cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
fitzgerac
fitzgerac
Level 7
Report Inappropriate Content
Message 11 of 12
‎03-29-2012 09:35 AM

Re: restore quarantined files to alternative location

Regis, could you tell me exactly how you found the original file time stamps on the Details file once its extracted from the .BUP? I have extracted the 2 file from the BUP, but the time stamps on the files is still from the moment the infected file was quarantined. Is the orginal time stamp inside the text of the Details file? I have opened the BUP in McAfee FileInsight, but I can't understand the contents of the Details file (its all code to me). Can you help?

UPDATE: I was able to convert the Details file to Details.txt using the xor.exe utility, but when viewing Details.txt the CreationDay/Month/Year/Hours/Minutes= values are all the same as when the BUP was created (when the infected file was quarantined). Did you get different results?

Like you, we would find the original file time stamp to be VERY helpful in blocking potential malware sources.

Thanks!

Message was edited by: fitzgerac on 3/29/12 12:15:10 PM CDT
0 Kudos
Reply
coopert
coopert
Level 7
Report Inappropriate Content
Message 12 of 12
‎04-14-2012 05:58 AM

Re: restore quarantined files to alternative location

hi there...

I have wrote a nice extraction tool for your use,its gui based c# (  ull need the dot net 4 framework ).

just choose the bup file and a destination folder and the tool will extract the tow files ,  check the details file for the right name and extension.

and xor the malware to the new folder.

you can Download the Tool  HERE .

Just unnzip and run setup.exe

enjoy.

check out my BLOG for updates on security stuff and more tools (some of the stuff is in hebrew so use google translate-).

some screenshot:

2.png

Message was edited by: coopert on 4/14/12 7:50:44 AM CDT

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC