§$%$!"§% indian call centers...
-
Nelek wrote:
Money... plain and simple dirty money...
So I still don't understand. How do these guys profit from data being deleted and unrecoverable?
Nelek wrote:
it was a windows 7 machine
You also mentioned a NAS however - unless the NAS machine is itself running Windows 7, it wouldn't be creating volume shadow copies. Still, let me know if this helped - this is a really poorly known and under-appreciated feature, and has allowed me to recover files long thought to be lost (including some files some people would rather have not had me recover for them) ;)
dandy72 wrote:
How do these guys profit from data being deleted and unrecoverable?
They try to make you believe that if you pay you get the data back. A sort of ransom. The problem is... they can'T beacuse to copy the hard drive a lot of time would be needed. If the drives would have been encrypted, then there is still a possibility to recover it. Another thing is if the actually give the code after getting the money or they just ask for more. About the NAS... I don't think it was doing shadow copies, not sure if that NAS was even able to do them. Anyways thank you, I will dig about the feature a bit. Since I suppose I will have to bring everything back to life, I will try to make some changes.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Unless they used a program to write over all the data - delete just marks the filename as deleted in the directory. To be able to recover the data - DO NOT write anything to the drives. Use an undelete program or a data recovery service like Geek Squad at Best buy - looks like the cost is $200 to $1400. Best Buy Geek Squad Data Recovery page here [^]
Good to know. Thank you.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
dandy72 wrote:
How do these guys profit from data being deleted and unrecoverable?
They try to make you believe that if you pay you get the data back. A sort of ransom. The problem is... they can'T beacuse to copy the hard drive a lot of time would be needed. If the drives would have been encrypted, then there is still a possibility to recover it. Another thing is if the actually give the code after getting the money or they just ask for more. About the NAS... I don't think it was doing shadow copies, not sure if that NAS was even able to do them. Anyways thank you, I will dig about the feature a bit. Since I suppose I will have to bring everything back to life, I will try to make some changes.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
It was Windows 7 (NFTS). The bin was empty, I suppose they used something similar to "Caps + Delete" (delete without sending it to the recycle bin) or an internal deletion of the "Remote Desktop" they used. My relative says he saw a popup about a confirmation to delete the data (that's when he realized what was really going on). The confirmationw was not the typical "windows popup" it had another colours, he said. I am hoping that they didn't use a recursive deletion or things like that, just a "fast and dirty" deletion, that might be undone at least partially (every byte of data back will be better than nothing). The problem is... windows is fvcked up, so I will have to reinstall from the scratch in C:, the Data were in D: but I am not sure if your idea will work after a fresh installation
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
Why not boot off a rescue disk and run an undelete?
-
A NAS on its own wouldn't know anything about shadow copies - this is a feature of Windows and NTFS.
Oh... ok. Thanks for the tip
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Why not boot off a rescue disk and run an undelete?
This is going to be my first try. I have a couple of versions of Hiren's (10.1, 13.3) to boot in DOS or in miniXP is good. But I am not sure if the tools contained are that good. I too have an old linux bootable CD somewhere (that I have to find first). But the good undelete software is what I am missing. If it doesn't work as expected, then Install windows in C: and run rescue in D: At least this is the only thing where he was disciplinated, he saved everything in the "data" partition and keeping "system" clean (I was doing restore image backup, updating and creating new image a couple of times a year), but keeping the "data redundant drive" always plugged in... :doh: :doh: :doh: (I hope he learnt from this experience)
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
This is going to be my first try. I have a couple of versions of Hiren's (10.1, 13.3) to boot in DOS or in miniXP is good. But I am not sure if the tools contained are that good. I too have an old linux bootable CD somewhere (that I have to find first). But the good undelete software is what I am missing. If it doesn't work as expected, then Install windows in C: and run rescue in D: At least this is the only thing where he was disciplinated, he saved everything in the "data" partition and keeping "system" clean (I was doing restore image backup, updating and creating new image a couple of times a year), but keeping the "data redundant drive" always plugged in... :doh: :doh: :doh: (I hope he learnt from this experience)
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
There must be a bootCD+undelete combo on the net somewhere, this is classic rescuse stuff. What I always do is keep my OS on one drive, and all my data on another, and also put backups on that data drive. Then if I get s problem I can just wipe the OS drive with impunity. It is a bit of a faf to set up, but gives you 100% antivirus/anti scam protection.
-
There must be a bootCD+undelete combo on the net somewhere, this is classic rescuse stuff. What I always do is keep my OS on one drive, and all my data on another, and also put backups on that data drive. Then if I get s problem I can just wipe the OS drive with impunity. It is a bit of a faf to set up, but gives you 100% antivirus/anti scam protection.
I do similar for me, with him is partitions separated, but not drive separated. Second partition is the one that had the data that got deleted (with OS backup images inside, that's why I have to start over again). And the external drives (NAS and USB) were connected too, so redundancy went to hell too. That's why I was thinking on reinstall windows in C: partition, leaving D: (Data) untouched. I think it is better to concentrate my effors on the main HDD, that had the most actual data and will probably be easier for the tools. But I will have a detailed look to the bottable cds first. If I can do everything in low level from the booted environment I think it might get better results.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Oh... ok. Thanks for the tip
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
That's why I said "thanks for the tip" ;) ;P
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
I had a 2-3 minute argument with one guy when I told him he did not work for Microsoft, and he knew nothing about computers. Quite amusing really.
-
Conversation goes like this: ICC: Hello, my name is Alex*, I am calling you from Microsoft** support. A problem with your computer has just shown up on the internet. Victim: Oh dear, what can I do? ICC: You need to download a security update from www.westealyourdata.com, and follow the instructions. ... victim downloads malicious piece of software giving ICCer access to PC ... victim is now doomed, loses data, gets scammed for money etc. In reality the conversation may go on for some time; I always like to keep them talking for a while, until it is obvious they don't have a clue about PCs. *or other western name, but with a pronounced Indian accent ** or other company
Just wondering do Microsoft guys would really call in reality and say that your system has a security breach please fix it! i mean they are busy guys, why they would care any one and there are so many Windows users around the world, how one could track and see who is having security breach :laugh: