Boot or boot sector viruses

 

What is the boot sector?

The boot sector is a very important area of a floppy disk (boot) or hard disk (MBR – Master Boot Record) as it contains information on the disk type. This sector contains a program that is run when the computer is started up, and whose function is to determine if the disk contains an operating system and execute it.

 

When a computer is started up, it first tries to load the program located in the boot sector, so that it executes the operating system. Once the operating system is run, the computer is said to be booted and you can begin to work with it.

 

What does a boot virus infect?

A boot virus infects the program located in the boot sector. This way, the virus is run every time the computer is started up, either from a floppy disk or the hard disk.

There are some viruses that belong to several categories and which are therefore capable of infecting both the boot sector and files.

 

How can a computer be infected by a boot virus?

In order to become infected with a boot virus, you must start up or try to start up the computer from an infected floppy disk. It is very important to note that, although a disk may NOT be a boot disk, it can still cause a boot virus infection, since the attempt to boot up the computer alone is enough to produce the infection.

 

How does a boot virus work?

When you boot or attempt to boot your computer from an infected floppy disk, the virus is executed. The virus then reserves a space in the memory and installs itself there. Then, the virus immediately runs the original boot-sector program so that everything appears normal and the user does not suspect the presence of the virus.

 

From then on, all access to a hard disk or floppy disk will be intercepted by the virus. It will check whether the disk is infected or not, and if it isn’t, the virus will infect it. This means that if the computer was booted or an attempt was made to boot it using an infected floppy disk, as soon as the hard disk is accessed it will be infected. Then, whenever the computer is booted from hard disk, the virus will be executed and more floppy disks will be infected, ensuring the propagation of the virus.

 

How to prevent a boot virus infection

The best form of protection is to always have a completely up to date IT security solution installed. If the automatic protection is enabled and you scan every floppy disk before you use it, it will be very difficult for a boot virus to get into your computer.

 

There is a very simple way of providing an additional guarantee against accidentally booting a computer with a floppy disk unknowingly left in the disk drive. This consists of placing the boot sequence in the BIOS in such a way that the computer always attempts to boot from the hard drive first and then from the disk drive.

 

For more information about viruses consult the Virus Encyclopedia, on the Panda Software website (www.pandasoftware.com/virus_info/encyclopedia).