encrypted drive with SA not found error due to virus

Posted on 2012-08-31
Last Modified: 2013-11-22
I have an encrypted laptop drive with a virus that causes an error SA not found because the mbr has been modified. I can access the drive with another utility, but I need a way to replace the mbr when it is a slave drive. XP OS with CheckPoint encryption
Question by:canary945a
    LVL 46

    Assisted Solution

    You really need to talk to the people at checkpoint as the technique is likely a function of whatever revision you have and the extent of the damage.  

    Reason is that if somebody was to reveal in an open forum, then one would also be revealing how to hack a protected drive.  It may even be a trade secret intellectual property violation.

    Accepted Solution

    I can unlock the drive and access all the data. If fixmbr is run before unlocking the drive, data is lost. I just need a method to copy a good Mbr$ to the drive. How can I access it's location? It's not a matter of hacking.
    LVL 46

    Assisted Solution

    Then that is easy.  Boot the system to windows and find a shareware Binary hex Editor program that will let you access the physical drive.  Then just copy/paste physical block 0.

    Or you could make a bootable USB stick with linux, and use the dd program to copy the bytes from a file or another disk and set source/destination block numbers.  If you are not a unix person, I'd just go with the path that uses windows.
    LVL 77

    Assisted Solution

    by:David Johnson, CD, MVP
    Best solution: copy off all of the data on the drive
    from diskpart
    clean   (removes all drive information)
    format, enable checkpoint and restore data.

    The reason I suggest this is that most drive encryption software use the unused area of the mbr record to store their loader. Attempting to fix it may make the data unrecoverable.

    Author Closing Comment

    The solution by ve3ofa is the safest, but is very time intensive. Unlocking the data and doing a fixmbr \Device\HardDisk1
     on a secondary drive works

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Suggested Solutions

    Today, security is a big concern in an organization to prevent sensitive data leakage. In Outlook you can secure your Outlook items (emails, calendars, contacts and other stuff) using various techniques like by marking item as private, or you can pu…
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now