Symptoms of Boot Sector Virus
Sometimes your machine may misses to start up or to connect with the hard drive. Additionally, failure broadcasts such as “Invalid system disk” may appear on your machine.Then your machine is infected with Boot sector virus.
A boot sector virus can cause a variety of boot or data retrieval problems. In some cases, data disappear from entire partitions. In other cases, the computer suddenly becomes unstable. Often the infected computer fails to start up or to find the hard drive. Also, error messages such as “Invalid system disk” may become prevalent.
Boot sector Virus
A boot virus (also known as a boot infector, an MBR virus or DBR virus) targets and infects a specific, physical section of a computer system that contains information crucial to the proper operation of the computer’s operating system (OS).
Boot viruses were common in the early 90s.The boot sector viruses have become obsolete ever since the dissolution of floppy disks. Besides, today’s operating systems incorporate boot-sector protection which makes it difficult for boot sector viruses to infect them. They became much rarer after most computer motherboard manufacturers added protection against such threats by denying access to the Master Boot Record (the most commonly targeted component) without user permission.
However, of late, we see advanced ones come with dodging capabilities that help in bypassing antivirus software and other advanced levels of defenses.
In recent years, more sophisticated malware have emerged that have found ways to circumvent that protection and retarget the MBR (e.g, Rootkit:W32/Whistler.A).
How a Boot Sector virus Infects
The boot sector virus embeds its starting code in the boot sector of a storage device. The virus moves into the system memory once the computer attempts to read and execute the program in the boot sector.
In this way, the virus can take control of basic computer operations. Once in memory, the boot sector virus can spread to other drives, such as floppy and network drives.
All boot viruses are memory-resident . When an infected computer is started, the boot virus code is loaded in memory. It then traps one of BIOS functions (usually disk interrupt vector Int 13h) to stay resident in memory.
Once resident in memory, a boot virus can monitor disk access and write its code to the boot sectors of other media used on the computer. For example, a boot virus launched from a diskette can infect the computer’s hard drive; it can then infect all diskettes that are inserted in the computer’s floppy drive
Precautions and damage control
Follow the suggested guidelines to steer clear from the boot sector virus attacks.
- Do not open an email attachment unless you were expecting it and know whom it’s from.
- Do not open any unsolicited executable files, documents, spreadsheets, etc.
- Never open files with a double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
- Always have an antivirus program installed on your computer. See to that your virus protection program is up-to-date.
- Back up your files, so that you can restore them if a virus damages them.
- Keep your original application and system disks locked (write-protected). This will prevent a virus from spreading to your original disks.
- Quarantine any infected computer. If you discover that a computer is infected with a virus, immediately isolate it from other computers. Disconnect it from any network it is on. Don’t allow anyone to copy or move files from it until the entire system has been reliably disinfected.