Jump to content

Extract DBX files (Outlook Express emails) from old QQQ quarantines?


ogrgkyle

Recommended Posts

I have some old DBX files from 2006.  These are Outlook Express email folder files.  The issue is that they are stored with a .QQQ file extension.  (Example: Inbox.dbx.{51cf2dcf-d42d-43be-bc1b-ba07dab55da7}.QQQ)  Please tell me if there is a way to extract the DBX files from the QQQ files.  Thanks!

Link to comment
Share on other sites

Good day Kyle,

 

QQQ files are quarantined files by Microsoft Live OneCare.

The files are infected with potential threats. Extracting them may make your system vulnerable or compromised.

 

However if you wish to pursue this endeavor, a trip to the following Microsoft KB will shed some light and help you get them restored.

 

E-mail files are quarantined by Windows Live OneCare

 

Thanks for reaching out.

 

What are QQQ Files ?

Edited by Arakasi
Link to comment
Share on other sites

Hey, thanks for the info!  I tried installing Windows Live OneCare (now discontinued), but I received an installation error: "Network problems are preventing Windows Live OneCare Installation from continuing at this time."  All my troubleshooting has not produced a solution.  So, do you know if I can use Microsoft Security Essentials (OneCare's successor) to restore the QQQ files?

Link to comment
Share on other sites

You can possibly try the cleanup tool, and then install again.

I dont think MSE uses qqq files.

Cleanup tool - hxxp://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=828910&SiteID=2

 

Prior to using cleanup tool. Move your qqq files to a different directory and then back again after reinstalling if successful.

Link to comment
Share on other sites

  • 3 months later...

I have one manual solution to recover DBX files which you can try. You get various types of error messages when your files become inaccessible. The steps required to execute are given in this post: Extract DBX Files. I am quite unsure whether this solution will work on QQQ files too. Before trying this manual technique, create backup of your file.

 

If this above manual solution doesn't work, then you need to use recovery software. The best feature of recovery software is it scans your file and recover data from it. After recovering data, it gives you the option to save the recovered data in any email format such as EML, MSG, PST, etc. One such software is DBX Recovery v2.0 from SysInfoTools. You can download, install and run the free demo version of this software.

Link to comment
Share on other sites

  • Administrators

Perhaps we could look at the quarantined file to find out if it could be easily decrypted to the original form.

Link to comment
Share on other sites

  • 3 weeks later...

Thanks for the suggestions.

 

I've discovered that these .QQQ files are MSCF cabinet files.  If I open one in WinRAR, I see two files:

 

{3f55eda0-b5b6-4966-be7a-2aa629523779}  (or something similar)

Manifest.ini

 

Here is an example Manifest.ini file: hxxp://pastebin.com/s5hQcpMp

 

One value is "SHA1" and another is "XOR_KEY."  I wonder if I can use these values to decrypt these files.  What do you think?

Link to comment
Share on other sites

Hey, this XOR  program did the trick!!

 

hxxp://www.softpedia.com/get/Programming/Other-Programming-Files/Xor.shtml

 

At last, the solution to opening these .QQQ files:

 

1. Open a .QQQ file in WinRAR and extract both files.

2. Look in the Manifest.ini for that particular file and see what the XOR_KEY says.

3. Run xor.exe in the command prompt and extract the encrypted file: xor.exe encrypted_file_here output.dbx xor_key_here

 

Thanks for the help!

Link to comment
Share on other sites

  • 1 month later...

I have no clue, but it is a little strange that i answered the question back in January and we continue to get additional stuff posted.

 

Its all SEO. People keep finding the thread on the web and decide they want to add additional info.

 

To each his own i guess.

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Due to excessive spam, this message thread has been closed. If you need assistance on this or a related subject, please start a new message thread.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...