ogrgkyle 1 Posted January 16, 2014 Share Posted January 16, 2014 I have some old DBX files from 2006. These are Outlook Express email folder files. The issue is that they are stored with a .QQQ file extension. (Example: Inbox.dbx.{51cf2dcf-d42d-43be-bc1b-ba07dab55da7}.QQQ) Please tell me if there is a way to extract the DBX files from the QQQ files. Thanks! Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 17, 2014 Share Posted January 17, 2014 (edited) Good day Kyle, QQQ files are quarantined files by Microsoft Live OneCare. The files are infected with potential threats. Extracting them may make your system vulnerable or compromised. However if you wish to pursue this endeavor, a trip to the following Microsoft KB will shed some light and help you get them restored. E-mail files are quarantined by Windows Live OneCare Thanks for reaching out. What are QQQ Files ? Edited January 17, 2014 by Arakasi Link to comment Share on other sites More sharing options...
ogrgkyle 1 Posted January 17, 2014 Author Share Posted January 17, 2014 Hey, thanks for the info! I tried installing Windows Live OneCare (now discontinued), but I received an installation error: "Network problems are preventing Windows Live OneCare Installation from continuing at this time." All my troubleshooting has not produced a solution. So, do you know if I can use Microsoft Security Essentials (OneCare's successor) to restore the QQQ files? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 17, 2014 Share Posted January 17, 2014 You can possibly try the cleanup tool, and then install again. I dont think MSE uses qqq files. Cleanup tool - hxxp://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=828910&SiteID=2 Prior to using cleanup tool. Move your qqq files to a different directory and then back again after reinstalling if successful. Link to comment Share on other sites More sharing options...
john 1 Posted April 28, 2014 Share Posted April 28, 2014 I have one manual solution to recover DBX files which you can try. You get various types of error messages when your files become inaccessible. The steps required to execute are given in this post: Extract DBX Files. I am quite unsure whether this solution will work on QQQ files too. Before trying this manual technique, create backup of your file. If this above manual solution doesn't work, then you need to use recovery software. The best feature of recovery software is it scans your file and recover data from it. After recovering data, it gives you the option to save the recovered data in any email format such as EML, MSG, PST, etc. One such software is DBX Recovery v2.0 from SysInfoTools. You can download, install and run the free demo version of this software. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted April 28, 2014 Administrators Share Posted April 28, 2014 Perhaps we could look at the quarantined file to find out if it could be easily decrypted to the original form. Link to comment Share on other sites More sharing options...
ogrgkyle 1 Posted May 18, 2014 Author Share Posted May 18, 2014 Thanks for the suggestions. I've discovered that these .QQQ files are MSCF cabinet files. If I open one in WinRAR, I see two files: {3f55eda0-b5b6-4966-be7a-2aa629523779} (or something similar) Manifest.ini Here is an example Manifest.ini file: hxxp://pastebin.com/s5hQcpMp One value is "SHA1" and another is "XOR_KEY." I wonder if I can use these values to decrypt these files. What do you think? Link to comment Share on other sites More sharing options...
ogrgkyle 1 Posted May 18, 2014 Author Share Posted May 18, 2014 Hey, this XOR program did the trick!! hxxp://www.softpedia.com/get/Programming/Other-Programming-Files/Xor.shtml At last, the solution to opening these .QQQ files: 1. Open a .QQQ file in WinRAR and extract both files. 2. Look in the Manifest.ini for that particular file and see what the XOR_KEY says. 3. Run xor.exe in the command prompt and extract the encrypted file: xor.exe encrypted_file_here output.dbx xor_key_here Thanks for the help! Link to comment Share on other sites More sharing options...
Arakasi 549 Posted May 18, 2014 Share Posted May 18, 2014 Very nice indeed. Link to comment Share on other sites More sharing options...
SweX 871 Posted June 30, 2014 Share Posted June 30, 2014 Has this turned into an advertising thread or what Link to comment Share on other sites More sharing options...
Arakasi 549 Posted June 30, 2014 Share Posted June 30, 2014 I have no clue, but it is a little strange that i answered the question back in January and we continue to get additional stuff posted. Its all SEO. People keep finding the thread on the web and decide they want to add additional info. To each his own i guess. Link to comment Share on other sites More sharing options...
SweX 871 Posted June 30, 2014 Share Posted June 30, 2014 Maybe you're right, but yes it is strange and all three are one time posters, they just joined to post their links. Here is a similar thread: https://discussions.apple.com/message/24947725 Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 4, 2014 Share Posted July 4, 2014 I think its time to close this thread . . Link to comment Share on other sites More sharing options...
SweX 871 Posted July 4, 2014 Share Posted July 4, 2014 Good idea Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 390 Posted July 7, 2014 ESET Moderators Share Posted July 7, 2014 Hello,Due to excessive spam, this message thread has been closed. If you need assistance on this or a related subject, please start a new message thread.Regards,Aryeh Goretsky Link to comment Share on other sites More sharing options...
Recommended Posts