Restore files from Kaspersky TDSSKiller quarantine

Does anyone figured out how to recover files from TDSSKiller quarantine? I didn't.

 

right click, see
http://forum.kaspersky.com/index.php?showtopic=218391

 

The problem is to find out where's the quarantine...

 

Root of the OS partition, i.e C:\TDSSKiller_Quarantine\

 

Thanks! Is possible to right-click from there to recover the files? I haven't found a "Quarantine" in TDSSKiller GUI.

 

It's been a while since I've used the Quarantine option in TDSSKiller, but AFAIK the Quarantine option doesn't remove the detected file from its original location, instead it merely copies it to the abovementioned folder (this is useful when you want to obtain malicious copies of files hidden by rootkits).
If you want to restore the file to its original location, in all likelihood it's never been moved from its original location in the first place, if you wan't to simply collect the file for perusal (i.e upload to VT to check it etc.) it should be in the mentioned folder either in a archived format (.zip) or with a changed extension... simply move it as you would any other file.

 

Thanks

 

Hi,

Together with 'Security Colleagues' from www.hijackthis.nl we have made ​​this simple little tool -http://www.malwareinfo.nl/tools/TDSSQlook.exe

This tool is designed to provide the helper with an easy method of obtaining information of the quarantined files of TDSSkiller.

For more information see the following thread by Kaspersky.
http://forum.kaspersky.com/index.php?showtopic=225489

Maxstar

 

Useful tool, thanks! Nice to hear that they're going to add rollback capability eventually too.