ETA: 7 hours

Friend I see you are online. You said in this thread you'll send the Avira scan report. Grateful if you could do so.

Ramesh

Karen - I must confess to my stupidity. It hadn't struck me to inform Cnet. Right after I read your suggestion I rushed to Cnet but they had already moved this app to version 1.1 (I have version 1.0). I tried to find their tech support but as far as I could see they only have user comments. Feeling that a belated gripe about version 1.0 might even give a wrong impression that my gripe has an axe to grind (i.e. they might think I am a competitor) I came away.............for the moment

Pwnana - Bulleye! It might well be a false positive. I'll inform Avast since such feedback may help Avast & through Avast indirectly help others too.

I am unable to answer the excellent pointer you gave - *Examine file size difference between the installer & the installation* Wow! Unfortunately I feel queasy checking it for now in case it has a payload within its coding & the payload is "explode now". Just because it did not explode earlier does not mean that it won't explode now. My "escape" may just have been a matter of chance. Therefore I'll delete the 1.0 installer as well. I've already uninstalled the installation as soon as I read the scan report. I'll apply this "installer versus installed file size differential" as a matter of course from now onwards not just from version 1.1 which I'll take from Cnet but also for every app.

Besides in this case as soon as I take 1.1 I'll scan with my AV right away.

Thanks!

Ramesh

A bomb is just what it sounds like: as soon as you try to extract it it "explodes" (sometimes fast sometimes slowly) and causes a crash, either to a certain program or the whole system, so if installing the application once caused no ill effects, then it is not a bomb and is safe to keep installed.

Avast may have reported it as a bomb because it may be highly compressed. How much bigger is the installation than the installer?

My decompression bomb not only installs the app but is a bomb as well . I had downloaded it from cnet. The tragedy is I used the app successfully but it is still a bomb. Btw that's why I uninstalled the app & reinstall it only when I need it. I therefore wish Easeus had the knack to "bomb proof" his exe or at least improve his vigilance level on cnet & other sites just so no hacker shafts him (I meant Easeus, not Cnet).

Thanks Pwnana

Ramesh

Friends when you use your antivirus next just read its scan report regarding Easeus applications.

If it says decompression bomb then you'd know (like Pwnana says) that the exe is infected. It might have been hacked into by a hacker - perhaps even by a jealous competitor.

Thanks Pwnana

Ramesh

1) Because they want to hurt you Developers don't make them, hackers do.

2)If its a real developer then they wont make compression bombs. As you can see from that article, you have to actually TRY really hard to make a compression bomb. If your Easeus installation was a bomb then it wasn't the real file, it was a hacker.

3)Again, yes

4)Compression bombs don't install apps, so if the "installer" is a bomb, then its obviously not the real installer. So a decompression bomb is always avoidable.

@Sean

Probably a combination. You can only compress zip files with more zips to a certain point, at which time you would switch to a tar or rar compression to compress in a different way. Or as I understand it from the post, they took the 4.5 petabytes and split it into 16 zip files. Then the split THAT zip into 16 pieces and nested them into another zip file. Then they kept doing that until the 4,947,802,324,992 KB had become only 42 KB. 4.5 petabytes is a little bigger than 400GB...

This technique is used by some of the swarm members because they want to improve share ratio which they cannot do if zips are not used. (Veracity can be proven)

Friends just be extra careful when you leech a zip

LOL

Ramesh

1)Why would an app developer develop an exe which is a decompression bomb?

2)Can the developer avoid developing an installer exe which is not a decompression bomb?

3)Is the developer actually being wicked?

4)For certain types of apps is a decompression bomb installer unavoidable? 

Answering these 4 questions could tell us if my fears are justified or unwarranted.

Ramesh

/ Sean:- I have IZArc, QuickZip, AlZip & PowerZip. I understood your question as to whether compounded zipping means only e.g. PowerZip on Powerzip on powerzip or if it means PowerZip on QuickZip on IZArc. I could neither find the answer anywhere nor answer this myself.

I hope our forum readers can help both of us find the answer

"A zip bomb, also known as a Zip of Death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, so that a more traditional virus sent afterwards could get through undetected.

Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.

A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.

The technique has been used on dialup bulletin board systems at least as long as compressing data archive programs have been around.^{[citation needed]}

Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.

One example of a Zip bomb was the file "42.zip" which was 42 kilobytes of compressed data, containing six layers of nested zip files in sets of 16, each bottom layer archive containing a 4.2 gigabyte file for a total of 4.5 petabytes of uncompressed data. This file is still available for download on various websites across the internet."

My app from Easeus is a decompression bomb. So I only install it when I need to use it. I might be stupid because when I downloaded that app it said that it is from Korea. I am not sure North or South. That point only worsened matters for me.

However, since this post is already long - read the immediately following post as well before jumping to any conclusion

Ramesh

De-compression bombs, are they multiple compressions of the same format (ie. a .zipped.zip) or of different formats (ie a .rar of a .zip?)

I'm at school atm, but when I get home i'll do a scan with avria and post the resaults for you.

Ramesh Kumar said:

Thanks Ashraf. Indeed the problem is solved so there is no need for me to rewrite. I wrote this long sentence just to reconfirm yet again - yes text is now wrapping well.

Ramesh

For future reference, just be sure to puts spaces between really long words/URLs/etc. - that is what caused the problem here.

Ramesh

Ramesh Kumar said:

I'll stop trying for the present since text is getting cut off

Ramesh

Page width has been fixed =).