Jump to content

How to restore a file quarantined by TDSKiller (windows 10) [MOVED] [Closed]


Go to solution Solved by richbuff,

Recommended Posts

I allowed TDSKiller to "copy to quarantine" a .sys file that was in my c:\windows\system32\drivers folder. I would like to restore that file. How do I do that? Thanks for your help. //Mod Note: moved to proper section.
Link to comment
Share on other sites

Hello Bobbyj82, Welcome!
  1. Assuming the .sys file that was in c:\windows\system32\drivers folder is in KIS Quarantine, please refer to: https://help.kaspersky.com/KIS/2019/en-US/70904.htm.
  2. Note: the cautionary advice: "Kaspersky Internet Security does not disinfect Windows Store apps. If scanning results indicate that such an app is dangerous, it is deleted from your computer".
  3. If the file detection/relocation/removal was not managed by KIS, but, managed by TDSSKiller, then whatever parameters you selected & documentation referred to, prior to running TDSSKiller, need to be referred back to.
  4. The TDSSKiller report should guide you.
  5. If this generic advice doesn't help, please provide a GSI - https://support.kaspersky.com/common/diagnostics/3632#block7, include Windows logs.
  6. When the GSI .zip folder is ready, upload to cloud storage of your choice and post back the link please?
  7. Also, the name of the file would be helpful please?
  8. With the information collected by the GSI, we'll be more able to provide advice specific to your situation.
Thank you!
Link to comment
Share on other sites

Well, I guess this was a false alarm. I went to the location cited above where TDSSKiller said the subject .sys file was originally located (in C:/windows/system32/drivers) and I found that the file was still in there. So apparently TDSSKiller was blocked from quarantine-ing the file, or else the system replaced it after it was quarantined. Anyway the problem seems to have gone away. Thanks much for your assistance.
Link to comment
Share on other sites

  • Solution
Also, in addition to what FLOOD indicates in the post located above this post, "copy to quarantine" means quarantine a copy, and not delete the original. Please do not use Tdsskiller unless you are individually guided by a knowledgeable person. :)
Link to comment
Share on other sites

Thanks for your explanation. You are, of course, correct, I should have told TDSSKiller to delete the file if I wanted to get rid of it. There are 3 options: 1) Skip, 2) copy to quarantine, and 3) delete. I guess I assumed that "copy to quarantine" would remove the file and put it into quarantine and allow me to restore it later if I wanted to; which I think is how most security programs work that I have dealt with. But I'm very glad I (accidentally) said "copy to quarantine" instead of "delete" since I later wanted to restore the file. Thanks for the assistance your forum has given me with this. You have been very prompt and helpful. I'll sign out on this subject now. By the way, you have said that this conversation has been moved to the appropriate location. Can you tell me where? I'll go there next time I want to use the program-- to get the expert guidance you have suggested.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.