5 Replies Latest reply: Mar 29, 2012 11:09 AM by rbdudani RSS

    'System Fix' Malware infection appears to have broken safeboot

    blondemoment

      Hi Again All,

       

      I was given a laptop with a 'System Fix' Malware infection  (http://www.bleepingcomputer.com/virus-removal/remove-system-fix), I have fixed this on other encrypted machines without bother so went about the process of removal.

      Before I did any kind of fixing I rebooted the laptop to get into safemode, this is when the problem started.

      After reboot the safeboot came back with corrupted.

      I obtained the sbd from the server ont a usb and booted up with the safetech disk

      Authenticated with both and attempted an emergency boot but to no avail. (92h)

      Tried restoring the EEPC MBR, then rebooted, not joy

      Tried restoring the MBR, then rebooted, not joy

      I ran the remove EEPC program which ran very quickly, but still the 92h appeared on reboot.

      Then I think I have done something stupid.

      It wouldn't detect the algorithm used on the next safetech boot so I set it manually and authenticated from the exported sdb.

      Used algorithm 11 and not 12  and then ran a force decrypt of all sectors from 62 and it took 4 days and said completed

      But I am still getting the 92h error code

       

      Should I force encrypt the same sectors back again with the algorithm I used before I try anything else.

       

       

       

       

       

       

      Typically if the user had mentioned there was critical data on the laptop (depite that policiy is that it is stored on a server share) I would have taken it off before rebooting .....

       

       

       

       

       

       

      Using V5.2.2.4