Hi everyone!
Is there a way to bypass “## files can’t be restored” or a way to manually unencrypt the files in the quarantine chest? I feel like I may be out of luck though because I didn’t change the quarantine directory maximum size before I ran the scans so I feel like it probably just deleted the files.
I just threw Avast Free Antivirus on one of my extra small laptops I use for lab/security testing purposes and didn’t add in a recent Capture The Flag storage directory when I ran an “on-boot” scan as well as a full system scan.
Looking at the index file that references the quarantined items in the chest directory (C:\ProgramData\Avast Software\Avast\chest) I see that in one of the file’s information it shows: no
Here is a snippet of the chest index file output:
00000056 2713568 00000003 1725136071 macro-docs\Advanced Potion Making for Housewives.doc C:\Users\kirkedcarter\Desktop\ctf_naehamcon_2024\downloads\macro_madness\macro-docs-2024-5-22.zip Script:SNH-gen [Drp] Vir no 1725136071 34816 Script:SNH-gen [Drp]|SNH-11677AFBB32232572FBACC-04|troj;A8d0b39a49bfcAs I think through the size of the files that could have been in this directory, I assume that these files were deleted and thus can not be restored. If anyone has any advice as I was planning on reviewing these CTF artifacts.
Thanks
- Kirk