Regis, could you tell me exactly how you found the original file time stamps on the Details file once its extracted from the .BUP? I have extracted the 2 file from the BUP, but the time stamps on the files is still from the moment the infected file was quarantined. Is the orginal time stamp inside the text of the Details file? I have opened the BUP in McAfee FileInsight, but I can't understand the contents of the Details file (its all code to me). Can you help?
UPDATE: I was able to convert the Details file to Details.txt using the xor.exe utility, but when viewing Details.txt the CreationDay/Month/Year/Hours/Minutes= values are all the same as when the BUP was created (when the infected file was quarantined). Did you get different results?
Like you, we would find the original file time stamp to be VERY helpful in blocking potential malware sources.
Thanks!