• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2114
  • Last Modified:

encrypted drive with SA not found error due to virus

I have an encrypted laptop drive with a virus that causes an error SA not found because the mbr has been modified. I can access the drive with another utility, but I need a way to replace the mbr when it is a slave drive. XP OS with CheckPoint encryption
0
canary945a
Asked:
canary945a
  • 2
  • 2
4 Solutions
 
DavidCommented:
You really need to talk to the people at checkpoint as the technique is likely a function of whatever revision you have and the extent of the damage.  

Reason is that if somebody was to reveal in an open forum, then one would also be revealing how to hack a protected drive.  It may even be a trade secret intellectual property violation.
0
 
canary945aAuthor Commented:
I can unlock the drive and access all the data. If fixmbr is run before unlocking the drive, data is lost. I just need a method to copy a good Mbr$ to the drive. How can I access it's location? It's not a matter of hacking.
0
 
DavidCommented:
Then that is easy.  Boot the system to windows and find a shareware Binary hex Editor program that will let you access the physical drive.  Then just copy/paste physical block 0.

Or you could make a bootable USB stick with linux, and use the dd program to copy the bytes from a file or another disk and set source/destination block numbers.  If you are not a unix person, I'd just go with the path that uses windows.
0
 
David Johnson, CD, MVPOwnerCommented:
Best solution: copy off all of the data on the drive
from diskpart
clean   (removes all drive information)
format, enable checkpoint and restore data.

The reason I suggest this is that most drive encryption software use the unused area of the mbr record to store their loader. Attempting to fix it may make the data unrecoverable.
0
 
canary945aAuthor Commented:
The solution by ve3ofa is the safest, but is very time intensive. Unlocking the data and doing a fixmbr \Device\HardDisk1
 on a secondary drive works
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now