cancel
Showing results for 
Search instead for 
Did you mean: 
catchyy
Level 7

SafeBoot decrypt/remove without token on safeboot server - Machine Error:0xe0050001

My Dell laptop has Safeboot installed and everything was fine until a virus attack. Now when I power on the laptop,

I am only getting a SafeBoot dialog box with the title 'SafeBoot Error' and with the contents

Error:0xe0050001

SafeBoot is not installed

and with an 'OK' button.

My IT folks found that the option to recover it is by decrypting/removing using a Wintech recovery bootable disk.  It requires 2 things, an authorization code which can be obtained from McAfee and a systemkey information to authenticate.

When looked on the safeboot server for the machine's token,it’s not there anymore.  The token might have been removed during a database cleanup performed over a 1 month period.

They even checked the deleted folder, but couldn't find it there.

We have tried everything possible, aside from sending the hard drive out for data recovery, which at this time is too expensive. 

Any other suggestions that we could use to recover the data?  Any help would be greatly appreciated.

Thanks much!

0 Kudos
3 Replies
SafeBoot
Level 21

Re: SafeBoot decrypt/remove without token on safeboot server - Machine Error:0xe0050001

Yes, it sounds like you caught a Rootkit which has relocated the original MBR of your machine.

Without the key from the SafeBoot Management system, the drive cannot be recovered - even if you send it off to a recovery agency, there's no way they could decrypt the data.

The only thing you can do is try to reverse what the virus has done - the original SafeBoot Boot Record is still on the drive (as proven by the error message you are getting) - if you can find it, and put it back in sector 0, you'll be able to boot the machine again.

Unfortunatly, the most common root kits maintain their files in an encrypted state (TDSS for example) so the chance is slim that this is possible.

Sorry - this is why we maintain a backup of everything in the management center, and it even has a recycle bin. Maybe your company keeps backups of this data in case of disaster and you can get the key from there?

0 Kudos
catchyy
Level 7

Re: SafeBoot decrypt/remove without token on safeboot server - Machine Error:0xe0050001

I believe this needs to be done by connecting this hard drive to another PC and fix it.

Can you suggest any tools that can help in fixing the boot record?

Appreciated.

0 Kudos
SafeBoot
Level 21

Re: SafeBoot decrypt/remove without token on safeboot server - Machine Error:0xe0050001

Sorry no, I have no suggestions on how to recover from this problem unless you can find that recovery record.

0 Kudos