Sorry - there is no way to fix this problem without the support from your helpdesk - it's their machine after all
You are right - you caught a root kit virus. The problem is pretty easy to solve with the right tools though (if you are using a fairly current version) - you can do a restore SBR which will make the machine bootable again, or you can remove the encryption entirely and then tackle the virus.
Neither is possible without that SDB file though.
@safeboot :- Thanks alot for your quick reply.
Is there no other way to fix it??? Any other tools/software which can help fix this?
I will loose my most crucial data because of this.......
The whole solution is designed to make it easy (for the helpdesk) to fix this - All the recovery information is pumped up to them on activation so they can recover exactly this kind of problem.
I guess you could try and find the copy of the SafeBoot MBR that the rootkit has moved - I believe TDSS puts its own code at the end of the hard disk, so start at the last sector in the SafeTech workspace and look for something that looks like an SBR (Has the word "SafeBoot" at the beginning, and ends with 55AA). If you find it, write it back to sector 0.
let us know how you get on!
We have this issue currently the solution that our site it done is
1) He retore EEPC MBR - this will resulting 92h error
2) then he do emergency boot using safetech
which was then fixed this issue..
I don't have a chance to analyze this issue further since this machine is on remote site..
So i beleive something may change the disk header which contain safeboot/eepc instructions..
Yes, the OP has a TDSS rootkit virus which replaces the MBR of the machine. Unfortunately his helpdesk does not want him to recover the data...
As directed by @safeboot , I have tried various options to locate last sector in the SafeTech workspace but cant figure out anything ........ :-(.
current versions of the TDSS rootkit encrypt their file system with RC4, they may also not store the original MBR - they might just hard code a standard one.
I think without the support of your helpdesk you're not going to be able to get anywhere here. Sorry
As mention by Safeboot/Simon you need to get SDB file to fix this or unencrypt it.