did you grab the MBR before you replaced it? It would tell you if you had a root kit virus or not.
But, if replacing the EEPC MBR results in a 92H, then absolutely, it's not the right MBR for that machine - maybe there's another object in your DB for the machine?
I did not pull the MBR, but I have another drive in the same situation (we were tentatively thinking rootkit anyway). Are there instructions anywhere on how to do this?
In terms of the object database, we had the correct one, but I'll do some digging in our database to see what I can find.
I would decrypt the machine, boot off WinPE, get the users data off then reimage it unless you needed to do forensic analysis on the virus, or were happy to spend time removing it.
Ideally, we would do that, but the volume of the "EEPC is not installed" is increasing in a particular Business Unit, and they have requested investigation. I'll just hand it over to our forensics team - the queston was mostly for my own curiousity/ learning
most likely you have caught the TDSS virus and it's slowly moving through your organization