This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus Removal Tool: Retrieve malware for submission?

I used the Virus Removal Tool to cleanup a CryptLocker infection yesterday. I'd like to retrieve the binary so I can submit it to VirusTotal. I see a SafeClean folder for the VRT -- is there a way to retrieve the items removed? Thanks.

This thread was automatically locked due to age.

Parents

0 Steve_ over 11 years ago

Using scc.exe from the engine subfolder seems to have done the trick!
Can you use double quotes in the -bindir= option to target remote 'bins'? If not I can always tie something together with powershell in case?
Also, if modifying the config.xml file to change EnableSafeClean="yes" to EnableSafeClean="no", will that disable the encryption function but still move the detected malware to the default "quarantine" folder?
:47856
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Steve_ over 11 years ago

Using scc.exe from the engine subfolder seems to have done the trick!
Can you use double quotes in the -bindir= option to target remote 'bins'? If not I can always tie something together with powershell in case?
Also, if modifying the config.xml file to change EnableSafeClean="yes" to EnableSafeClean="no", will that disable the encryption function but still move the detected malware to the default "quarantine" folder?
:47856
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data