i have been working on migrating our 5.x clients over to EEPC 6.2. Although we have had some bumps along the way, lately things have gotten worse as machines get caught in-between the upgrade process. Some machines are cropping up with "epeEpc has been corrupted (92h)" / "Safeboot has been corrupted (92h)" error messages. Although I have been able to easily recovery some by using the EETech Standalone CD to boot up, authorize, then authenticate with XML file in order to run an Emergency Boot, others have not been as easy. Most of the others, I have had to export the SDB file from the 5.x database, boot up with WinTech, verify disk information, and then use the disk information to verify decryption is possible using that SDB file within the workspace. Once I have verified it can be decrypted using SDB file, I need to run a force decrypt as I am unable to use any other method to decrypt due to it being caught in-between the upgrade to new version. Since I can't find any common factor with the machines that have been affected by these boot issues, I started to wonder what was really happening. I then started poking around and had the idea that bootsector / MBR malware was the cause of my issues. After decryption, I started running scans on these macnines and found them to have been infected with malware that McAfee didn't pick up.
Has anyone else run into these issues during your migration that were tied to malware infected machines?
Yes I had 3 or 4 machines that had similar issues when I migrated over, was a good way to find and clean them :-)
I think in the end we flash new BIOS and wiped the drives, but we are pretty heartless when it comes to malware cleanup.