cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fitzgerac
Level 7
Report Inappropriate Content
Message 11 of 12
‎03-29-2012 09:35 AM

Re: restore quarantined files to alternative location

Regis, could you tell me exactly how you found the original file time stamps on the Details file once its extracted from the .BUP? I have extracted the 2 file from the BUP, but the time stamps on the files is still from the moment the infected file was quarantined. Is the orginal time stamp inside the text of the Details file? I have opened the BUP in McAfee FileInsight, but I can't understand the contents of the Details file (its all code to me). Can you help?

UPDATE: I was able to convert the Details file to Details.txt using the xor.exe utility, but when viewing Details.txt the CreationDay/Month/Year/Hours/Minutes= values are all the same as when the BUP was created (when the infected file was quarantined). Did you get different results?

Like you, we would find the original file time stamp to be VERY helpful in blocking potential malware sources.

Thanks!

Message was edited by: fitzgerac on 3/29/12 12:15:10 PM CDT
0 Kudos
Reply
coopert
Level 7
Report Inappropriate Content
Message 12 of 12
‎04-14-2012 05:58 AM

Re: restore quarantined files to alternative location

hi there...

I have wrote a nice extraction tool for your use,its gui based c# (  ull need the dot net 4 framework ).

just choose the bup file and a destination folder and the tool will extract the tow files ,  check the details file for the right name and extension.

and xor the malware to the new folder.

you can Download the Tool  HERE .

Just unnzip and run setup.exe

enjoy.

check out my BLOG for updates on security stuff and more tools (some of the stuff is in hebrew so use google translate-).

some screenshot:

2.png

Message was edited by: coopert on 4/14/12 7:50:44 AM CDT

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC