I think I accidently deleted the VeraCrypt boot loader. Really hope, that someone could help me here.

Topics: Technical Issues
Nov 13, 2015 at 12:15 AM
Edited Nov 14, 2015 at 3:46 PM
Hi, I am relly desperate at the moment as I think that I did something really foolish. My OS System drinve (C:) is encrypted with VeraCrypt. A couple hours ago after cleaning (log files, cache) Windows7 with TuneUp Utilities, I couldn't boot Windows 7 anymore and also getting "Startup Repair cannot repair this computer automatically"

I searched the web and found: http://answers.microsoft.com/en-us/windows/forum/all/startup-repair-cannot-repair-this-computer/718e1c0c-a907-404e-b48e-700e4e65c248?auth=1 where I tried the first suggestion, clicking on "Command prompt" and entered following commands:
bootrec /fixmbr
and
bootrec /fixboot
Now, I'm was not asked for my VeraCrypt password anymore and got this screen: https://i.imgur.com/JugqHOH.jpg

I thought that I accidently deleted VeraCrypt's boot loader and tried to load VeraCrypt's Rescue Disk (tried with 2 different ones) but am getting this: https://i.imgur.com/IwwlGO4.jpg
VeraCrypt Boot Loader
Disk Error
Disk Error
Disk Error
Loader damaged! Use Rescue Disk: Repair Options > Restore VeraCrypt Boot Loader_
I have a CD-Rom drive, 2 VeraCrypt Rescue Disks and one Windows 7 DVD (I can boot from it but it doesn't see C: drive where the enrypted Win7 is currently installed) --- and some hope that one of you guys may have an idea what I can try. I really need my laptop for work and have not the slightest idea what I did and how to fix what I did. Thanks a lot in advance.
Coordinator
Nov 13, 2015 at 6:30 PM
Hi,

Did you really boot from the rescue disk? And if you what repair option did you use?

With any rescue disk, you can restore VeraCrypt bootloader since it has a fixed value. So, this is the first thing to do and thanks to this you will have a correct VeraCrypt bootloader.
If the password doesn't work with this restored VeraCrypt bootloader, this would mean that the key header was damaged. In this case, it is very important to use the correct rescue disk in order to restore the volume header (you seem to have two so you must use the correct one).

With these two simple steps, you should be able to boot into Windows again.
Nov 13, 2015 at 11:25 PM
Edited Nov 14, 2015 at 12:42 PM
Hi Idrassi, thank you for answering. I am booting from the Rescue Disk and getting this message with both Rescue Disks (one created when first encrypting the C: volume and the second one after updating VeraCrypt to the latest version) : https://i.imgur.com/IwwlGO4.jpg

Some people who got the same error suceeded to boot successfully by switching their HDD to Legacy IDE in Bios. I tried this as well with my SSD but still getting the same error message. I do not get any repair option, only the screen that you see on the screenshot above. Tried F8 without any result. I have to say that my SSD was very slow in the last weeks but I couldn't boot Windows 7 anymore just after "cleaning" some log files and cache with TuneUp Utilities. I can access files with a Linux Boot CD (Knoppix) on my unencrypted D: volume. Any help is very much appreciated.
Nov 14, 2015 at 2:25 AM
Edited Nov 14, 2015 at 2:51 AM
Hello,

It appears from the error message that your PC did not boot from the VeraCrypt Rescue Disk. You may need to change the boot order in the BIOS to start with the CD/DVD first then the HDD/SDD.

This will allow your PC to boot from the Rescue Disk to get the menu items on the Rescue Disk.

Then as Mounir Idrassi outlined, restore the bootloader and remove CD to reboot from HDD/SSD. If password fails, insert the correct Rescue Disk, boot from the Rescue Disk and restore the header key. Remove CD and reboot.

I hope this helps you.

Kind Regards.
Nov 14, 2015 at 12:20 PM
Edited Nov 14, 2015 at 12:21 PM
Hi, I definitely boot from the VeraCrypt Rescue Disk and getting:

VeraCrypt Boot Loader
Disk Error
Disk Error
Disk Error
Loader damaged! Use Rescue Disk: Repair Options > Restore VeraCrypt Boot Loader

No other options available (F8/F10/F2). I booted from an UBUNTU USB Drive too where I can access my unencrypted D: Volume. But the most importand Win7 encrypted C: volume is not shown :-/

When I remove the Rescue Disk, I get this when it tries to boot from the SSD (2nd choice in BIOS): https://i.imgur.com/JugqHOH.jpg
Nov 14, 2015 at 1:02 PM
Hello,

Can you attempt to boot with the Rescue Disk in another PC to see if you get the Rescue Disk menu? Do not select any menu options. Merely test if you can boot from the Rescue Disk on another PC.

I am wondering if the Rescue Disk was not properly created which is causing the error shown in your previous posting.
Nov 14, 2015 at 3:41 PM
Hi,

I tried my VeraCrypt Rescue Disk on another laptop and am getting ESC / F8 Options and can also enter a password. Isn't this weird? What else can I try ? I read that I could try to rebuild the damaged boot loader with a software called TestDisk: http://www.cgsecurity.org/wiki/Recover_a_TrueCrypt_Volume#Corrupted_Standard_Volume_header but apparently it only works with TrueCrypt and not VeraCrypt: http://forum.cgsecurity.org/phpBB3/partition-encrypted-with-veracrypt-not-recognised-t4466.html
Nov 14, 2015 at 4:11 PM
Now it becomes an issue of determining why these Rescue Disks will not work on your bootloader damaged PC.

Are you using cascade encryption algorithms for your system encryption? This issue should have been resolved in 1.14 version.

http://sourceforge.net/p/veracrypt/discussion/technical/thread/a3ecee74/


Have you ever test booting from the Rescue Disks previously on the PC?
Nov 14, 2015 at 4:32 PM
I remember choosing the most basic AES encryption (first option in the list) for speed reasons.
The second Rescue Disk was created when I updated VeraCrypt to 1.0f-2

I have never tried to boot from the Rescue Disks on the damaged laptop before.
Nov 14, 2015 at 6:39 PM
Edited Nov 14, 2015 at 6:58 PM
Are the Rescue Disks created by VeraCrypt to CD/DVD?

Sorry, I am out of ideas since you have already tried switching the BIOS from AHCI to IDE Legacy.

Clearly an error being returned by the Rescue Disk repeating the "Disk error" three times.

Do you have another other disks connected to the laptop that can be disconnected for attempting to use the Rescue Disk?

Do you have three partitions on the system drive? Maybe System Reserved, C and D partitions?

I am puzzled by the three repeated "Disk error" messages that might provide a clue.

PS: Do not attempt to replace/repair the boot sector except with the Rescue Disk.
Nov 14, 2015 at 7:58 PM
The Rescue Disks were created by VeraCrypt (CD).

It's just called "IDE" in my BIOS. Do you think a BIOS update might change anything?

What do you mean by "other disks conntected to the laptop" ? It's just the internal SSD with two volumes (Windows 7 on C: encrypted and D: unencrypted which can be accessed).

Here's what Ubuntu shows me: http://imgur.com/Eky41F7
New Volume is my D: volume
Then "System Reserved" (in Russian for some reason) under it, inside "Boot": http://imgur.com/WSYcXh2 and inside "System Volume Information": http://imgur.com/4qEdmo3
Computer: http://imgur.com/AfQJeJd

I posted on some other Computer forums but you had the best ideas so far. I appreciate this!
Nov 14, 2015 at 9:03 PM
Edited Nov 14, 2015 at 9:07 PM
DesperateGirl wrote:
Do you think a BIOS update might change anything?
.
Hopefully Mounir Idrassi can comment on why you are getting the three repeated "Disk error" messages since something in the Rescue Disk code is detecting some sort of error three times.
.
What do you mean by "other disks conntected to the laptop" ?
.
I did not know if your PC had another secondary drive internally or you had one or more external hard drives connected to the PC.

What version of VeraCrypt were you running?

What version of VeraCrypt are the two Rescue Disks? I know one version is from the older version 1.0f-2 from your post above. What about the other Rescue Disk version and was it made on your encrypted PC?

What is the make and model of your PC?

Sorry, I am out of ideas on what is preventing the Rescue Disks from working on your PC.
Nov 14, 2015 at 11:58 PM
I was running 1.0f-2, the other Rescue Disk was for a prior VC version, which was created by the damaged laptop.

It's an Asus Zenbook UX31E with a Sandisk U100 256GB SSD.
Coordinator
Nov 15, 2015 at 2:04 PM
Sorry for my late answer...The events that happened in Paris Friday night shocked us and the mood these days is filled with sorrow and sadness.

The message "Disk Error" is displayed by the Rescue Disk when an error is encountered during read operation of the first sectors of the system drive. It is displayed 3 times because the Rescue Disk tries the read several times but it fails every time.

The clearly indicates that there is a hardware problem with your SSD disk, at least for the C: partition. This also explains why windows could not boot anymore since he could not also perform read operations correctly. Probably, because of the cleaning operation you performed, some of the SSD cells may have died.

At this stage, the only thing you can do is disconnect this SSD disk and connect it to another PC (for example using an USB connector) and then use VeraCrypt on this other PC to mount the C: partition using the mount option "Mount partition using system encryption without pre-boot authentication". If this works, you can at least recover your data but it is possible that you will also get some errors.
Nov 16, 2015 at 11:35 AM
Edited Nov 16, 2015 at 12:14 PM
Hi idrassi,

thanks a lot for your answer! You might be on the right path, that it's most probably a hardware issue, since my SSD became slower and slower in the recent weeks. I ordered an adapter for the SSD to be able to connect it to another PC. I will post my results this weekend. Hopefully I can recover some data off C:

I encrypted my SSD with the most basic AES encryption (first option in the list) for speed reasons, so it doesn't have anything to do with this posting where the OP encounter the same "disk error" ?
Nov 17, 2015 at 10:03 PM
Edited Nov 17, 2015 at 10:07 PM
Hi, the adapter for my damaged (?) SSD came very quickly and I think I managed to mount the encrypted system drive C: by entering the password and your mentioned option. Here are the properties of the volume: http://imgur.com/00bQy6Z
How should I proceed now? Is it possible to "permamently decrypt system partition/drive" the volume to make it visible in windows explorer (right now although it's
mounted access is denied)? Or should I try to "repair filesystem" ? I also read about the tool "GetBackDate for NTFS" about data recovery which delivers good results. I'll be gone for work until Sunday, I really hope I'll be able to rescue my data with your help. Thanks a lot for your time!
Nov 18, 2015 at 1:06 PM
I would be extremely averse to doing anything that writes data to that drive. It has known errors and anything that writes to it can only magnify that. Decrypting in place will write to every sector on the drive. Don't do anything that writes data to it until you have the old data off it.

My first choice would be to do a sector-level clone of the drive onto an identical one. This, of course, requires having or obtaining an identical drive. The result of the clone will be a drive with a bootloader that may be junk data, but since the new drive will be physically good you could then use one of the earlier options to boot off the rescue disk and repair the bootloader on the cloned drive. This may give you back everything right there. On the other hand, if there are problems in the bootloader sectors on the old drive, likely there are problems throughout the drive and the clone may have damaged files througout.

Second option is to figure out why you're getting access denied trying to read from it and copy the information off it. Likely a permissions issue that can be addressed.
Nov 20, 2015 at 10:27 PM
Thanks a lot for your suggestions, Kudalufi! Option 1 is not possible, as it's very hard and expensive to get an identical SSD to clone the damaged one.
About option 2, what may I try to address the "access denied" issue? Is fhere anything else I can try? What about the things that I have mentioned in my last posting? Any advise from anyone is highly appreciated!
Nov 21, 2015 at 2:59 AM
Hello,
.
How should I proceed now?
.
Copy your data off the drive.

.
Is it possible to "permamently decrypt system partition/drive" the volume to make it visible in windows explorer (right now although it's
mounted access is denied)?
.
No, you cannot decrypt the system encryption on another machine and if your SSD is failing, the additional read/writes would be ill-advised.

You need to grant permission to access all the files on the mounted volume using the undamaged PC. Using your local Administrator account, right click the mounted volume and select Properties then click the Security tab. Click on the Edit button. Click the Add button. Add your Windows account with appropriate permissions.
http://windows.microsoft.com/en-us/windows/what-are-permissions#1TC=windows-7
.
Or should I try to "repair filesystem" ?
.
No. If the filesystem was damaged, you would not be able to view the files. The issue you are currently encountering is a permission/security issue. Again, you want to minimize the writes to drive and copy your data off the drive before performing any new writes to the drive.

.
I also read about the tool "GetBackDate for NTFS" about data recovery which delivers good results.
.
You cannot recover the overwritten bootloader or the bad sectors on the SSD.

In the future, it would be interesting if the Rescue Disk allowed bypassing the Disk error message to attempt the restore of the bootloader. If the memory cells have failed for the original bootloader, the controller on the SSD should remap to usable memory cells if you could restore the bootloader. At least in theory. :-)

Kind Regards.
Nov 26, 2015 at 5:06 PM
Hi Enigma,

unfortunately before mounting the encrypted volume "without pre-boot authentication" I don't get the security tab in the properties:

Image

And after it's mounted, and click on "properties" I get the spinning wheel for hours and rien ne va plus. These are the settings that I chose for mounting:

Image

What options am I left with to recover my desktop files? I am bit scared to keep using VeraCrypt in the future after this experience. I'm lucky that I had my most important files in the cloud.
Nov 26, 2015 at 10:17 PM
Is the security tab missing for other drives on the working PC?
Nov 28, 2015 at 1:04 PM
It's there for the other drives. Prior to mounting it prompts me to format C:, after mounting, it's the spinning wheel and no access.
Nov 28, 2015 at 1:34 PM
Sorry, I do not have any other ideas to gain access to your SSD to decrypt or mount it to retrieve your files.
Nov 30, 2015 at 4:44 PM
Edited Nov 30, 2015 at 4:45 PM
So my only chance is to do a sector-level clone of the drive? Do I really need the same SSD (SanDisk U100 256GB) or will a SSD with the same storage is fine too?
After cloning the disk, how may I try to retrieve my files from the encrypted and damaged C: volumen ? I've never done this before, sorry.
Nov 30, 2015 at 10:41 PM
Edited Nov 30, 2015 at 10:42 PM
Partial Success!
After I ticked Mount volume as read-only and Use backup header embedded in volume if available I was able to finally access the volume with Windows Explorer.
Unfortunately I can't access my User Folders (\Users\myname) as I'm getting "you don't currently have permission to access this folder" and I can't edit the security options as it's mounted as read-only. I used the work-around of just copying the User-Folder to another location, which is working and I can access all files there BUT after around 30GB it gets stuck with some long .PNG file and this is it. I believe there must be some damaged sectors, hence it gets stuck.

Is it possible, now that the volume is properly mounted as read-only шт Windows, to clone the C: drive and access the User folder this way?
I don't know how I can clone the drive though as most programs are started from CD/USB and won't see the encrypted C: volume.
Coordinator
Dec 4, 2015 at 2:40 PM
Hi DesperateGirl,

Can you please explain your comment on the other thread that VeraCrypt is not reliable in your case? Knowing that you are suffering from a disk malfunction, how do you think VeraCrypt should behave to be more reliable? Thank you for your feedback on this.