Veracrypt Bootloader Remains After System Disk Restore
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Long story short, due to a failed update, I deleted the Veracrypt encrypted partition, so I restored a previous disk image (1 month ago). I used Paragon Hard Disk Manager.
The system works fine. Obviously, I lost file encryption because the image is created from within Windows, and Paragon doesn't support Veracrypt. So every time I restore an image of my system, I also have to re-encrypt everything (but that's another story). Of course, the old disk image also contained the EFI partition with the Veracrypt bootloader, which now starts and asks me for my password and PIM, but it's useless, so I press ESC and continue to unencrypted Windows 11.
So, I want to remove the annoying Veracrypt boot, so I delete the EFI partition and create a new, clean one with a clean boot without Veracrypt, using the bcdboot and bootrec commands from a USB stick with Windows24h2.
So far, so good. At this point I have a normal Windows 11 system: an EFI partition (100MB), a Microsoft Reserved partition (16MB), my Windows 11 partition from a month ago, and the recovery partition (700MB).
Now listen; I realize I have a more recent image (1 week ago), and I decide to use it and overwrite the current Windows 11 partition—not the entire disk, just the Windows partition, leaving the other partitions intact. I reboot and the system boots with a more recent Windows system. I completely uninstall Veracrypt (1.26.20) because I want to upgrade to a more recent version.
I reboot again and BOOM! The Veracrypt bootloader magically reappears. I checked, the clean EFI partition has been completely rewritten, and now a Veracrypt folder has been created again.
BEFORE: GPT System Partition (100MB): EFI folder = Boot, Microsoft
AFTER: GPT System Partition (100MB): EFI folder = Boot, Microsoft, Veracrypt. In the Boot folder, bootx64.efi has been replaced and the original file has been renamed to "original_bootx64.vc_backup".
Now, explain how this is possible. WHERE did the system get the old EFI partition files from? Is there a folder in Windows that restores and modifies the EFI partition? And this even AFTER uninstalling the Veracrypt program from Windows?
Last edit: standard user 2026-02-28
If your 1 week ago restore of the Windows OS partition still contains the installation of VeraCrypt software, you can attempt the procedures below.
The procedures in the link below is for the VeraCrypt bootloader not being removed after a successful VeraCrypt permanent system decryption.
However the removal procedures should work for your system disk restore scenario when the VeraCrypt bootloader is restored as long as VeraCrypt software is still installed.
I do not know if the procedures in the link below will work if you have to install VeraCrypt software using the same version when you had for your VeraCrypt system encryption. You mentioned using 1.26.20 version.
Do not use the VeraCrypt Rescue Disk. Only use the VeraCrypt GUI.
https://sourceforge.net/p/veracrypt/discussion/technical/thread/fd044d25e8/?limit=25#8a97
Last edit: Enigma2Illusion 2026-02-28
Yes, 1.26.20. Thanks for the reply, I had already tried that, before deleting and recreating the EFI partition from scratch. This doesn't work, simply because Veracrypt sends this message (and it's right).:
"the system partition/drive does not appear to be encrypted"
https://imgur.com/a/JUf4FR2
I didn't want to make it long in the first post, but right after I also tried to use the rescue disk to decrypt the partition (which obviously wasn't encrypted anymore), just to see if it removed the bootloader, and it started doing its job, only it made the system unbootable, it destroyed it, so I simply deleted the partition again. The bootloader obviously remained. That's why I finally reset the EFI partition. I can still do it, of course, but this isn't something that should happen; it's not within everyone's reach. It took me many hours.
Last edit: standard user 2026-02-28
The fundamental problem for me is understanding why a completely clean EFI partition was rewritten by the Veracrypt bootloader, how is this possible ? Veracrypt 1.26.20 had already been uninstalled from the system by that point.
Really, guys, how is this possible ? Does Veracrypt create hidden backups somewhere?
Last edit: standard user 2026-02-28
Using your browser search feature on the Release Notes to search for the term "bootloader", you will find references to enhancements to fix the VeraCrypt bootloader during MS OS upgrades and fix the missing VeraCrypt bootloader.
Maybe the copies of the original MS and VeraCrypt bootloaders are stored in the
%ALLUSERSPROFILE%\VeraCrypt\ directory.
https://veracrypt.jp/en/VeraCrypt%20System%20Files.html
Last edit: Enigma2Illusion 2026-02-28
Yes, there are backup files in that folder and others, BUT I think I've figured out the main problem.
Veracrypt writes files to the EFI partition and the UEFI NVRAM.
If you delete the partition or disk WITHOUT decrypting it first (i suppose), the BIOS/UEFI NVRAM simply remains intact. If you then rewrite/delete the partitions as i did, you also have to go into the BIOS/UEFI and save the configuration with F10.
In fact, even using BOOTICE from inside Windows11, the UEFI values still showed a Veracrypt entry that shouldn't be there.
Basically, you have to reboot the PC, go into the BIOS/UEFI, and save the new configuration with F10, otherwise the NVRAM won't be updated.
I think this could be a useful information.
Last edit: standard user 2026-03-02
Maybe I forgot to mention that once the encrypted partition is deleted/restored without being decrypted first, and the VeraCrypt bootloader remains in the EFI partition, it cannot be removed even via the Rescue Disk's boot menu. https://imgur.com/a/85FpnSX
z) Remove Veracrypt loader from boot menu , the selection is ignored and nothing happens.
Last edit: standard user 2026-03-14
Now I'd like to understand how you folks use Veracrypt, because it's unthinkable to use a program like this without also using some kind of disk imaging program.
So, every time you restore a disk image (and this image isn't encrypted because there are no imaging programs that support Veracrypt), the Veracrypt bootloader is still causing problems?
Can you explain to me how the developer thinks this problem should be handled ?
Last edit: standard user 2026-03-14