Decrypt Encrypted Quarantine Files

Trend Micro recommends that you have IWSVA encrypt all quarantine files to prevent accidental "reinfection" or reintroduction of the malware into your network. However, it may be necessary at times to decrypt an encrypted file.

• Note: Since Linux does not provide the means to decrypt an encrypted quarantine file, you must perform this function from a Windows workstation.

To decrypt an encrypted quarantine file, complete the following steps from a Windows workstation:

1. Download the vsencode.zip file (see below for the full path) and then extract the contents to a designated directory. The following files appear:

VSEncode.exe
Vsapi32.dll
VSEncode_Readme.txt

2. Open a command prompt (Windows Start button > All Programs > Accessories > Command Prompt) and use DOS commands to change to the designated quarantine directory.

3. Enter the following command at the DOS prompt:

VSEncode -d

All encrypted files in the designated quarantine directory are decrypted and the log, VSEncrypt.log, is created.

• Caution: The decrypted files are likely to be dangerous. Viruses can infect the server. Trojans can drop their payload, worms may propagate, and spyware can open backdoors to the server. Use caution. Delete or re-encrypt the files as soon as possible.

See also

• Encrypting Quarantined Files

• Quarantine Directory

• vsencode.zip location:

http://solutionfile.trendmicro.com/SolutionFile/11435/en/vsencode.zip