Categories
Tech UOIT

[HOW-TO] Restoring Improperly Quarantined Files By F-Secure

NOTE: Use this information at your own risk! Not all the steps here will necessarily restore files/folders deemed as viruses by F-Secure. I do not offer any additional support, and take no responsibility whatsoever if you actually unleash a real virus on your machine! Contact F-Secure directly if you require additional support.

UOIT uses F-Secure for our antivirus protection. While it gets the job done, sometimes we get really bloody annoyed by it. For instance, older installations were huge resource hogs which required us to run “net stop fsma” to kill the process!

Last night at my lab, F-Secure incorrectly detected my USB drive containing numerous viruses and subsequently “removed” 4-5 folders. When F-Secure does this (at least for folders), it creates a file in the 0xe format, which is F-Secure’s quarantine format (is this even the correct term? 😛 ). These files are named like DeletedFolder.0xe. On first glance, especially if you don’t have “Show Hidden” enabled, you’ll get a little emo about losing whatever you have lost. In fact, I have just mentioned the fix! It appeared that F-Secure simply hid my folders, while locking them  out and creating a flag for the specific folders on my drive. For example, the folder Kaela Kimura would be hidden and a KaelaKimura.0xe file would be created on the root of my drive.

Now, I know that folder doesn’t have any viruses…because it only contains audio files! So here’s an easy (and somewhat obvious) fix on how I restored the folder (and the files) on Windows 7:

  1. Edit your folder view settings to see hidden files/folders!
    • While looking at root in your drive, click Organize > Folder and Search Options
    • Click the View tab, and under “Hidden files and folders” click Show
  2. Un-hide affected folders/files!
    • Select all the folders you want to restore
    • Right-click on any of them and go to Properties
    • Uncheck the Hidden box and click OK
  3. Delete the 0xe files

If you run into a permissions issue where you can’t delete the 0xe files or un-hide the affected folders, run the net stop fsma command in Command Prompt. This will disable F-Secure; remember to re-enable F-Secure with net start fsma though!