Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Malware Defense History

by Dr. Nikolai Bezroukov.

Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013

Contents : Foreword : Ch01 : Ch02 : Ch03  : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13


Chapter 9: Scareware -- fake antivirus programs, data recovery utilities and like

Data Recovery Trojan

News Strategies of Defending Windows against Viruses, Worms and other Malware Recommended Links Softpanorama Malware Defense Strategy Backup process Three phases of the image restore process Backup your infected partition from recovery CD or separate bootable USB drive
Create a Delta Tree of data that Restore the image from backup and merge your Delta Tree with it Conclusions Webliography Humor History Etc


Introduction

I saw this one first on Jul 28, 2012 but this Trojan in various forms is at least a year old. So there is some information about it on the Net and hopefully this page also can provide some useful info and links.

All-in-all this Trojan is a classic example of   Scareware  as Wikipedia  calls it.  More potent then fake antiviruses  like  XP Antivirus 2012, Antivirus system pro, Dr Guard,  Security Shield and so on.  Data Recovery Trojan tries to extort money from the victims by scaring them about loss of data on their hardrives which is probably more effective criminal tactic then pretending that computer is infected with multiple viruses. 

After infection Data Recovery configures itself to start automatically after computer is restarted. The program loads its fake scanner that imitates looking for hardware problems As this fake scan progresses, Data Recovery will present some problems supposedly detected on your system, for example:

Disk drive C:\ is unreadable.
System files are damaged. System is unstable.
32% of HDD space is unreadable
Bad sectors on hard drive or damaged file allocation table
Drive C initializing error
Hard drive doesn’t respond to system commands
Data Safety Problem. System integrity is at risk.
Critical Error

The program also regularly generates a series of pop ups warning that your system has some hard disk drive errors. For example:

Windows detected a hard disk problem
A potential disk failure may cause a loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced.

Icons on you desktop disappear and start menu and toolbar became almost empty as it put hidden attribute on most entries (I think this is the real nature of the scan ;-).

You are asked to purchase a license and then register your copy of Data Recovery to recover the data from your "failed" hard drive".

For a good description see How to Remove Data Recovery.

Dual infection mode

This is a pretty sophisticated beast that uses "dual infection mode". After a PC is infected with it "also drops a "companion" rootkit Win32:Sirefef to prevent disinfection.  I also report when it is  bundled with TDSS trojan-rootkit (How to remove Windows XP Recovery virus My Anti Spyware).

This malware doesn’t remove any files although destroys some bookmarks. It also hides "hide" the Start menu, your favorites and Quick Launch toolbar by putting "hidden attribute on most files (Web browsers are spared as it needs your payment ;-). 

It’s not going to “recover” anything if you pay for it. 

Amazingly effective in money extortion. Use hidden attribute to hide icons from the desktop and programs from the Start menu making non-sophisticated users completely helpless and they pay.

It drops several files to C:\Documents and Settings\All Users\Application Data (location is different on Windows 7 32 bit ) on Windows XP. Names are random, for example:

C:\Documents and Settings\All Users\Application Data\ebaLnBwNFNAYYY.exe

It also moves content of Start menu to Windows %Temp%\smtmp\1 folder. In one example of infection that I observed it lost some favorites in IE link bar (those which names started with letter "$").

This scareware program is bundled with a rootkit Win32:Sirefef – a family of malware that controls infected computer’s Internet activities by redirecting requested URL to a different one. It is also  modifying search results, and generates pay-per-click advertising revenue for its controllers.

Redirect Web requests via novn.com which is probably one of several domains serving this purpose. And there is no proxy set in IE. Here is how novn.com resolves via DNS:

Server:  c.resolvers.level3.net
Address:  4.2.2.3

Non-authoritative answer:
Name:    landing.hitfarm.com
Address:  72.51.27.51

Both IE and Firefox are affected. In firefox redirection is different and looks like

http://www.justclicklocal.com/citydir/randolph-township-mid+atlantic--domains-cheap.html?uvx=WCVsosYtibwLoGtyolJn9EC9W27rhpQjJk1KyNUkbIRimjJ6dw14CzZHpLfOliJk3PKaqs0P8Np-fcrWayaYTx6sVOOBOZcyxdyuz5giWcmeS0Adk0_uNG76HcaR-jaU_vDafxGZJGZGJLNz7KcNuvTciPeE0y3T_xSZkQwxZq39WtnL2zgoirZcvOjswJbJhhmb8Glrb1fc_Mfx7qFLOIC2J2EDQw8BoWTvACq960Dobr50ZgC6hw_pglbwmpzNioi9_APutlQ1Nwg4t7EdFO65ZrVzZRbAJfnBZoGnhT-RtyNOpBKtvcdDQSUDlFQ6xp2ZXlkJ8IUcgSfOxqLvXSEYUHen9Nzfkb9bMdoSQRo54dGoVNOBC2jX2c28U5D7fEM44_vDlxh1kh-19LEjLYyZgmh87PZ7bBylq-GfW2JRO4Wk5DniGB0wJy-oCmOw

It is known by different names:

 Win32:Sirefef  Trojan Search Redirection: an interesting example of reinfection mechanism

This Trojan possesses interesting reinfection mechanism which ensure that the disinfection of just Data Recovery Trojan itself does not solve the problem. Pretty soon you will be infected with the same one or other one via redirection of you Google or Bing searches to malicious sites. I do not know how Win32:Sirefef does it but I suspect that it uses DNS re-direction. Neither /etc/hosts file not proxy settings are affected.  It has many strains. Some of them are picked up by Windows Security essentials. One was not. I think this time it used strain V.  Here is description of one of them (A) from Eset - Win32-Sirefef.A

Win32/Sirefef.A is a trojan that redirects results of online search engines to web sites that contain adware. The trojan creates copies of the following files (source, destination): The trojan then deletes source files.

The trojan drops one of the following files in the c:\windows\system32\ folder:

The following files are dropped into the %systemdrive%\windows\ folder: The trojan may create and run a new thread with its own program code within any running process.

Other information

The trojan can redirect results of online search engines to web sites that contain adware.

The trojan launches the following processes:

The trojan creates the following files: It uses techniques common for rootkits.

Microsoft security essentials detect several strains of Win32:Sirefef but the irony here is that the worm set up several strains, at least one of which is not detected by Microsoft Security Essentials with signature database as of July 26, 2012.

Disinfection

You need to understand that you are dealing with professionals. Criminal professionals and as such you are outgunned. Traditional methods of malware disinfection will eventually work but do you have time to wait when they will debug their staff?

So using recovery based on the drive image is the only reasonable strategy that works. There two options here

  1. Use Windows system restore. Restart your computer then Press F8 key and then select Safe Mode...  Then, run 'restore' restore options will be listed based on dates - then select your desired restore option - then wait till the process finish. Learn as much as you can about this Windows mechanism and try it first  For more about Restore points see System Restore - Windows 7 features
  2. Use of  Softpanorama Malware Defense Strategy. This is probably the best option for complex infection with root-kit elements present like this one. And it does not rely of some super-duper AV program that known that strain of the malware that you got. It just presume that you regularly backup your C partition on a USB or network drive with  Acronis True Image, Ghost or other "ghosters" created image of your C partition. And now when the disaster had stricken you have one, not too old image available for recovery.

Preliminary steps to help to recover your data hijacked by the Trojan:

There are two traditional approaches which might help at least  to alleviate some pain. I would like to stress that here the main problem here is the infection with Win32:Sirefef,  not so much the Data Recovery scareware. And here you need to know quite a lot about Windows to disinfect it correctly and prevent reinfection.  Just running "super-duper" antivirus program usually is not enough. Combination of those programs might help. I would recommend two options:


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jul 30, 2012] Missing files after Windows Repair trojan -

April 2, 2011 | Microsoft Answers

SageonFire

Same Problem except I am running windows 7. I am a college student and really need to find my files. It appears that none of the files are actually gone, i just cannot get to them. On the start bar the 'all programs' area says (empty); and when i go into my hard drive it says that is also empty. please help ASAP.
thanks

AuContrarienne:

This is what I woke up to today. I got rid of the trojan using Malwarebytes, but programs have disappeared, some are inaccessible, I can't reinstall them, and I am in a heap of trouble. I did manage to restore my disabled task manager. I implore someone in the know to help those of us with this problem.

Amar_C

Control Panel >> Folder options .. View .. show hidden files you should be good

SageonFire

Ok. It took all night, but i got all my files and shortcuts to show back up, as well as get rid of the offending program.

I used malwarebytes to get rid of the program, also went in and deleted some of the registry values that it stuck in there.

my files were, as i suspected, simply hidden. In windows 7 I had to go to the control panel > appearance and personalization > Folder Options > show hidden files and folders. Then i just selected "Show Hidden Files and Folders" about halfway down the window.

from there, I went into my hard drive where my files were finally showing up but shaded. highlight all the files, right click and select properties, in the window that pops up there is a box ticked that says hidden, untick the box, hit OK or Apply, it will ask you what folders to apply it to, select "Apply Changes to this folder, subfolders and files". It will take a little while but this should do the trick.

Hope this helps!

[Jul 29, 2012] How to Remove Data Recovery Trojan / Malware

This malware (more correctly scareware) program is bundled with a rootkit Win32:Sirefef – a family of malware that controls infected computer's Internet activities by redirecting requested URL to a different one. I recommend to use Softpanorama Malware Defense Strategy booting from the recovery CD. You can also use system restore. Restart your computer then Press F8 key and then select Safe Mode... Then, run 'restore' restore options will be listed based on dates - then select your desired restore option - then wait till the process finish.
April 28, 2012

Data Recovery is scareware masquerading as computer repair and optimization program. It pretends to scan your computer for hard drive, RAM and Windows registry errors and displays fake warnings. None of this is really surprising, or at least it shouldn't because it's a typical scareware. Cyber crooks behind Data Recovery just want to trick as many internet users as possible into paying for bogus computer repair program. This scareware is usually installed by the user when visiting infected/malicious websites or opening infected attachments. Malware authors use social engineering and drive-by downloads to distribute this malicious software too. Once installed, you may be requested to pay to fix supposedly detected critical hard drive errors and RAM failures. Just ignore those fake warnings and notifications about non-existent problems and uninstall Data Recovery from your computer. Of course, it's easier said than done, so to remove this malware from your computer, please follow the removal instructions below.

When running, Data Recovery will report the following problems on your computer:

It detects 14 errors on each infected computer. It doesn't matter whether is a brand new PC or and old laptop. All the errors and warnings are predetermined, so don't get spooked. Data Recovery is more annoying than dangerous, however, there's one this that shouldn't be overlooked. The rogue program hides certain files, usually shortcuts and Desktop icons, and moves other files to Windows %Temp%\smtmp folder.

Do not delete any files from your Temp folder; otherwise you'll have to use Windows CD/DVD to restore your system. Thankfully, you can unhide your files rather easily. Just follow the removal instructions below.

It is also worth mentioning that Data Recovery executable drops a rootkit from the TDSS family. If you don't remove the rookit the rogue application will be re-installed.

Fake Data Recovery warnings:

Additionally, you can activate the rogue program by entering this registration code 15801587234612645205224631045976 08869246386344953972969146034087 and any email as shown in the image below. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

That's probably the most easiest way to remove Data Recovery malware: enter the code and then run a full system scan with recommended anti-malware software (Spyware Doctor). You can also remove malicious files manually. One way or another, please follow the steps in the removal guide below. And of you have already purchased this bogus computer repair program, please contact your credit card company immediately and dispute the charges. Next time purchase software from reputable vendors only and keep it up to date. If you need help removing Data Recovery, please leave a comment below or email us. Good luck and be safe online!

Quick removal:

1. Use debugged registration key and fake email to register Data Recovery malware. This will allow you to download and run any malware removal tool you like and restore hidden files and shortcuts. Choose to activate "Data Recovery" manually and enter the following email and activation code:

[email protected] 08869246386344953972969146034087 (new code!)

[email protected] 1203978628012489708290478989147 (old code, may not work anymore)

2. Download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.

3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

Alternatative Data Recovery removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.

At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.

If you still can't see any of your files, Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter explorer and hit Enter or click OK.

2. Open Internet Explorer. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK.

Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller or Backdoor.Tidserv Removal Tool to remove the rootkit.

3. Finally, download recommended anti-malware software (Spyware Doctor) to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

Alertane Data Recovery removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.

At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.

2. The rogue application places an icon or your desktop. Right click on the icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

On computers running Windows XP, malware hides in: C:\Documents and Settings\All Users\Application Data\

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types - Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data directory.

On computers running Windows Vista/7, malware hides in: C:\ProgramData\

3. Look for suspect ".exe" files in the given directories depending on the Windows version you have.

Example Windows XP: C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe C:\Documents and Settings\All Users\Application Data\ixgPHgbBMPf.exe

Example Windows Vista/7: C:\ProgramData\6DSS92c31Apgjk.exe C:\ProgramData\ixgPHgbBMPf.exe

Basically, there will be a couple of ".exe" file named with a series of numbers or letters.

Rename those files to 6DSS92c31Apgjk.vir, ixgPHgbBMPf.vir etc. For example:

It should be: C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.vir

Instead of: C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe

4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.

6. Download recommended anti-malware software (Spyware Doctor) to remove this virus from your computer

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

Associated Data Recovery files and registry values:

Files:

Windows XP:

  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk %AllUsersProfile% refers to: C:\Documents and Settings\All Users %UserProfile% refers to: C:\Documents and Settings\[User Name]

    Windows Vista/7:

    Registry values:

    Tom:

    My thanks as well. I was able to get rid of the malware too. An additional comment to others is that in my case the files in my Temp folder (as described above) were taken from the Start Menu Programs folder from both my personal profile and the All users profile. Hope this helps.

    Anonymous:

    Thanks very much for this post. I couldn't find anything on this -ware because it was so new. I searched for the 6DSS92c31Apgjk.exe on Google and found this. I'll check this blog out more often. Cheers!

    Also, for those that cannot connect to the internet on wi-fi, try plugging into the wireless router, make sure you are connected locally (On the status bar, bottom-right, near the clock, right-click the symbol for the internet connection and click on "Open Network Connections [This is for XP users...sorry Vista, etc. users]) and make sure that your local connection is good).

    If you cannot connect, you might want to connect to the internet using another computer. (And if you're trying to use the activation code, I hope someone else can help).

    Good luck, all!

    Anonymous
    Hi again, I used TDSSKiller as you said to. It found a rootkit and removed it immediately. Thanks so much!

    This blog has saved my computer!

    Anonymous
    Thanks. You and your blog helped me! I had a new exe file (bPxedpkqwSG.exe), but I renamed files, run TDSSKiller, MalwareBytes, and my system is back! THANK YOU!

    I have to change the screen-resolution, and un-hide the files.

    I have a daily updated NOD Internet Security, so I'm very upset! :S

    Anonymous
    1 thread found: Locked file, Service: sptd. " As for this problem , I had the same and I tried to remove it manually(in the section "alternate data recovery removal instruction") and it worked. And then I donwloaded one of the anti-malware software which is mentioned above then I let it scan my computer ,it removed all of the malwares.
    Admin
    Hi, I think the rogue program came bundled with a rootkit. Please run TDSSKiller by Kaspersky first. If you can't run it in Normal Mode, please reboot your computer in Safe Mode.

    Anonymous:

    Well, I guess it was the Canadian Pharmacy e-mail i received and opened, too ignorant to know what i had done to myself.

    I lost all icons on my Desktop, I don't have access to the command prompt, not even with Control +R, nothing is appearing on my Drive C, and there is no Windows key on my laptop. Thus, I can't perform any of the suggestion and solutions being so generously shared here. I did get IE back on my Start Menu, but not Firefox, which I pefer. When I reboot, Yahoo Messenger does open.

    Being on a fixed income, I just can't afford to buy any additional software. What can I do? Your help is appreciated. Thank you.

    Al

    November 12, 2011 9:55 AM Anonymous said... Hi,

    I downloaded TDSSKiller from Kaspersky and it did not find anything. Any suggestions?

    November 12, 2011 11:26 AM Anonymous said... i'm having trouble getting my computer to "run". there is no option in the start menu, and when i type "control + r" nothing happens.

    please help me

    November 12, 2011 1:07 PM Anonymous said... hello.

    with your help, my laptop is almost back to normal. however, i still can't get any of my All Programs back. what can i do? thank you so much for your help.

    al

    Anonymous
    May I suggest before doing any of the above try to do SYSTEM RESTORE if possible. I tried to remove it manually but yet couldnt get start menu to show up despite trying unhide.exe. The system restore helped me. Thankfully my system was restored to just a day before so didnt lose much of work. Hope it helps!
    Anonymous
    I didn't think I was able to resolve this one, but, I followed directions! Installed TDSSKiller & MalwareBytes in Safe Mode, Click Scan and deleted the files it recommended. Then, started in Normal Mode, notice all shortcuts and desktop icons we're gone. Downloaded Unhide.exe, ran the program and BooM! all icon/shortcuts we're back! Fully Restored! Easy!
    Anonymous
    I downloaded all the files that were on this blog and installed them on my computer. They all worked and my computer is fixed, but the overall style of my computer is different. Not only that, but I can't use the internet, I can't play audio files on my computer, I can only open certain files. What do I do? Don't want to take it to the geek squad because I don't feel like spending $80 to get this fixed. Can you help me?
    Anonymous
    This is what I did to avoid the virus regeneration ( for Windows XP): 1) ...enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. 2) Then you will find the rogue application places an " system check" icon on your desktop. 3) Right click on that icon, click "Properties" in the drop-down menu, then click the "Shortcut" tab. 4)in that same window, click the bottom left tab " Find Folders" ( sorry I forgot the exact name). You will get a new window " Application Data" 5) check carefully under this "Application Data" window, you'll find some suspicious .exe files, 6)Rename those files by changing the .exe to .vir Now, you can restart your computer. The malware should be inactive after the restart.

    Hope this helps, Good Luck!

    Anonymous
    ok i already got it , after removing the virus use the unhide program it might take few atempts as soon as you recover your desktop icons then go on the star buton maybe options might be missing jus press right click , go to properties , then go to restablished settings and there ya go xD sorry for my bad puntuation
    xcaliburs:
  • just a quick one for anyone want to try an alternative resolution.

    Restart your computer then Press F8 key and then select Safe Mode... let it run

    Then, run 'restore' restore options will be listed based on dates - then select your desired restore option - then wait till the process finish.

    please note: am running windows 7, after I restored my system it come back to normal except that some files (not really important) has been deleted.

    before opening any browsers in my computer i have to do Windows update specially the Security Essentials.

    Good luck!

    Anonymous
    I just got hit by this thing hours before an exam was due. Broke into a sweat before I found this page. You saved my life. Thank you.
    Anonymous
    I would honestly kill one of these SOB's for all the time I've lost to crapware like this over the years. I do desktop IT support for my company and regardless of the AV product we use inevitably these things get in anyways.
    Anonymous
    I discovered after quite a bit of frustration that if you can download the Unhide.exe program onto a flash drive in a folder and then insert it into one of your USB ports, you will get the OPEN WITH "box" to come up. You can then go to open the folder at the bottom of the list, click on it and when it opens, click on the unhide.exe program. it takes a bit, but be patient. It will unhide all of your desktop icons so you can go do a system restore. Just make sure you don't restore it on the day you had the malware show up or you will be back to square one. I know..I got a bit hasty and did just that accidently.

    Data Recovery - how to remove

    Make sure to stay away from the offers by Data Recovery as this program wishes no good to anyone. Remove Data recovery immediately with a reputable anti-spyware program, consulting removal instructions that you will find below.

    Update (28/04/2012 )

    New version of Data Recovery aka "S.M.A.R.T. Repair" Data Recovery was released to replace Smart HDD. This version includes ZeroAccess rootkit usually, thus it is extremely important to scan with anti-rootkit tool (or Spyhunter) during its removal. The version is distributed using fake emails with trojan attachments, though other ways of getting infected exist. The simplest way to get rid of it is scanning with anti-malware tools.

    Special instructions on how to get rid of Data Recovery Antivirus

    0. (update) If you suspect that your PC is infected by rootkit as well, make sure to scan with Spyhunter or tdss killer. Manual removal of rootkits accompanying Data recovery is quite difficult.
    1. Use a following activation key to disable Data Recovery: 1203978628012489708290478989147 or 08869246386344953972969146034087. This should disable majority of popups. Close its window.
    2. Disable proxy server in your browser.
    3. Download Process explorer. Rename it to .com instead of .exe and let it run.
    4. Stop processes starting from All Users/Application Data , AppData, TEMP or similar.
    5. Once you stop the right process, Data Recovery window will close and the icon will disappear from the taskbar (once you hover over it). Remove files of Data Recovery and link found.

    Recommended Links

    Google matched content

    Softpanorama Recommended

    Top articles

    Sites

    Trojan specific info



    Etc

    Society

    Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

    Quotes

    War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

    Bulletin:

    Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

    History:

    Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

    Classic books:

    The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

    Most popular humor pages:

    Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

    The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


    Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

    FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

    This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

    You can use PayPal to to buy a cup of coffee for authors of this site

    Disclaimer:

    The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

    Last modified: March, 12, 2019