Did anyone find a solution for this ?
We have a similar problem here. An infection was detected, the file was then moved to C:\Quarantine\7daXXXXXX.bup , and deleted by VSE after 1 day.
However, I need to restore this file to submit it for review to McAfee labs.
I thus changed the quarantine deletion from 1 day to 1 month, and restored the .bup file from our daily backups into C:\Quarantine\ .
However, the Quarantine Manager doesn't display the quarantined file, so I cannot restore it...
Any idea ?
Yes I did.
After some research, I am able to recover quarantined files with this procedure. Perhaps someone could write a program or script to automate this:
Howto Recover McAfee .BUP Quarantine Files:
Use 7Zip to Extract 2 files from the .BUP file called Details and File_0 (7Zip can be found here: http://www.7-zip.org/)
XOR both files by the key “0x6A” (Stupid protection) with the program called XOR.exe:
> xor.exe File_0 file_0.xor 0X6A
> xor.exe Details Details.txt 0X6A
Rename File_0.xor to Original name found in Details.txt
Be carefull with the virus!