Unable to Scan: Decompression Bomb

Running a security software scan on the computer is a little like waiting for the results of a lab test from your doctor; you never know what's going to show up, and most of the time you don't understand what the results mean. Bilirubinuria? Give it to me straight, doctor; how long do I have? Nothing to worry about? Oh okay, and by the way, thanks for the additional gray hairs.

Something similar happened with a security scan when I first got my computer. At the end of the scan, a message popped up identifying one file as "Unable To Scan". The reason was not shown, so I expanded the column header, revealing the complete file path and the ominous warning phrase Reason Unable To Scan: Decompression Bomb.

Being new to the world of computers, I went to that repository of all things known and/or guessed at, Wikipedia. Sure enough, there was an entry, identifying a decompression bomb, AKA "zip bomb" or "zip of death", as a malicious archive file with a high compression ratio which can overwhelm a system when it is opened ,and snarl anti-virus software, so smaller viruses can gain access. It was difficult not to panic.

For a better answer, I turned to the self-proclaimed geek where I work; Rob. He explained that the Wikipedia notation was a wee bit outdated; decompression bombs may or may not be malicious, and for the most part, they are not. The program itself usually works fine; but it is actually crafted in layers to compress a huge amount of information into a very small space. If the security software "unpacks" it to scan it, it often utilizes enormous amounts of time, memory, and/or disc space, and can occasionally freeze or crash the system. Hence the term "decompression bomb".

So what to do?

Rob asked for the file path, which I read off to him. Apparently, a lot of these problem files contain games and game installers, or video and media files, which of course contain a lot of information. Knowing I probably wouldn't use them, he told me to simply delete the files and uninstall the application. (If you don't already have a knowledgeable friend, manual or computer book, now would be a good time to get one.) Chances are, if your computer is new, or your security software is new, and this happens the first time you run it, it's simply a large file that doesn't need to be scanned. Some software programs seem to be more prone to flagging potential threats; a good option is always to seek out the support site/forum for your particular brand and see what they have to say about the problem. Many times, they will ask you to post the full file path and all of your system specs, so that they can have a look at the problem file and determine whether it is a threat or not.

Never delete anything if you are not sure of what it does, especially if it is on the part of your drive devoted to restoring your computer. (You'll generally get an ominous warning before your computer will allow you to do so.)

If you are not sure if you've seen this particular "unable to scan" warning before, you can always go back to any system restore DVDs you might have made when you got your computer, and scan those. If the file appears, with the same warning, then the file has probably been there all along.

One more thing; although some people will assure you that it is nothing to worry about, some of these files are indeed malicious, or spyware, or adware, including one called Win32.Lineage and Adware.WhenU_SaveNow. A good site to check these out is www.threatexpert.com

It can be very frustrating when something like this comes up, and you don't know what to do or whether you should even be worried. It is certainly one more factor to look into when choosing a brand of security software; do a little research first, and find out what sort of customer support they offer. It might just save you a few gray hairs.