Jump to content

How to restore a file quarantined by TDSKiller (windows 10) [MOVED] [Closed]


Go to solution Solved by richbuff,

Recommended Posts

Posted
I allowed TDSKiller to "copy to quarantine" a .sys file that was in my c:\windows\system32\drivers folder. I would like to restore that file. How do I do that? Thanks for your help. //Mod Note: moved to proper section.
Flood and Flood's wife
Posted
Hello Bobbyj82, Welcome!
  1. Assuming the .sys file that was in c:\windows\system32\drivers folder is in KIS Quarantine, please refer to: https://help.kaspersky.com/KIS/2019/en-US/70904.htm.
  2. Note: the cautionary advice: "Kaspersky Internet Security does not disinfect Windows Store apps. If scanning results indicate that such an app is dangerous, it is deleted from your computer".
  3. If the file detection/relocation/removal was not managed by KIS, but, managed by TDSSKiller, then whatever parameters you selected & documentation referred to, prior to running TDSSKiller, need to be referred back to.
  4. The TDSSKiller report should guide you.
  5. If this generic advice doesn't help, please provide a GSI - https://support.kaspersky.com/common/diagnostics/3632#block7, include Windows logs.
  6. When the GSI .zip folder is ready, upload to cloud storage of your choice and post back the link please?
  7. Also, the name of the file would be helpful please?
  8. With the information collected by the GSI, we'll be more able to provide advice specific to your situation.
Thank you!
Posted
Well, I guess this was a false alarm. I went to the location cited above where TDSSKiller said the subject .sys file was originally located (in C:/windows/system32/drivers) and I found that the file was still in there. So apparently TDSSKiller was blocked from quarantine-ing the file, or else the system replaced it after it was quarantined. Anyway the problem seems to have gone away. Thanks much for your assistance.
Flood and Flood's wife
Posted
Thank you for letting us know Bobbyj82, it's great to hear you've found the file and it's intact. Best regards!
  • Solution
Posted
Also, in addition to what FLOOD indicates in the post located above this post, "copy to quarantine" means quarantine a copy, and not delete the original. Please do not use Tdsskiller unless you are individually guided by a knowledgeable person. :)
Posted
Thanks for your explanation. You are, of course, correct, I should have told TDSSKiller to delete the file if I wanted to get rid of it. There are 3 options: 1) Skip, 2) copy to quarantine, and 3) delete. I guess I assumed that "copy to quarantine" would remove the file and put it into quarantine and allow me to restore it later if I wanted to; which I think is how most security programs work that I have dealt with. But I'm very glad I (accidentally) said "copy to quarantine" instead of "delete" since I later wanted to restore the file. Thanks for the assistance your forum has given me with this. You have been very prompt and helpful. I'll sign out on this subject now. By the way, you have said that this conversation has been moved to the appropriate location. Can you tell me where? I'll go there next time I want to use the program-- to get the expert guidance you have suggested.
Guest
This topic is now closed to further replies.


×
×
  • Create New...