Recover Quarantined/Deleted file?

Avast Free Antivirus / Premium Security
1

Hi!

I have two questions:

  • If Avast quarantined a file, then was uninstalled, is there a way to restore a quarantined file?
  • Are the quarantined files renamed, and is there a pattern, so as to have something exact to search with recovery software?

here’s what happened:
My clients have installed Avast Free version two days ago. When they started an MSAccess .mde file, Avast said it’s a potential thread, and according to them quarantined it. They panicked, and instead of calling and asking, uninstalled Avast.

Now their shortcut to the file leads to an Office configuration file, Access.pip. The worst is, their folder with the Access program is missing. Strange is, not only the front-end .mde is missing (which would not be a problem), but also the back-end .mdb with all the data. I’ve tried several recovery soft’s with no luck, though i’ve found other “normally” deleted .mdb’s.

I’d appreciate any help, no matter how small the chance is…

2

Sorry, but the answer is no, afaik.

3

If they uninstalled avast the chest also gets removed with its contents.

I don’t believe there is a way to retrieve it in this situation. As part of the protection process, the virus chest changed the original file name and encrypts the file. The only reference to the original is in the index.xml file in the same location and that would have been deleted also.

So even if you were able to retrieve index.xml with a deleted files recovery program, you could find what the renamed file is and try to recover that. Even if you were successful in recovering that file, it would be in an encrypted form and I don’t believe that you would be able to decrypt that.

Whilst I don’t work for avast, I believe the above to be an accurate representation of how avast protects the virus chest and what happens to the chest and its contents when uninstalled.

4

10x, guys. Yep, it didn’t work. :-\

5

Unfortunately I didn’t hold out much hope.

If you uninstall avast, it isn’t going to release what is in the chest back into the system where it was before.

The only real thing the user could do is to extract the contents of the chest to Temporary location (so they can’t be active) before uninstalling. The extraction decrypts the file and gives it the real file name.