Notifications
Clear all

Malware in .pst

5 Posts
3 Users
0 Likes
852 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

We got infected in Outlook 2013 with malware in the .pst file. About 3k email messages included in this archive. How can we effectively clean out the malware by not destroying the .pst?

Thank you for your help.

 
Posted : 26/09/2017 5:42 am
nightworker
(@nightworker)
Posts: 134
Estimable Member
 

Parse pst file with forensics tool go to mallwares files ofsett open pst with hex editor fill zero and overwrite malware

 
Posted : 26/09/2017 7:34 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Thank you very much!

 
Posted : 26/09/2017 8:20 am
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

We got infected in Outlook 2013 with malware in the .pst file. .

Nir Sofer (nirsoft.net) has a tool called "OutlookAttachment Viewer" (?) which separates attachments from messages. Save them all to a dedicated folder and parse the remaining pst file with any other tool, for example X-Ways Forensics. So you can scan the folder with attachments with AV software. Do it with a copy of the pst and hash before and after to make sure nothing is tampered.

best regards,
Robin

 
Posted : 26/09/2017 10:44 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Thank you Robin!

 
Posted : 06/02/2018 11:05 pm
Share: