Author Topic: Recover Quarantined/Deleted file?  (Read 3201 times)

0 Members and 1 Guest are viewing this topic.

Offline Weingro

  • Newbie
  • *
  • Posts: 2
Recover Quarantined/Deleted file?
« on: December 12, 2011, 12:29:08 PM »
Hi!

I have two questions:
- If Avast quarantined a file, then was uninstalled, is there a way to restore a quarantined file?
- Are the quarantined files renamed, and is there a pattern, so as to have something exact to search with recovery software?

here's what happened:
My clients have installed Avast Free version two days ago. When they started an MSAccess .mde file, Avast said it's a potential thread, and according to them quarantined it. They panicked, and instead of calling and asking, uninstalled Avast.

Now their shortcut to the file leads to an Office configuration file, Access.pip. The worst is, their folder with the Access program is missing. Strange is, not only the front-end .mde is missing (which would not be a problem), but also the back-end .mdb with all the data. I've tried several recovery soft's with no luck, though i've found other "normally" deleted .mdb's.

I'd appreciate any help, no matter how small the chance is...

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32068
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Recover Quarantined/Deleted file?
« Reply #1 on: December 12, 2011, 01:31:33 PM »
If Avast quarantined a file, then was uninstalled, is there a way to restore a quarantined file?

Sorry, but the answer is no, afaik.
XP SP3 - Avast 10.3.2220.R3.B2 - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.7 [NS/ABP/EHH/BP/SVC] - Thunderbird 38.0.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72053
  • No support PMs thanks
Re: Recover Quarantined/Deleted file?
« Reply #2 on: December 12, 2011, 01:51:57 PM »
If they uninstalled avast the chest also gets removed with its contents.

I don't believe there is a way to retrieve it in this situation. As part of the protection process, the virus chest changed the original file name and encrypts the file. The only reference to the original is in the index.xml file in the same location and that would have been deleted also.

So even if you were able to retrieve index.xml with a deleted files recovery program, you could find what the renamed file is and try to recover that. Even if you were successful in recovering that file, it would be in an encrypted form and I don't believe that you would be able to decrypt that.

Whilst I don't work for avast, I believe the above to be an accurate representation of how avast protects the virus chest and what happens to the chest and its contents when uninstalled.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.3.2220 R3-beta2 ?/ Outpost Firewall Pro9.1/ Firefox 38.0.5, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Weingro

  • Newbie
  • *
  • Posts: 2
Re: Recover Quarantined/Deleted file?
« Reply #3 on: December 15, 2011, 03:22:35 AM »
10x, guys. Yep, it didn't work.  :-\

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72053
  • No support PMs thanks
Re: Recover Quarantined/Deleted file?
« Reply #4 on: December 15, 2011, 11:55:13 AM »
Unfortunately I didn't hold out much hope.

If you uninstall avast, it isn't going to release what is in the chest back into the system where it was before.

The only real thing the user could do is to extract the contents of the chest to Temporary location (so they can't be active) before uninstalling. The extraction decrypts the file and gives it the real file name.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.3.2220 R3-beta2 ?/ Outpost Firewall Pro9.1/ Firefox 38.0.5, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security