boot sector

What it does

A boot sector virus infects or substitutes its own code for either the DOS boot sector or the Master Boot Record (MBR). The MBR is small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk.

Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory the boot virus can spread to every disk that the system reads.

Symptoms

A boot sector virus can cause a variety of boot or data retrieval problems. In some cases, data disappears from entire partitions. In other cases, the computer suddenly becomes unstable. A common problem is failure to start up or to find the hard drive.

How it spreads

A boot sector virus is usually spread by infected floppy disks. In the past, these were usually bootable disks, but this is no longer the case. A floppy disk does not need to be bootable to transmit the virus. Any disk can cause infection if it is in the drive when the computer boots up. The virus can also be spread across networks from file downloads and from e-mail file attachments. In most cases, all write-enabled floppies used on an infected PC will themselves pick up the boot sector virus.

In the past, setting the computer to boot first from the C:\ drive and then the A:\ drive was a reasonable precaution against boot sector viruses. This is no longer the case. Viruses are now more dangerous and spread much more easily.

Some CMOS setups can be configured to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if you need to reinstall or upgrade the operating system, you will have to change the setting back to make the MBR writable again.

For more information on boot sector viruses and viruses in general, see:

http://www.faqs.org/faqs/by-newsgroup/comp/comp.virus.html

Precautions and damage control

Prevention is usually a matter of vigilance and avoiding contact with unknown disks. The following suggestions will help keep your systems and data safe:

Install virus detection software on your computer. In general, anti-virus programs do two things:

Scan for and remove viruses in files on disks.
Monitor the operation of your computer for virus-like activity. This can be either known actions of specific viruses or general suspicious activity.

Most anti-virus packages contain routines that can perform both tasks. A good virus protection software package is Norton AntiVirus.

Back up your files, so that you can restore them if a virus damages them.

Note: If you back up a file that is already infected with a virus, you can re-infect your system by restoring files from the backup copies. Check your backup files with virus scanning software before using them.

Keep your original application and system disks locked (write-protected). This will prevent the virus from spreading to your original disks.

If you must insert one of your application floppy disks into an unknown computer, lock it first. Unlock your application disk only after verifying that the computer is free of viruses.

Obtain public-domain software from reputable sources. Don't download software directly to a hard disk. Rather, save it to a floppy disk, lock the floppy disk, and check it thoroughly using reputable virus detection software. Don't copy it to your hard disk until you know it is safe. This can also help protect you from Trojan horse programs.

Quarantine any infected computer. If you discover that a computer is infected with a virus, immediately isolate it from other computers. In other words, disconnect it from any network it is on. Don't allow anyone to copy or move files from it until the entire system has been reliably disinfected