McAfee Support Community - restore quarantined files to alternative location - Page 2

fitzgerac · ‎03-29-2012

Regis, could you tell me exactly how you found the original file time stamps on the Details file once its extracted from the .BUP? I have extracted the 2 file from the BUP, but the time stamps on the files is still from the moment the infected file was quarantined. Is the orginal time stamp inside the text of the Details file? I have opened the BUP in McAfee FileInsight, but I can't understand the contents of the Details file (its all code to me). Can you help?

UPDATE: I was able to convert the Details file to Details.txt using the xor.exe utility, but when viewing Details.txt the CreationDay/Month/Year/Hours/Minutes= values are all the same as when the BUP was created (when the infected file was quarantined). Did you get different results?

Like you, we would find the original file time stamp to be VERY helpful in blocking potential malware sources.

Thanks!

Message was edited by: fitzgerac on 3/29/12 12:15:10 PM CDT

coopert · ‎04-14-2012

hi there...

I have wrote a nice extraction tool for your use,its gui based c# ( ull need the dot net 4 framework ).

just choose the bup file and a destination folder and the tool will extract the tow files , check the details file for the right name and extension.

and xor the malware to the new folder.

you can Download the Tool HERE .

Just unnzip and run setup.exe

enjoy.

check out my BLOG for updates on security stuff and more tools (some of the stuff is in hebrew so use google translate-).

some screenshot:

Message was edited by: coopert on 4/14/12 7:50:44 AM CDT

Re: restore quarantined files to alternative location

Re: restore quarantined files to alternative location