cancel
Showing results for 
Search instead for 
Did you mean: 
mauyelmo
Level 7

Endpoint prevents preboot and cannot eliminate rootkit type MBR

Hi,

I have a laptop with Endpoint Encryption. The machine got infected with a fake "System Recovery" tool for Win7 and in fact was a rootkit which modifies MBR. Can't reboot in safemode with F8 neither use Win Recovery Boot CD.

What can I do?

Thanks.

0 Kudos
3 Replies
SafeBoot
Level 21

Re: Endpoint prevents preboot and cannot eliminate rootkit type MBR

First, it's best to post in the Encryption forum, rather than the forum to help using the interface here

But, your best bet is to call YOUR IT department - they can help with repairing your machine and recovering the drive. They will probably need to simply do a decryption and MBR restore. Without knowing what version of the product you are using though, it's hard to be more specific.

0 Kudos
ajacobs
Level 12

Re: Endpoint prevents preboot and cannot eliminate rootkit type MBR

Moved to DLP for better attention.

0 Kudos
poma
Level 7

Re: Endpoint prevents preboot and cannot eliminate rootkit type MBR

Hi,

if i understood you right, your EEPC MBR was broken. In this situation you need to do these steps:

0) read the EETech user guide !!! think and read again!

1) make and boot from EETech Standalone only CD

2) perform authorizing with daily authorization code, perform authentication with recovery file (it is easy if you have not problem with USB activation on your laptop, like SONY VIAO).

3) start the Emergency Boot process. it will say, that system information was not found and ask you to find it. Click Search and wait about 1-6 hours.

4) after the number of sector was found, eetech performs operating system boot.

5) make ePO synchronisation (send 2 wakeup calls). wait some time before you will see active state of this system in ePO console. Ok, your MBR should be restored.

enjoy

0 Kudos