Discussion in 'other anti-malware software' started by AlexC, Jan 19, 2012.
Does anyone figured out how to recover files from TDSSKiller quarantine? I didn't.
right click, see
The problem is to find out where's the quarantine...
Root of the OS partition, i.e C:\TDSSKiller_Quarantine\
Thanks! Is possible to right-click from there to recover the files? I haven't found a "Quarantine" in TDSSKiller GUI.
It's been a while since I've used the Quarantine option in TDSSKiller, but AFAIK the Quarantine option doesn't remove the detected file from its original location, instead it merely copies it to the abovementioned folder (this is useful when you want to obtain malicious copies of files hidden by rootkits).
If you want to restore the file to its original location, in all likelihood it's never been moved from its original location in the first place, if you wan't to simply collect the file for perusal (i.e upload to VT to check it etc.) it should be in the mentioned folder either in a archived format (.zip) or with a changed extension... simply move it as you would any other file.
Together with 'Security Colleagues' from www.hijackthis.nl we have made this simple little tool -http://www.malwareinfo.nl/tools/TDSSQlook.exe
This tool is designed to provide the helper with an easy method of obtaining information of the quarantined files of TDSSkiller.
For more information see the following thread by Kaspersky.
Useful tool, thanks! Nice to hear that they're going to add rollback capability eventually too.