Video Screencast Help

Data recovery after blue screen with PGP

Created: 23 Feb 2013 • Updated: 25 Feb 2013 | 2 comments

I have Dell laptop that is running Windows XP that was encrypted with PGP WDE 10.1.2 (Build 50). During startup yesterday, I put my password in, and just as soon as it got to the Windows XP loading screen, I had a instant flash of blue screen and then a reboot.

The blue screen error is a page fault in nonpaged area I found when I used the stop reboot on blue screen option.

The hard drive was removed from said laptop, and connected to another PGP WDE laptop with a external HD dock. PGP came up and asked me for my password, and as soon as I entered it I get the same blue screen and reboot.

After coming back up, I checked the drive health from disk management before entering my PGP password and Windows said the drive was good, and showed me the correct status.

After looking online I found the article at http://www.symantec.com/business/support/index?pag... and used a boot disk to run this procedure. The procedure seemed to work perfectly, however now when I connect the drive back to another PGP WDE machine I do not get a PGP password prompt. I get nothing at all. When I check the disk health, It shows 100% free and asks me to format, so I know my MBR is now wiped clean. I think my MBR is now gone, but did not get repaired.

Any suggestions on where I can go next to try to recover my data? Any help or assistance is appreciated.

Operating Systems:

Comments 2 CommentsJump to latest comment

Tom Mc's picture

I would try the WDE Recovery CD for decryption. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Ben's picture

http://www.symantec.com/business/support/index?pag... says the following:

WARNING:  Using a fixmbr will wipe a MBR clean.  If you are unsure of other applications that are using the MBR you should create a ticket and explore if there are any other options before proceeding with this fix.  Backups should always be on hand before performing this operation as this could lead to a loss of data.   If backups have not been created you will need to make an image of your disk, and transfer that to a new drive.   Use the drive with the image for all testing and troubleshooting so that the original remains intact.

There is a reason that disclaimer is in there. Running a command like pgpwde --fixmbr will overwrite your master boot record. Unfortunatley that is where store the pointers to our user data which is used to access your session keys to decrypt your data. 

I would recommend hooking that drive you want to try and recover back up to another machine with PGP WDE on there and run the following command from a command prompt in windows (once the drive is attached)

c:\program files\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

or if it's 64-bit:

c:\program files (x86)\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

In the future, always try and make a backup of the files on an encrypted drive before changing anything to do with the partioning, modifying the MBR, or attempting to decrypt the disk (if possible).

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.