1 What is current status when you boot system ? (safeboot screen ? or blank screen ?)
PS:. if safeboot screen is not there you will need .SDB file for this machine from server to decrypt it
fixboot just resets the MBR - so far more changes than that must have occurred.
if usually you have to authenticate with the pre-boot, then one day you got that windows error without authenticating then somehow an OS was installed on your machine - perhaps a recovery console?
regardless though, the correct response from your IT team was an emergency boot, or a decryption - that will fix the problem you describe.
However, if something other than fixboot has affected the machine, we would need to know what that was to suggest the solution to it.
You can't usually get the pre-boot screen after doing a fixboot - that's impossible as fixboot changes the MBR - how did you run fixboot though? Off a recovery CD?
are you sure you're not suffering from a root kit virus?
First of all thank your for your replies, keep them coming !
I booted off Windows XP CD and ran fixboot from recovery console.
My laptop is/was set up in such a way that I always have to authenticate with pre-boot (have to enter my ID and password into a McAfee window before
This McAfee window (I need to be very graphic here) always shows up .
Even after I ran fixboot and tried to boot the machine again this window came up, I have entered my credentials than I got "missing operating system "message.
Nothing elese was done on the laptop so I have no clue what could have affected it ?
The laptop is protected by McAfee anti-virus , never had any issues.
Hoe does root kit virus manifest itself ?
When I boot the machine first I have to authenticate, I get (McAfee window/screen ) , I enter my ID and password, it accepts it
Next goes to a black screen and on the top of it it say "missing operating system"
sounds logical. Your IT team will either need to decrypt the machine and then re-fix the boot sequence, or copy the data off and reimage. The fact the pre-boot still works is a good thing since they won't need to use any possibly outdated information from their systems.
Yes it works , and lets hope it is a good thing but the question is WHY does it work ?
I read in McAfee FAQ's (BTW can you copy and paste on to this site , if so how ?)
about the Endpoint Encryption product that fixboot command destroys pre-boot and an emergency
procedure need to be used, (there is no McAfee window/screen) therefore why my pre-book works ?
The IT guy tells me that he removed the encryption but sees 160GB HD with no data on it.
BTW to make it clear we are working with 2 clones here , original drive has NOT been touched.
One drive has IT one drive I have at home.
Last night I ran EaseUS Partition recovery on the encrypted clone and it found FAT16 partition
so I have restored it.
The drive looks llike this now:
This drive is connected via USB dock to my home laptop.
So right what I have at home and what you see on the pictures is a drive with a restored boot sector but still being encrypted.
Should I give it to IT guy to decrypt this one ?
nope - your partition recovery tool found the FAT32 records for the pre-boot file system. Unfortunately, it's not stored as a real partition, so all it will be able to do is recover the root folder structure - none of the files will work or be recoverable. It's messed things up even more so discard this - it's worthless and no help whatsoever.
You need to give your IT team a full binary image of your whole drive, not a partition image (or the real drive) and they need to do either an eboot or a decryption. Tinkering will get you nowhere.
What tool/program would you recommend for taking "full binary image" ?
As far a tinkering , I am learning and it is a good thing ..
I used to use Ghost many years ago - but sorry, It's not something I've done in years.