Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Data recovery after blue screen with PGP

Created: 23 Feb 2013 • Updated: 25 Feb 2013 | 2 comments

I have Dell laptop that is running Windows XP that was encrypted with PGP WDE 10.1.2 (Build 50). During startup yesterday, I put my password in, and just as soon as it got to the Windows XP loading screen, I had a instant flash of blue screen and then a reboot.

The blue screen error is a page fault in nonpaged area I found when I used the stop reboot on blue screen option.

The hard drive was removed from said laptop, and connected to another PGP WDE laptop with a external HD dock. PGP came up and asked me for my password, and as soon as I entered it I get the same blue screen and reboot.

After coming back up, I checked the drive health from disk management before entering my PGP password and Windows said the drive was good, and showed me the correct status.

After looking online I found the article at http://www.symantec.com/business/support/index?pag... and used a boot disk to run this procedure. The procedure seemed to work perfectly, however now when I connect the drive back to another PGP WDE machine I do not get a PGP password prompt. I get nothing at all. When I check the disk health, It shows 100% free and asks me to format, so I know my MBR is now wiped clean. I think my MBR is now gone, but did not get repaired.

Any suggestions on where I can go next to try to recover my data? Any help or assistance is appreciated.

Operating Systems:

Comments 2 CommentsJump to latest comment

Tom Mc's picture

I would try the WDE Recovery CD for decryption. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Ben's picture

http://www.symantec.com/business/support/index?pag... says the following:

WARNING:  Using a fixmbr will wipe a MBR clean.  If you are unsure of other applications that are using the MBR you should create a ticket and explore if there are any other options before proceeding with this fix.  Backups should always be on hand before performing this operation as this could lead to a loss of data.   If backups have not been created you will need to make an image of your disk, and transfer that to a new drive.   Use the drive with the image for all testing and troubleshooting so that the original remains intact.

There is a reason that disclaimer is in there. Running a command like pgpwde --fixmbr will overwrite your master boot record. Unfortunatley that is where store the pointers to our user data which is used to access your session keys to decrypt your data. 

I would recommend hooking that drive you want to try and recover back up to another machine with PGP WDE on there and run the following command from a command prompt in windows (once the drive is attached)

c:\program files\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

or if it's 64-bit:

c:\program files (x86)\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

In the future, always try and make a backup of the files on an encrypted drive before changing anything to do with the partioning, modifying the MBR, or attempting to decrypt the disk (if possible).

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.