Kaspersky
Solved

How to restore a file quarantined by TDSKiller (windows 10) [MOVED] [Closed]

  • 28 May 2019
  • 6 replies
  • 592 views

I allowed TDSKiller to "copy to quarantine" a .sys file that was in my c:\windows\system32\drivers folder. I would like to restore that file. How do I do that? Thanks for your help.

//Mod Note: moved to proper section.
icon

Best answer by richbuff 29 May 2019, 21:14

View original

This topic has been closed for comments

6 replies

Userlevel 7
Badge +11
Hello Bobbyj82,
Welcome!
  • Assuming the .sys file that was in c:\windows\system32\drivers folder is in KIS Quarantine, please refer to: https://help.kaspersky.com/KIS/2019/en-US/70904.htm.
  • Note: the cautionary advice: "Kaspersky Internet Security does not disinfect Windows Store apps. If scanning results indicate that such an app is dangerous, it is deleted from your computer".
  • If the file detection/relocation/removal was not managed by KIS, but, managed by TDSSKiller, then whatever parameters you selected & documentation referred to, prior to running TDSSKiller, need to be referred back to.
  • The TDSSKiller report should guide you.
  • If this generic advice doesn't help, please provide a GSI - https://support.kaspersky.com/common/diagnostics/3632#block7, include Windows logs.
  • When the GSI .zip folder is ready, upload to cloud storage of your choice and post back the link please?
  • Also, the name of the file would be helpful please?
  • With the information collected by the GSI, we'll be more able to provide advice specific to your situation.
Thank you!
Userlevel 7
Badge +9
Also , please see https://forum.kaspersky.com/index.php?/topic/351703-tdsskiller-restore-files/

Select path “C:\TDSSKiller_Quarantine”
Well, I guess this was a false alarm. I went to the location cited above where TDSSKiller said the subject .sys file was originally located (in C:/windows/system32/drivers) and I found that the file was still in there. So apparently TDSSKiller was blocked from quarantine-ing the file, or else the system replaced it after it was quarantined. Anyway the problem seems to have gone away. Thanks much for your assistance.
Userlevel 7
Badge +11
Thank you for letting us know Bobbyj82, it's great to hear you've found the file and it's intact.
Best regards!
Userlevel 7
Badge +5
Also, in addition to what FLOOD indicates in the post located above this post,

"copy to quarantine" means quarantine a copy, and not delete the original.

Please do not use Tdsskiller unless you are individually guided by a knowledgeable person. 🙂
Thanks for your explanation. You are, of course, correct, I should have told TDSSKiller to delete the file if I wanted to get rid of it. There are 3 options: 1) Skip, 2) copy to quarantine, and 3) delete. I guess I assumed that "copy to quarantine" would remove the file and put it into quarantine and allow me to restore it later if I wanted to; which I think is how most security programs work that I have dealt with. But I'm very glad I (accidentally) said "copy to quarantine" instead of "delete" since I later wanted to restore the file.

Thanks for the assistance your forum has given me with this. You have been very prompt and helpful.

I'll sign out on this subject now.

By the way, you have said that this conversation has been moved to the appropriate location. Can you tell me where? I'll go there next time I want to use the program-- to get the expert guidance you have suggested.