Skip navigation.
Home

restore kaspersky backup file

|

Is there any way to "unpack" a Kaspersky backup file .klq? I'm looking for something like Symantec's qextract.exe to obtain samples, without restoring the file to the original computer. Thanks.

Unencrypting Kaspersky KLQ's - tough, but not impossible

Kaspersky encrypts all the files in the quarantine and the backup folders, in an effort to stop unintentional spreading of these virus files. The filename and length is part of the key to unlock the file, it contains the record of where the file came from, and the type of file it is. There could be additional strings that make up the internal encryption wrapper of the actual file.

If the file gets deleted automatically, and you use FileRecovery PRO to recover the files, expect to see crashes when trying to recover the lost data. Just bear with it. Make sure that it has the KLQB header string in the right place, at least.

Use an external hard drive to keep all the virus files you collect.

You will HAVE to extract the files ONE by ONE.

Just make sure you give yourself LOTS of time to do this by turning off the "Remove files from Backup and Quarantine older than..." setting.

Go through the list and take care of duplicates, first, then the larger files. Save the smallest copy of each virus or malware bit. Make sure it is an original copy that has not been previously infected with another virus. Pack the files into individual archives to protect from unintentional spreading. Burn DVDs whenever you can (you will need to turn off the antivirus for this - I use a BartPE boot disk - and clean up as you go along. And lastly, SHARE your archives! There is a massive archive that's out there, one at vx.netlux.org, but it's pretty old now, it needs updates! Check your copies against the list and upload if it's not there. Too many new ones being destroyed automatically! I keep my antivirus on "standby" mode nowadays. When I suspect malicious activity, I run it.