Boot viruses

Boot viruses

What is the boot sector?

The boot sector is a very important area of a diskette or hard disk, as it contains information on the type of disk in question. In addition, this sector contains a program that is run when the computer is started up, and whose function is to determine if there is an operating system present and if there is, to execute it.

Therefore, when a computer is booted up, it first tries to load the program located in the boot sector, so that it executes the operating system. Once the operating system is run, the computer is said to be booted up and the user can begin to work with it.

What does a boot virus infect?

A boot virus infects the program located in the boot sector. This way, the virus is loaded each time the computer is started up, whether from a diskette or the hard disk.

It is important to keep in mind that there are viruses that belong to several categories, and which are therefore capable of infecting both boot sectors and files.

How can a computer be infected by a boot virus?

In order to become infected with a boot virus, you must start or try to start up the computer from an infected diskette. It is very important to note that, although a disk may NOT be a boot disk, it can still produce a boot virus infection since the attempt to boot up the computer alone is enough to produce the infection.

How does a boot virus ôworkö?

When you boot or attempt to boot your computer from an infected diskette, what actually happens is that the virus is executed. The virus then reserves a space in the computerÆs memory and ôinstallsö itself there. Once in place, the virus runs the original boot-sector program. This way, everything appears as normal and the user remains unaware of the presence of the virus.

From this moment on, all access to a hard disk or diskette will be intercepted by the virus. It will check to see whether the disk in question is infected or not, and if it is not, the virus will infect it. This means that if the computer was booted up or an attempt was made to boot it using an infected diskette, as soon as the hard disk is accessed it will be infected. Therefore, all subsequent boots performed from the hard disk will execute the virus, thus infecting more diskettes and ensuring the propagation of the virus.

How to prevent a boot virus infection

The best form of protection is to always have a properly updated antivirus installed. If a permanent protection system is in place and you scan every diskette prior to use, it will be very difficult for a boot virus to enter your computer.

There exists a very simple method of providing an additional guarantee against accidentally booting up a computer with a diskette unknowingly left in the disk drive. It consists of placing the boot sequence in the BIOS in such a way that the computer always attempts to boot first from the hard drive and then from the disk drive.