developer being wicked? For certain types of apps is a decompression bomb installer unavoidable?*  I don’t know. I am hoping you tell me. Confused

5)  I ask this because this is what Avast log report used to say – “Cannot or will not scan because this file is a decompression bomb”. Now Avast has become more shrewd, so it just says “This file is a decompression bomb”. That leaves me guessing as to whether Avast has scanned or not scanned this file.  Frown

RameshSmile

February 17, 2010
10:05 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline

BTW my examples in each category are as follows. I’ve provided only one example per category. Your examples obviously may differ:-

1)  The process cannot access the file because it is being used by another process (32) –     e.g. C:Documents and Settings Local Service Local Settings Application Data Microsoft Windows UsrClass.dat [E]

2)   Archive is password protected. (42056)  –    e.g. C: Documents and Settings Ramesh Application Data GlarySoft Glary Utilities Backups 40112.8954794097RegistryFile [E] Archive is password protected. (42056). Why should a protector protect his own archive from one he protects? Frown

3)  The file pointer cannot be set on the specified device or file (132) –      e.g. E:Software DumpGiveaway – Icepine Video Converter Pro 2.0 IcepineVideoConvPro.zip Setup.exe Inno0012.bin MPEG2AVSEQ01.MPG [E].  I trust CleanMem more than I trust this app. But this needn’t have happened. Was it coded to happen because being a giveaway the developer did not want it to continue being used indefinitely. Could be.

4)  CAB archive is corrupted. (42127) –        e.g. C: System Volume Information_restore {756E0D7E-6F4A-4E54-96C8-0B613E8837E5} RP580A0307295.exe_sfx_0006._pmsrdp.inf [E] CAB archive is corrupted. (42127).  I think this is a system restore point which has timed out & got deleted because of time out. In the true sense it is “inactivateable” rather than “corrupted”. No point losing sleep over it.

5) Installer archive is corrupted. (42146) –       e.g. E: Software DumpCleanmem 1.4.2 RadioSure-2.0.886-setup.exe.dap $INSTDIR RadioSure.png [E] Installer archive is corrupted. (42146)    – I trust this app therefore I’ve not lost sleep over it. But guys this needn’t or shouldn’t have happened because it was a freeware & not a giveaway  :confused

6)  ZIP archive is corrupted. (42125)          - e.g. E: Software DumpCleanmem 1.4.2cs_manager.zip.dap CS_Manager.exe [E] ZIP archive is corrupted. (42125) – I trust this app therefore I’ve not lost sleep over it. But guys this needn’t or shouldn’t have happened since CleanMem is freeware & not a giveaway. BTW the app is great in performance & behaviour. I can get its installer anytime so I am not losing any sleep over it.

7) The file is a decompression bomb. (42110) –    e.g. E:Software Dump Easeus Todo Backup  1.0TdbSetup.exe {app} bin image. isobootinitrd.imginitrd.img [E] The file is a decompression bomb. (42110)   – I had installed only a free version & not a giveaway version. I used the free version once. It worked well. After use I felt it prudent to uninstall the free version but keep its installer handy so that I could re-install it if required. With some apps & certain genres of software I choose to do that.  J

 

It is definitely useful to read your antivirus scan report.

 

Ramesh  Smile

February 17, 2010
10:59 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
5
0

I'll rewrite these posts because while the column is “widthing” properly it is not not “wrapping text” properly. Therefore please bear with me.

Avast 4.8 antivirus certified my system to be clean after I did a thorough scan with it.

I write this thread for 2 reasons:-

1) An antivirus scan report categorizes scan results into a few categories. Useful to understand those categories.

2) Within each category it names the apps. Useful to know which apps they are because to be forewarned is to be forearmed.

By inference things may not be hunky dory just because your virus scan gave you  a clean chit. The categories tell you why! 

I thought scheduling this forum thread after the recent main blog thread  – “on good antivirus freewares” could provide some synergies. It would be useful if others could share the picture as far as Avira & AVG if / when they reply to this post. That way you’d not only choose your antivirus wisely but after having done so would also understand its scan results even better

I read & save some antivirus scan logs because they can provide useful early warning signals.

RameshSmile

February 17, 2010
11:01 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
6
0

I'll stop trying for the present since text is getting cut off

Ramesh

February 17, 2010
11:42 AM
Ashraf
Mr. Boss
Forum Posts: 1800
Member Since:
October 22, 2008
Offline
7
0

Ramesh Kumar said:

I'll stop trying for the present since text is getting cut off

Ramesh


Page width has been fixed =).

February 17, 2010
12:01 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
8
0

Thanks Ashraf. Indeed the problem is solved so there is no need for me to rewrite. I wrote this long sentence just to reconfirm yet again – yes text is now wrapping well.

RameshSmile

February 17, 2010
12:57 PM
Ashraf
Mr. Boss
Forum Posts: 1800
Member Since:
October 22, 2008
Offline
9
0

Ramesh Kumar said:

Thanks Ashraf. Indeed the problem is solved so there is no need for me to rewrite. I wrote this long sentence just to reconfirm yet again – yes text is now wrapping well.

RameshSmile


For future reference, just be sure to puts spaces between really long words/URLs/etc. – that is what caused the problem here.

February 17, 2010
3:11 PM
sean
Young One
Forum Posts: 196
Member Since:
February 7, 2010
Offline
10
0

Thanks for that ramesh, I hadn’t heard of a de-compression file, but I love the analogy that you gave. That said, i’ve got 400GB free, so it shouldn’t be a problem.

De-compression bombs, are they multiple compressions of the same format (ie. a .zipped.zip) or of different formats (ie a .rar of a .zip?)

I’m at school atm, but when I get home i’ll do a scan with avria and post the resaults for you.

February 18, 2010
9:59 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
11
0

Hi Sean! Smile I cannot possibly explain it better than this – http://en.wikipedia.org/wiki/Zip_bomb. This quote is from the html & is therefore within quotation marks.

“A zip bomb, also known as a Zip of Death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, so that a more traditional virus sent afterwards could get through undetected.

Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.

A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.

The technique has been used on dialup bulletin board systems at least as long as compressing data archive programs have been around.[citation needed]

Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.

One example of a Zip bomb was the file “42.zip” which was 42 kilobytes of compressed data, containing six layers of nested zip files in sets of 16, each bottom layer archive containing a 4.2 gigabyte file for a total of 4.5 petabytes of uncompressed data. This file is still available for download on various websites across the internet.”

My app from Easeus is a decompression bomb. So I only install it when I need to use it. I might be stupid because when I downloaded that app it said that it is from Korea. I am not sure North or South. That point only worsened matters for me.Surprised

However, since this post is already long – read the immediately following post as well before jumping to any conclusion

Ramesh

February 18, 2010
10:10 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
12
0

That is why I am again asking someone knowledgeable to answer these questions for me:-Smile

1)Why would an app developer develop an exe which is a decompression bomb? Surprised

2)Can the developer avoid developing an installer exe which is not a decompression bomb?Confused

3)Is the developer actually being wicked? Surprised

4)For certain types of apps is a decompression bomb installer unavoidable? Smile

Answering these 4 questions could tell us if my fears are justified or unwarranted.Smile

Ramesh

/ Sean:- I have IZArc, QuickZip, AlZip & PowerZip. I understood your question as to whether compounded zipping means only e.g. PowerZip on Powerzip on powerzip or if it means PowerZip on QuickZip on IZArc. I could neither find the answer anywhere nor answer this myself.

I hope our forum readers can help both of us find the answerSmile

February 18, 2010
10:15 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
13
0

Guys when you P2P in torrent (not so much an issue if you use Ares Galaxy as a client – I do) many seeders & leechers in the P2P swarm send you zipped files rather than non-zipped files.

This technique is used by some of the swarm members because they want to improve share ratio which they cannot do if zips are not used. (Veracity can be proven)

Friends just be extra careful when you leech a zip

LOL

RameshSmile

February 19, 2010
2:32 PM
Pwnana
Geek
Forum Posts: 238
Member Since:
November 15, 2009
Offline
14
0

A compression bomb is just like a virus, it only has malicious intentions. SO:

1) Because they want to hurt you :frown: Developers don’t make them, hackers do.

2)If its a real developer then they wont make compression bombs. As you can see from that article, you have to actually TRY really hard to make a compression bomb. If your Easeus installation was a bomb then it wasn’t the real file, it was a hacker.

3)Again, yes :frown:

4)Compression bombs don’t install apps, so if the “installer” is a bomb, then its obviously not the real installer. So a decompression bomb is always avoidable.

@Sean

Probably a combination. You can only compress zip files with more zips to a certain point, at which time you would switch to a tar or rar compression to compress in a different way. Or as I understand it from the post, they took the 4.5 petabytes and split it into 16 zip files. Then the split THAT zip into 16 pieces and nested them into another zip file. Then they kept doing that until the 4,947,802,324,992 KB had become only 42 KB. 4.5 petabytes is a little bigger than 400GB:oops:…

You got Pwnd
February 19, 2010
7:40 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
15
0

@Pwnana – *Wow & Thanks several times over!*  Smile Both for answering queries  about “decompression bomb” & this “zip on zip” issue.

Friends when you use your antivirus next just read its scan report regarding Easeus applications.

If it says decompression bomb then you'd know (like Pwnana says) that the exe is infected. It might have been hacked into by a hacker – perhaps even by a jealous competitor.

Thanks Pwnana

RameshSmile

February 19, 2010
7:48 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
16
0

Sorry, I forgot to add.

My decompression bomb not only installs the app but is a bomb as well Cry. I had downloaded it from cnet. The tragedy is I used the app successfully but it is still a bomb. Btw that's why I uninstalled the app & reinstall it only when I need it. I therefore wish Easeus had the knack to “bomb proof” his exe or at least improve his vigilance level on cnet & other sites just so no hacker shafts him (I meant Easeus, not Cnet).

Thanks Pwnana

RameshSmile

February 20, 2010
5:08 AM
karen
Washington, DC Metro Area
dotTechie
Forum Posts: 878
Member Since:
November 1, 2009
Offline
17
0

If you downloaded it from cnet, then maybe you should try emailing their tech support because cnet is supposed to be a clean site. As far as I know, they scan all the software that they post.

February 20, 2010
6:46 PM
Pwnana
Geek
Forum Posts: 238
Member Since:
November 15, 2009
Offline
18
0

Wait, so it installs the program, but it’s also a bomb? If it was a bomb then when you installed the program your computer should have slowed to a halt and then BSOD’d, or some other crashery. Therefore’ I think that this was a false positive on Avast’s part, in which case you should contact Avast. Or try downloading the same installer from the official site and see if Avast still reports a bomb. If so then contact CNET.

A bomb is just what it sounds like: as soon as you try to extract it it “explodes” (sometimes fast sometimes slowly) and causes a crash, either to a certain program or the whole system, so if installing the application once caused no ill effects, then it is not a bomb and is safe to keep installed.

Avast may have reported it as a bomb because it may be highly compressed. How much bigger is the installation than the installer?

You got Pwnd
February 20, 2010
11:26 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
19
0

Hi Karen & Pwnana! Smile Wow you guys rock. Thanks!

Karen – I must confess to my stupidity. It hadn't struck me to inform Cnet. Right after I read your suggestion I rushed to Cnet but they had already moved this app to version 1.1 (I have version 1.0). I tried to find their tech support but as far as I could see they only have user comments. Feeling that a belated gripe about version 1.0 might even give a wrong impression that my gripe has an axe to grind (i.e. they might think I am a competitor) I came away………….for the moment

Pwnana – Bulleye! It might well be a false positive. I'll inform Avast since such feedback may help Avast & through Avast indirectly help others too.

I am unable to answer the excellent pointer you gave – *Examine file size difference between the installer & the installation* Wow! Unfortunately I feel queasy checking it for now in case it has a payload within its coding & the payload is “explode now”. Just because it did not explode earlier does not mean that it won't explode now. My “escape” may just have been a matter of chance. Therefore I'll delete the 1.0 installer as well. I've already uninstalled the installation as soon as I read the scan report. I'll apply this “installer versus installed file size differential” as a matter of course from now onwards not just from version 1.1 which I'll take from Cnet but also for every app.

Besides in this case as soon as I take 1.1 I'll scan with my AV right away.

Thanks!

RameshSmile

February 20, 2010
11:29 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
20
0

Hi sean! Smile

Friend I see you are online. Smile You said in this thread you'll send the Avira scan report. Grateful if you could do so.

RameshSmile

Forum Timezone: America/Los_Angeles

Most Users Ever Online: wp_sferrorlog

Currently Online:
22 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

phoenix_rising: 899

karen: 878

Wheezer: 786

yourpalal: 647

PCbasics: 614

ebony: 548

Member Stats:

Guest Posters: 11

Members: 9777

Moderators: 0

Admins: 3

Forum Stats:

Groups: 3

Forums: 17

Topics: 2601

Posts: 16629

Newest Members: nerry, Cirric, aushbindra, Conner0pom, nyadenthanh, rajnathkumar

Administrators: Ashraf: 1799, Locutus: 1886, amnesia: 270

Comments