This project has moved. For the latest updates, please go here.

verification of bootloader fingerprint failed

Topics: Technical Issues
May 30, 2016 at 7:29 AM
Hi,

I have just started my Windows 7 notebook and received the message "WARNING: The verfication of Veracrypt bootloader fingerprint failed! Your disk may have been tempered with by an attacker.".

This is my private notebook. I did shut it down yesterday evening and it is near to be impossible that somebody broke into my house and gained physical access to it (besides that, I couldn't think of a reason somebody wanting to do that). I did not restore the bootloader, neither did I install anything yesterday.

Are their other possible reasons which could cause this warning? E.g. a rootkit, trojan or something similar? I did already check my notebook with GMER and Malwarebytes Anti-Malware. I would call myself pretty careful, I have an adblocker installed and I am using NoScript for years. But you never know.

Your help would be much appreciated!

crus
Jun 25, 2016 at 10:09 PM
I stopped using noscript some time ago, I use policeman instead.

Noscript has been known, at least once, to continue to white list a domain name that was allowed to lapse; what that means is that somebody else could have snaffled the lapsed domain name and then start wreaking havoc.... and the new owner will be white listed already. It probably isn't the reason for your trouble though, but it might be worth rethinking noscript.
Jul 15, 2016 at 1:10 PM
I decided to take this older thread back to life instead of creating new one, because now this happened to me too right now, just between restarts, on a clean windows 10 install (testing machine). Windows are clean except I have autocad installed, because I needed to check, if the old version of autocad we have will still work on a windows 10 64-bit. Of course I used the orginal DVD of windows and autocad.

Either autocad uses some nasty software protection, which tampers with boot loader, or there is something wrong with veracrypt, or I'm under surveillance too and my veracrypt setup has been compromised, but the checksum seems to be ok. I have veracrypt beta 9 (non uefi) obtained from sourceforge.

I remember there have been other compaints in this forum. Any ideas what can cause this?
Jul 15, 2016 at 1:41 PM
To all,

Have you check if your software uses FLEXnet Publisher/SafeCast?

Are you using cascades encryption algorithms for system encryption?

https://veracrypt.codeplex.com/wikipage?title=Incompatibilities
Jul 15, 2016 at 1:54 PM
Thanks. I'm not using cascades, only AES (hw accelerated), it's a testing machine.
Sep 26, 2016 at 5:47 AM
I have a similar issue a few months back and I have done more tests in order to single out or identify the issue. Anyone interested can see my update in this thread.

https://veracrypt.codeplex.com/discussions/658026

Thanks.
Sep 26, 2016 at 5:57 AM
For anyone who suspects the Evil Maid Message might be just false positives caused by 3rd party softwares in their OS, perhaps he/she can do the following.

==>>>If you suspect your Evil Maid issue was caused by having 3rd party softwares in your Windows (e.g. autocad like user testoslav mentioned above), perhaps you can re-install Windows afresh again, then install VC, and create the hidden system without any 3rd party softwares or even Windows updates applied yet. Then start the barebone Windows after hidden OS is created and see if the Evil Maid message comes up. This will help you single out any false positives caused by any 3rd party softwares or even Windows drivers because there are now NONE on your system. If you still experience the same Evil Maid message with such set up, then probably there are just 2 possibilities

1) Your bootloader or your computer/hard drive/motherboard/CPU etc has a potential risk issue and/or being compromised
2) VC might have an issue and thus causing the false positive when creating a hidden OS.

Let's hope 2) is the case as this can be fixed. If it's the case, then I hope VC will check and see what the issue is as there seems to be a few users experiencing the same issue. Thanks.