Restore files from Kaspersky TDSSKiller quarantine

Discussion in 'other anti-malware software' started by AlexC, Jan 19, 2012.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Does anyone figured out how to recover files from TDSSKiller quarantine? I didn't.
    Last edited: Jan 19, 2012
  2. Cudni

    Cudni Global Moderator

  3. AlexC

    AlexC Registered Member

    The problem is to find out where's the quarantine... :doubt:
  4. 3x0gR13N

    3x0gR13N Registered Member

    Root of the OS partition, i.e C:\TDSSKiller_Quarantine\
  5. AlexC

    AlexC Registered Member

    Thanks! Is possible to right-click from there to recover the files? I haven't found a "Quarantine" in TDSSKiller GUI.
  6. 3x0gR13N

    3x0gR13N Registered Member

    It's been a while since I've used the Quarantine option in TDSSKiller, but AFAIK the Quarantine option doesn't remove the detected file from its original location, instead it merely copies it to the abovementioned folder (this is useful when you want to obtain malicious copies of files hidden by rootkits).
    If you want to restore the file to its original location, in all likelihood it's never been moved from its original location in the first place, if you wan't to simply collect the file for perusal (i.e upload to VT to check it etc.) it should be in the mentioned folder either in a archived format (.zip) or with a changed extension... simply move it as you would any other file.
  7. AlexC

    AlexC Registered Member

    Thanks :thumb:
  8. Maxstar

    Maxstar Registered Member


    Together with 'Security Colleagues' from we have made ​​this simple little tool -

    This tool is designed to provide the helper with an easy method of obtaining information of the quarantined files of TDSSkiller.

    For more information see the following thread by Kaspersky.

    Last edited by a moderator: Jan 20, 2012
  9. Victek

    Victek Registered Member

    Useful tool, thanks! Nice to hear that they're going to add rollback capability eventually too.
Thread Status:
Not open for further replies.