My PC was infected by virus, after restarting my machine its giving error "enpoint encryption for PC is not installed - error 0ex0050001"
I have gone through all discussions in forum related to this error. I had discussed this with my IT help desk but like always..i have got one standard answere " reimage your PC" as they dont want to take the hassle.
I have some real crucial data on my laptop and cant afford to loose it. I have gone through the procedure of SafeTech but i think you need to dowload .sdb file from Endpointpoint encryption manager (which i think is a central console for managing EEPC) and i dont have access to it and like a complete mess nobody in our organisation knows from which part of the world this is being managed for our PCs.
However, i have managed to get credentials of our support group to get access to mcafee support portal to download Authorization code of the day...
Is there any way i can decrypt my hard disk without downloading configuration file (.sdb) from EEM. ...........Or can i access EEM from any other client machine running EEPC??? I am not adminstrator but just a client user / end user.
I would really appreciate if somebody could guide me how to go about it with step by step procedure. I am a techy guy and have recovered some nasty HDD glitches in the past but this is first time with encryption.
Sorry - there is no way to fix this problem without the support from your helpdesk - it's their machine after all
You are right - you caught a root kit virus. The problem is pretty easy to solve with the right tools though (if you are using a fairly current version) - you can do a restore SBR which will make the machine bootable again, or you can remove the encryption entirely and then tackle the virus.
Neither is possible without that SDB file though.
@safeboot :- Thanks alot for your quick reply.
Is there no other way to fix it??? Any other tools/software which can help fix this?
I will loose my most crucial data because of this.......
The whole solution is designed to make it easy (for the helpdesk) to fix this - All the recovery information is pumped up to them on activation so they can recover exactly this kind of problem.
I guess you could try and find the copy of the SafeBoot MBR that the rootkit has moved - I believe TDSS puts its own code at the end of the hard disk, so start at the last sector in the SafeTech workspace and look for something that looks like an SBR (Has the word "SafeBoot" at the beginning, and ends with 55AA). If you find it, write it back to sector 0.
let us know how you get on!
We have this issue currently the solution that our site it done is
1) He retore EEPC MBR - this will resulting 92h error
2) then he do emergency boot using safetech
which was then fixed this issue..
I don't have a chance to analyze this issue further since this machine is on remote site..
So i beleive something may change the disk header which contain safeboot/eepc instructions..
Yes, the OP has a TDSS rootkit virus which replaces the MBR of the machine. Unfortunately his helpdesk does not want him to recover the data...
no, no plans within EEPC to do AV type protective things. Rootkits can bypass such methods much the same as they get around AV products. We though already back up the MBR and SBR in the products to allow recovery from this kind of scenario, so as long as you have your recovery information it's simple to fix.
As directed by @safeboot , I have tried various options to locate last sector in the SafeTech workspace but cant figure out anything ........ :-(.