About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

Evidence-Eliminator??!??

Week of 9 May 2006


As of today there are 832,000 links to 'Evidence-Eliminator' at Google. Not counting the paid for ads at the top and the right margin, that's ten links per page for a total of 83,200 pages.

Not much has changed in all these years. The E-E people are still out scamming the public, but today they have the assistance of a huge army of willing affiliates who get generous rewards for every click through sale. The E-E people may not treat their customers well but they treat their affiliates like bloody royalty.

The E-E royalty system is the brilliant part of the operation: there are no restrictions put on how affiliates market the product; affiliates get their series of lessons in 'dirty tricks'; and if anything happens it's the affiliates, and not the E-E people, who get into trouble. Brilliant.

The E-E people are currently under investigation by the FTC in the US. This is common, easily accessible knowledge - yet people still don't bother finding out.

The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an 'ideal' read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal.
 - Dr Peter Gutmann PhD, University of Auckland

Thus it's nigh on unbelievable people still fall for these stunts, scare tactics, and cruel hard sells - today with all the 419 scams and phishing scams proliferating and so many people exposed to this on a regular basis. And with fully adequate spam filters it's harder to pollute inboxes and get a response. But the links are still out there, more than ever, and the chicken hawks are still poised and ready to eat.

Evidence-Eliminator is a dusty old Visual Basic program that's grown a shaggy unkempt beard since the New Millennium. It hasn't been updated in at least seven years. It's a program written by a company called eSoft and bought up by the current owners (who are not programmers themselves). All that's changed are the revenge and scare techniques - the code's the same. And it's bad code to boot.

A look at what Neil Rubenking discovers about Evidence-Eliminator should be enough to scare away even the most naive user. It's not that the evil of the program already in the install phase rears its ugly head - it's that the incredible clumsiness of such a Visual Basic install is enough to rip lesser systems apart. Especially on outdated systems such as Windows 95, Windows 98(SE) and Windows Me one can 'max out' a Registry: the mechanics of Registry storage were never safeguarded for such heavy usage. Your Windows system will begin to corrupt itself, all by itself.

None of which would be necessary if the program weren't so poorly written to begin with. Several professional sites have classified the E-E install as the by far most destructive ever seen. And even if your system survives, even for a short time, there's not much left to work with. For the possible benefit of 'eliminating evidence' you get a system that grinds to a halt and becomes a kludge, unusable.

There are hundreds of thousands of E-E affiliates out there waiting for you to drop by. Everyone wants on the bandwagon. The E-E people promise heaps of money (made from suckers like you) to buy fast cars, expensive watches, and hot slutty women. You can recognise them immediately by checking the links. If you find the code '?a=AXXXXXXX' after a URL, you know the site is passing an affiliate code onto the E-E people. Sometimes those pages will attempt to disguise the links, so you can always copy the link to your clipboard and paste it in a text editor to see what the link really is.

If it has '?a=AXXXXXXX' then you know you're not getting someone's good advice but being set up for a confidence trick.

Back in the early days of this scam the IDs were only four digits. Crime's really flourished in the past five years: now they're seven digits. Obviously no one's learning anything. One sucker born every minute? If it was only that good.

It's not that E-E doesn't work (but it doesn't). It's that no effort has been made to produce a satisfactory product - but every effort has been made to scare you and threaten you and compromise you so you're FORCED to buy the product.

And to date not a single dissatisfied customer ever got a refund. No one ever will. Most people are too afraid to try. They find E-E marketed at illegal porn sites; they're scared. But there are tens of thousands who nevertheless attempted to get a refund - not a one has ever succeeded.

Think about that before you take the plunge.

And support? You think there's support for E-E? Think again. There's a jungle of links at the E-E site engineered to put you off the scent. If you persist and make it to the end, your enquiry still gets ignored - it goes into a dead nonexistent letter box.

You'll never find an E-E user praising the product. All the blurbs at the E-E site are made up - they're fake. What you will find are E-E affiliates dissembling as customers and saying the product is great. Be careful.

A few 'mainstream' reviews were written years ago by industry pundits who had no clue what the E-E people would get up to. They didn't even read the 'back of the box': these were not qualified professionals - they were professional journalists, not professional software engineers: they were totally unequipped, totally lacking in skills to properly evaluate anything. And with all that's happened since, they won't be back again today to make the same errors in judgement.


E-E uses a lot of non-Visual Basic modules to tie everything together. The eSoft people who originally wrote the program were obviously more at home with Visual Basic (poor them - and a warning light to you) and it's because of this you see your Registry go down for the count.

You see hundreds and hundreds of 'COM registrations' in your Registry; quality software doesn't work this way.

E-E also uses a number of 'stealth modules' from the E-E bag of 'dirty tricks'. External to the Visual Basic core, these modules are hidden on your hard drive and used if you should suddenly doubt the E-E people and want the curse off your computer.

Some versions of E-E work; others don't. And even when it works it takes forever to do precious little. E-E is coded in Visual Basic - that's how bad Visual Basic is; that's why professionals never use it.

Searching for different file types: the sorry thing searches for one type at a time instead of all at once - and considering the hard drive is the slowest part of your system, you can figure out how long these searches are going to take.

If you don't understand how ill-equipped you are with a program like E-E, maybe you'd better read the blurb in the box below - and simultaneously hit yourself on the head with an industrial strength clue bat.

The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an 'ideal' read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal.
 - Dr Peter Gutmann PhD, University of Auckland

No one's ever tested E-E on a professional level. If they have, they're not coming forward with their data. All the online media and supposedly 'satisfied' customers are doing at most is checking to see if files are gone from their ordinary file listings - something that's accomplished by simply deleting without shredding. No, you need Dr Peter Gutmann's oscilloscope - you need the assistance of a forensic team's recovery hardware - to do more.

Shredding with E-E is the most primitive. It has never been enough and never will be enough to 'overwrite' a file before deleting it. Forensic hardware can uncover what was previously written on your disk. And what was written before that. And before that. And so on. Shredding is not the art of filling in first with 'all 0s then all 1s' - it's the art of obfuscating things for the analog controllers that run your hard drives. It's a totally different idea.

There are still people out there, even today, who understand so little about what file deletion and shredding are that it's not funny. And it's not as if the topic hasn't already been thoroughly discussed: these people just don't do the research.

There are people who confidently explain to their mates that a program like E-E is going to first delete a file, then flip all the bits in it. Perhaps one of these supremely gifted Einsteins can explain how anyone can find a file that's already been deleted? This might seem like nit-picking but it isn't: these people have no understanding of what they're talking about.

Knowledge frees. But it's better for all these shady interests if people on the street never understand these simple things - if they never are freed. Then people like Robin Hood can continue to hype and scare them and reap the big rewards - your hard earned money.

One anti-spyware blog wrote recently that the E-E Documents section available at this site was pretty accurate even though the site offered a competitive product. Sometimes it's incomprehensible how people think, read, and do their research.

There's enough content at this site for anyone to learn what the score is but people don't read. The E3 Security Kit was an afterthought to the E-E Documents for the simple reason that Radsoft customers needed something a bit better - something that 'eliminated' their need to even consider trash like E-E at all.

A free version of E3 was released and is still available; Radsoft still offer their 'E-E Removal Tool' - for free. People just don't do their research. And it's really hard to help people who are way too lame to help themselves.

A great deal of the work that's gone into the Radsoft site has been about helping people, about educating them, about seeing they steer clear of the pitfalls. There is the famous section on memory optimising snake oils; there's the exposé of Zone Labs' Zone Alarm; there's the enormous section on 'Fibergate'; there are countless examples of this. People just don't read.


A Scandinavian bank got hit yesterday by yet another phishing scam. The last time this happened, a total of four customers were tricked (but no one lost any money). This time - so far - no one's been tricked.

As the account holders themselves say, 'who can't see through such an obvious scam?'

Indeed. Then what's the difference with Evidence-Eliminator? Think about this: how do you know E-E really works? Have you tested it with disk diagnostic utilities of your own? Funny - but everyone who has says the program doesn't work. Exactly how do you think all these media pundits were able to claim 'works as advertised'? How are you able to think that, to claim that? You don't really know that, do you?

What kind of trust can you put in a company that purportedly tries to stay out of the public eye - according to some at a dead letter box above a curry shop in the town of Nottingham - and will never grant you a refund even if you scream for it?

The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an 'ideal' read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal.
 - Dr Peter Gutmann PhD, University of Auckland

Evidence-Eliminator cannot handle modern Windows hard drives. It can't handle anything that's come out since 1996. It can't handle Microsoft's NTFS file system. It was written before the NT 2K XP family of Windows came into vogue. It was last updated before the New Millennium - before Windows 2000, before Windows XP, before Windows Me - and it wasn't updated for Windows XP Service Pack 2 and it won't be updated for Windows Vista either. Robin Hood have no people to do it.

It overloads your Registry on install, threatening to take down your entire system; it takes forever to do simple disk scans; it can't perform proper shredding; and it has any number of hidden revenge mechanisms should you decide you don't want to put up with it anymore.

It will do things like put pictures of mean people behind bars on your desktop, lock your login, put images over all your other applications so you can't access them and work with them - and it will continue to tell you what horrible things will happen if you don't crawl back to Robin Hood immediately.

There have been countless people who've written to this site for help - people who got help by both mail and phone, people who were completely desperate, their computers destroyed by Evidence-Eliminator.


Robin Hood have web pages deliberately salted with NSFW phrases - just to get you in trouble and get you scared. And the worst of it is, making you think their E-E or any product like it is going to help you at work is a scam in and of itself.

If you see your boss and the other suits coming to your desk, don't try to delete files - they're not coming to look at your hard drive: they already know.

They know because you've been surfing through their proxy, you doofus, and all the evidence they need to fire your butt is already in the proxy logs. Getting a file shredder to protect you in a corporate workplace is a waste of money.

Then there's the old 'what's on your hard drive' scam. They use a simple JavaScript snippet to display your hard drive in your browser window. There is not, never has been, and never will be a mechanism for transporting this data over the Internet. You're the only one who can see it.

Just the other day one Sanford Wallace got convicted for pulling a similar scam. He wrote a code snippet that opens your computer's CD drive bay and pops up a message on screen that asks 'is your computer's CD drive bay now open - if so you are infected and you need our protective software'.

Unbelievably enough people fell for it. Sanford Wallace must now pay back over $4 million he got through this scam. Are you one of Sanford Wallace's victims?


When do you need a real file shredder? When you're selling or giving away your computer; when you work in the security industry; when your corporation demand you use one for their own security purposes. That's when. For if you think you need one to protect you from your boss, you're a fool; if you think you need one to protect you from your spouse - get a new spouse. And so forth.

Yes, shredders are needed, but in professional situations - not this other silly stuff. Don't be a home computer security hobbyist - it's not a good profession to be in. If you don't know - don't; find someone who does, someone you can trust, and let them walk you through it. And don't for a minute assume that just because your neighbours come on like they know it all that they do: everyone wants to play the IT guru these days.

And don't kid yourself for one minute that having E-E will to save you from going to jail for being a child molester. You have to know what files are to be deleted - no program is going to figure that out for you.

E-E and similar programs look for 'junk' files - they do not, repeat do not, look for porn files or whatever you're scared the authorities are going to find. They don't have algorithms for figuring out when a filename is suspicious. They just get rid of flotsam and jetsam. Your porn stash remains.

If you yourself miss a single file, you're the one who's to blame if you go up the river - not your shredder. Remember that. Your shredder can't know; you have to.

Here's a typical - and typically scary - example. Someone sends you a list of child porn contacts. The list comes as an attachment to your mail message. The format of the message is Microsoft Word.

You unload the attachment from the message and load it into Microsoft Word. The first thing Microsoft Word always does is set up a scratch file in your temporary directory - for undo and redo and things like that.

You look over the file in Microsoft Word and decide you don't want it - and delete it, with or without a shredder. You think you're safe.

Then along come the police, snatch your hard drive, and start looking at it with oscilloscopes. They find an overwritten area previously used by Microsoft Word in your temporary directory. They set their oscilloscopes to work. They uncover what was previously written in that area of your disk. They find the list of child porn contacts.

You go to jail - even if you used Evidence-Eliminator you go to jail.

Today there are hundreds of shredders on the market - at least. A few are OK; most are less than worthless; and at the bottom - at the very bottom, the worst by far - you have E-E.

Eraser is a well-received product, and it's free (mostly) but it's only a shredder and doesn't take care of your Registry or anything else like that. E3, found here, does it all. And most importantly it's flexible: you create your own 'recipes' ad hoc to deal with new projects. You get an impressive array of prefab recipes, but the system is built so it's easy to make new recipes of your own.

It's a system in use by at least four defence departments in as many countries; it's used by police forensic researchers in the US and Canada and across Europe and the Far East; it's a professional tool - fully scriptable as well. It can be used to automate shredding procedures for entire corporate networks. And so forth.

It's the only truly professional security product of its kind for Windows.

There may be other products out there that are more or less adequate - but what you need to do if you think you're in the market for a shredder is:

  • Read up on what shredding is all about. Read about 'Gutmann'. Read about how disk drives really work. You don't have to have all the details - you just have to have a clue or two.

  • Read up on how file deletion works. So you understand why even the thought of shredding files is something to consider.

  • Check the feature list. You don't need something that will perform automatically at the same stroke of a clock every day - you need something that will perform in a similar fashion when you either start or shut down your computer; you need to be able to clean both your Registry and your hard drives; you need to be able to configure things yourself; you need to be able to see what is going to be removed and shredded and control it; you need to be able to inspect results afterwards.

    And a final time: a shredder should go into not only your filesystem but your Registry. If you're not cleansing your Registry you're doing only half the job.

    Your Registry is full of stuff that should be removed anyway, stuff that in a sensitive situation could give you away. You have to have a tool that removes that too.

Do your own research so that in the future you won't have to stop everything to come here and get a lecture on common sense. Be careful and good luck.


At Radsoft it all started when staff were commissioned to write a desktop application for a new WebAttack startup. The application received rave reviews across the net - but unfortunately it was used as an up-sell to an E-E affiliate page, something that had not been previously explained. The association with such an extremely dishonest enterprise forced staff to react and create the E-E Documents.

A lot of research was put into that project, as was time and sweat and even tears. It was done for the benefit of fellow netizens. It garnered a lot of attention. A lot of care was taken to present an impartial and objective picture so readers of the series could draw their own conclusions.

It was work done with no ulterior motive save informing, educating, and helping the public. That type of work is called 'research'. For the most it did not involve any technical skills beyond being able to study and to read.

And it's already been done. All you have to do now is read. You don't have to make the same effort yourself. It's already been done for you - for free.

For goodness sake take advantage of it.

Consumer Warning — The E-E Documents »

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.