Restore files from Kaspersky TDSSKiller quarantine

Discussion in 'other anti-malware software' started by AlexC, Jan 19, 2012.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Does anyone figured out how to recover files from TDSSKiller quarantine? I didn't.
     
    Last edited: Jan 19, 2012
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
  3. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    The problem is to find out where's the quarantine... :doubt:
     
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    852
    Root of the OS partition, i.e C:\TDSSKiller_Quarantine\
     
  5. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Thanks! Is possible to right-click from there to recover the files? I haven't found a "Quarantine" in TDSSKiller GUI.
     
  6. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    852
    It's been a while since I've used the Quarantine option in TDSSKiller, but AFAIK the Quarantine option doesn't remove the detected file from its original location, instead it merely copies it to the abovementioned folder (this is useful when you want to obtain malicious copies of files hidden by rootkits).
    If you want to restore the file to its original location, in all likelihood it's never been moved from its original location in the first place, if you wan't to simply collect the file for perusal (i.e upload to VT to check it etc.) it should be in the mentioned folder either in a archived format (.zip) or with a changed extension... simply move it as you would any other file.
     
  7. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Thanks :thumb:
     
  8. Maxstar

    Maxstar Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    6
    Hi,

    Together with 'Security Colleagues' from www.hijackthis.nl we have made ​​this simple little tool -http://www.malwareinfo.nl/tools/TDSSQlook.exe

    This tool is designed to provide the helper with an easy method of obtaining information of the quarantined files of TDSSkiller.

    For more information see the following thread by Kaspersky.
    http://forum.kaspersky.com/index.php?showtopic=225489

    Maxstar
     
    Last edited by a moderator: Jan 20, 2012
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,227
    Location:
    USA
    Useful tool, thanks! Nice to hear that they're going to add rollback capability eventually too.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.