How to collect quarantined files using F-Secure Quarantine Dumper

header {margin:52px 0 0 0} #dropdownnavi {float:left; clear:both; margin: -2px 0 20px -12px;} header .row {width:100%} header .row:nth-child(1) {background-color:#0014a0} header .container, footer .container {max-width:1172px; margin: auto;} .top-header {height:53px;} .bottom-header {height:52px;} .Header-logo {width: 10%;float: left;} .Header-logo img {width: 105px; margin: 11px 8px 8px 16px;} .header-top-links {float: right; margin: 1px 29px 0 0;} .header-top-link, .header-bottom-item {cursor: pointer; display: inline-block; font-size: 14px; font-weight: 400; line-height: 52px; margin: 0 15px; position: relative; text-align: center; } .header-top-link, .header-bottom-item a {text-decoration:none;} .header-top-link {color: #fff; margin: 0 10px 0 12px;} .header-top-link.active {margin-right:12px} .header-top-link.active::after {width: calc(100% + 30px)!important} .header-top-link.active::after, .header-top-link:hover::after {background: #fff;} .header-bottom-link {color: #1e1e1e;} .header-bottom-item .header-bottom-link {margin:0 15px} #homeLink {margin-left:1px} .kb-lang-title {width:100%;text-align:center;font-weight:600;color:black; margin:0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #signin {margin-top:5px} #signin a {text-decoration: none; color:#1e1e1e; } .signin-icon {float: left; height: 20px; padding: 0 5px 20px 0;} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} #profiledropdown:hover {cursor:pointer; background-color:#0014a0} #profilename #profileicon {background: #dfdfdf; border-radius: 25px; width: 28px; height: 28px;} #profile-menu ul {list-style: none; padding-left:0} #profile-menu ul li {padding:10px 0 10px 20px;font-size: 15px;} #profile-menu ul li:hover, #articleslink p:hover, #dashboardlink p:hover {cursor:pointer; background-color:#efefef;} #profile-menu ul li a {text-decoration:none; color:#1e1e1e} #profile-menu hr {border:1px solid #efefef} #articleslink hr, #dashboardlink hr {margin:0} #articleslink .title {padding: 0;text-align: center; font-weight: 600;} #articleslink p, #dashboardlink p {padding:10px 0 10px 20px;} #articleslink p a, #dashboardlink p a {text-decoration: none; color:#1e1e1e;} #articleslink .draftslink:hover, #dashboardlink p:hover {padding: 10px 0 10px 20px;} .header-coveosearch {position: relative; margin-top: -53px;} .header-search {display:inline-block;padding:15px 0 0 0;} .searchboxtoggle {color:white;} .header-searchcontainer {float: right; margin:0 18px 0 0; height:52px} .search-icon {color:white;} .expand {display:inline-block;} .collapse {display:none;} .searchboxtoggle .opensearch-icon, .searchboxtoggle .closesearch-icon {cursor:pointer;height:26px; width:26px; vertical-align: middle; filter:invert(1)} .header-searchbox {height:52px;} #kbsearch {display:block;margin: 0 0 0 auto; height:53px; box-sizing: border-box; border: 1px solid white; font-size: 14px; padding: 14px 0 10px 15px;} header-searchbox.active, #kbsearch:focus {width: 100%; transition: 1s ease-in-out;} .Footer {background:#f6f6f6;color:#555a62;font-size:16px;line-height:1.5;padding:18px 0; border-top:1px solid #c4c4c4} .Footer .footer-logo-wrap .footer-logo {height: auto; max-height: 32px; width: auto; margin-top:20px} .Footer .col {padding:0 0 0 15px;width: 20%; font-size: 13px; display: table-cell; vertical-align: top;} .Footer .footer-links-wrap {padding-bottom: 15px; border-bottom: 1px solid #c4c4c4;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-right:1px solid #c4c4c4} .Footer .col ul {list-style: none;} .Footer .col:nth-child(2) ul {padding: 0;} .Footer .col ul li a {color: #1e1e1e; text-decoration: none;} .footer-link-title {text-transform: uppercase; color: #1e1e1e;} .footer-link-subtitle {font-size:14px; color: #1e1e1e; max-width:95%} .footer-icon {float: left; height: 30px; padding: 0 10px 60px 0;} .col-copyRight a, .social-icons-wrap a {display:inline-block; padding:5px 0; text-decoration: none; color: #1e1e1e; } .social-icons-wrap {float:right} .Footer a:hover, .Footer .col ul li a:hover {color:#0014a0} footer.Footer .row.bottom-row {padding-top:5px} footer.Footer .row.bottom-row .col.col-copyRight * {font-weight:400} social-link:hover {cursor:pointer} social-link:hover svg {fill:#0014a0} #signin .header-bottom-item.header-bottom-link {display:inline-block; margin-top: -16px;} #signin a:hover {color:#0014a0} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link, footer.Footer .row.bottom-row .col.col-copyRight, footer.Footer .row.bottom-row .col.col-copyRight * {color: #9e9e9e;} footer a:hover {color:#0014a0!important} @media screen and (max-width:991px){ header {margin:0} header .row:nth-child(1) {height:64px} .Header-logo img {margin: 17px 8px 8px 16px;} .Hamburger-border {position: absolute; right: 60px; border-left: 1px solid #fff; height: 64px; width: 50px; top: 0; z-index: 20; border-right: 1px solid white; padding-right: 10px;} .Hamburger {display:block;position: absolute; top: 8px; left: calc(100% - 52px); z-index: 20;-webkit-box-align: center; -webkit-box-pack: center;-webkit-user-select: none; align-items: center; background: transparent; border: none; border-radius: 0;cursor: pointer;justify-content: center; outline: none;transition: .35s;} .Hamburger-menuXcross {height: 25px; padding: 0; width: 26px;} .Hamburger-menuLines {-o-transition: .35s;-webkit-transition: .35s; background-color: #fff; border-radius: 2px; display: inline-block; height: 2px; position: relative; transition: .35s; width: 26px;} .Hamburger-menuLines::before {top: 6px; } .Hamburger-menuLines::after {top: -6px;} .Hamburger-menuLines::after, .Hamburger-menuLines::before {-ms-transform-origin: 5.5px center;-o-transition: .35s;-webkit-transform-origin: 5.5px center;-webkit-transition: .35s;background-color: #fff;border-radius: 2px; content: ""; display: inline-block; height: 2px;left: 0;position: absolute;transform-origin: 5.5px center;transition: .35s;width: 26px;} .sr-only {position: absolute !important;width: 1px !important;height: 1px !important;padding: 0 !important;margin: -1px !important;overflow: hidden !important;clip: rect(0,0,0,0) !important;border: 0 !important;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-webkit-transform: rotate(45deg); transform: rotate(45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after {-webkit-transform: rotate(-45deg);transform: rotate(-45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after, .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-ms-transform-origin: 50% 50%;-webkit-transform-origin: 50% 50%;background-color: hsla(0,0%,100%,.6); left: 0;top: 0;transform-origin: 50% 50%;width: 26px;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines {background: transparent;} .isToggled .Hamburger-menuLines {-webkit-transform: scaleX(1);transform: scaleX(1);} #signin {text-align:center; margin: auto; color:white} #signin a {text-decoration: none; color:white;} .header-top-links, .bottom-header {display: none} .header-coveosearch {margin-top:0} .header-searchcontainer {color: white; text-align: right; margin: 8px 18px 0 0;} .header-search { padding: 11px 0 0 0; width: 60px; margin: auto; display: block; position: absolute; right: 17px; top: 8px;} .searchboxtoggle {color:white} .header-searchbox {position: absolute; right: 60px; top: 0; width: 300px;} #kbsearch {height:66px} .banner-middleContainer_f1l0wf96 {box-shadow: inset 0 10px 10px -10px #000;} #homeLink, #helpForumsLink, #FaqsLink, #userguidesLink, #supportLink, .header-right {width:100%; text-align: left; margin: 0; } #userguidesLink, #supportLink {border-top: 1px solid #dfdfdf;} #helpForumsLink, #FaqsLink {margin: 0 0 10px 25px;} .top-header-link {text-transform: uppercase; font-weight:700; color:#1e1e1e; font-size:14px; padding:15px 15px; line-height: 2em;} #dropdownnavi .top-header-link {margin: 3px 0 0 10px;} .header-bottom-link::after {background:none;} .header-bottom-item .header-bottom-link {margin:0 10px} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding:0 0 0 40px} .kb-lang-title {text-align:left;} #menu-dropdown {margin-top: -20px;} #kb-menu-dropdown .depth-2-list.open {padding-left:30px} .depth-1-list a, .depth-2-list a, .depth-3-list a {color:#1e1e1e} .smdropdown-alt {line-height: 0; margin:0 padding: 0 0 10px 0;} .smdropdown-link {color:#acacac!important; font-style: italic;} .depth-1-list, .depth-2-list, .depth-3-list {display: none; margin: -20px 0 20px 0; padding: 0 0 0 15px;} .header-right {float: right;padding: 8px 0; height: 30px; border-radius: 0; box-shadow: 0 3px 5px #1e1e1e; background:#0014a0; text-align: right;} #profiledropdown {width: 30px; float: right; margin-right: 40px} #profiledropdown:hover {background: none} #profiledropdown:hover #profile-menu {display: none} #profileicon {margin-top:2px} #profile-menu {display: none; position: absolute; left: 5%; background: white; width: 90%; text-align: left; z-index: 400; border: 1px solid #dfdfdf; border-radius: 3px; box-shadow: 0 5px 5px #dedede;} .open {display: block;} .Footer .col {display: block; width:90%; padding: 0 20px 15px 20px} .Footer .col.col-copyRight, .Footer .col.col-social {width:90%} footer .container {width:95%} .col.footer-logo-wrap {text-align: center;} .col-copyRight a, .social-icons-wrap a {padding: 10px 0 0 0;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-bottom:1px solid #c4c4c4; border-right:none} a.dropdown-1-title, a.dropdown-2-title, a.dropdown-3-title {color: #8a8a8a; font-style: italic;} .signin-icon {display: none;} #signin .header-bottom-item.header-bottom-link {margin-top: -10px;} } @media screen and (min-width:992px){ .Hamburger, .dropdownnavi .top-header-link, #userguidesLink, #supportLink, .smdropdown-alt {display: none;} .bottom-header {display: block;} .header-top-link::after {background: #fff;} header .row:nth-child(2) {background-color:white; box-shadow: 0 3px 5px rgba(0,0,0,0.1);} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding-left: 0; box-shadow: 0 4px 4px rgba(0,0,0,.1);} .depth-1-item, .depth-2-item, .depth-3-item {padding-left:15px; border-bottom:1px solid #dfdfdf; position: relative;} .depth-1-item a, .depth-2-item a, .depth-3-item a {color: #1e1e1e;} .header-bottom-link::after {background: #0014a0;} .header-top-link.active::after, .header-top-link:hover::after, .header-bottom-link.active::after, .header-bottom-link:hover::after {bottom: 0; content: ""; display: block; height: 5px; left: -15px; margin: auto; position: absolute; width: calc(100% + 35px);} .header-bottom-link.smdropdown:hover, .header-bottom-link.smdropdown.active {color:#0014a0} .header-searchbox {position:absolute;top:0;right:60px; margin:0; z-index: 200; } .header-searchbox.active {width:500px;transition: 1s ease-in-out;} #kbsearch {width:350px;} #menu-dropdown, #kb-menu-dropdown {position: absolute; z-index: 100; background: white; text-align: left; margin: 1px 0 0 -15px;} #menu-dropdown, #kb-menu-dropdown .depth-1-list {width:280px} #kb-menu-dropdown .depth-2-list {width:350px!important} #profile-menu {position: absolute; z-index: 100; background: white; width: 350px; text-align: left; width:260px; margin: 0 0 0 -230px; border: 1px solid #c4c4c4; border-radius: 5px; box-shadow: 0 4px 4px rgba(0,0,0,.1);} #menu-dropdown, #menu-dropdown .depth-2-list, #menu-dropdown .depth-3-list, #kb-menu-dropdown, #kb-menu-dropdown .depth-2-list, #profile-menu {display:none;} #helpForumsLink:hover #menu-dropdown, #FaqsLink:hover #kb-menu-dropdown, #profiledropdown:hover #profile-menu {display: block;} #menu-dropdown .depth-1-item:hover .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list, #kb-menu-dropdown .depth-1-item:hover .depth-2-list { display: block; left: calc(100%); background: #fff; border: 1px solid #c4c4c4; position: absolute; top: 0; width: 100%;} #kb-menu-dropdown .depth-1-url {margin:0} #menu-dropdown .depth-1-item:nth-child(3) .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list {top:-1px} .depth-1-item:hover, .depth-2-item:hover, .depth-3-item:hover {pointer:cursor;background-color:#f8f8f8} #helpForumsLink .depth-1-item:hover .depth-1-url, .depth-2-item:hover .depth-2-url, .depth-3-item:hover .depth-3-url, #kb-menu-dropdown .depth-2-item:hover .depth-3-url {color:#0014a0} #FaqsLink .depth-1-item:hover, #FaqsLink .depth-1-item:hover .depth-1-url {cursor:default} .header-right {float: right; margin: 8px 15px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} #dropdownnavi {margin: -1px 0 0 -13px;} #dropdownnavi .top-header-link, .dropdown-1-title, .dropdown-2-title, .dropdown-3-title {display:none} .header-bottom-link.smdropdown {line-height:53px} #signin {display:flex; margin: 1px -12px 0 0} #signin .header-bottom-item.header-bottom-link {margin-top:-14px; height:54px} #signin span {margin-top: 3px;} .signin-icon {padding: 4px 0 20px 0;} .header-bottom-link.smdropdown:before {content:url("data:image/svg+xml;utf8,<svg version='1.1' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='26px' height='18px' xml:space='preserve'><g><path fill='none' stroke='%23010101' stroke-width='2' stroke-linecap='round' stroke-linejoin='round' stroke-miterlimit='10' d='M13.014,14'/></g><g><path fill='%23010101' d='M13,16c-0.256,0-0.512-0.098-0.707-0.293l-3-3c-0.391-0.391-0.391-1.023,0-1.414s1.023-0.391,1.414,0L13,13.586l2.293-2.293c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414l-3,3C13.512,15.902,13.256,16,13,16z'/> </g> </svg>")!important;float: right;} #helpForumsLink:hover .header-bottom-link.smdropdown::before, #FaqsLink:hover .header-bottom-link.smdropdown::before, .header-bottom-link.smdropdown:hover::before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M16,16c-0.256,0-0.512-0.098-0.707-0.293L13,13.414l-2.293,2.293c-0.391,0.391-1.023,0.391-1.414,0s-0.391-1.023,0-1.414l3-3c0.391-0.391,1.023-0.391,1.414,0l3,3c0.391,0.391,0.391,1.023,0,1.414C16.512,15.902,16.256,16,16,16z'/></svg>")!important;} .depth-1-item:before, #helpForumsLink .depth-2-item:before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M12,17c-0.256,0-0.512-0.098-0.707-0.293c-0.391-0.391-0.391-1.023,0-1.414L13.586,13l-2.293-2.293c-0.391-0.391-0.391-1.023,0-1.414s1.023-0.391,1.414,0l3,3c0.391,0.391,0.391,1.023,0,1.414l-3,3C12.512,16.902,12.256,17,12,17z'/></svg>");float:right;} .depth-1-item:hover::before, #helpForumsLink .depth-2-item:hover::before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M14,17c-0.256,0-0.512-0.098-0.707-0.293l-3-3c-0.391-0.391-0.391-1.023,0-1.414l3-3c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414L12.414,13l2.293,2.293c0.391,0.391,0.391,1.023,0,1.414C14.512,16.902,14.256,17,14,17z'/></svg>")!important;} }

How to collect quarantined files using F-Secure Quarantine Dumper - F-Secure Community

Issue:

How to collect the quarantined files on an affected Windows machine using F-Secure Quarantine Dumper, and then submit the files for analysis.

Resolution:

Collect quarantined files using F-Secure Quarantine Dumper by following the instructions below:

Click on this link to download F-Secure Quarantine Dumper to a location of your choice, for example, c:\temp.
Launch Command Prompt (CMD).
Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder.
Type fsdumpqrt.exe -d c:\temp\ to run the tool.
Enter your administrator credentials when prompted. F-Secure license terms are now shown.
Scroll all the way to the end of the license terms before you can accept them.
Press E on your keyboard to accept the license terms.
Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1.

These are the parameters that can be used in the tool:

-d, --destination: Destination directory for output (default: current admin desktop)
-p, --password: Password for output (default: "infected")
-v, --verbose: Verbose output
-a, --accept-eula: Accept EULA
-s, --silent: Silent mode
-l, --list: Only list contents, nothing is written to disk

Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.

Article no: 000002484