Boot sector Virus
A boot virus (also known as a boot infector, an MBR virus or DBR virus) targets and infects a specific, physical section of a computer system that contains information crucial to the proper operation of the computer’s operating system (OS).
Boot viruses were common in the early 90s.The boot sector viruses have become obsolete ever since the dissolution of floppy disks. Besides, today’s operating systems incorporate boot-sector protection which makes it difficult for boot sector viruses to infect them. They became much rarer after most computer motherboard manufacturers added protection against such threats by denying access to the Master Boot Record (the most commonly targeted component) without user permission.
However, of late, we see advanced ones come with dodging capabilities that help in bypassing antivirus software and other advanced levels of defenses.
In recent years, more sophisticated malware have emerged that have found ways to circumvent that protection and retarget the MBR (e.g, Rootkit:W32/Whistler.A).
Symptoms of Boot Sector Virus
Sometimes your machine may misses to start up or to connect with the hard drive. Additionally, failure broadcasts such as “Invalid system disk” may appear on your machine.Then your machine is infected with Boot sector virus.
A boot sector virus can cause a variety of boot or data retrieval problems. In some cases, data disappear from entire partitions. In other cases, the computer suddenly becomes unstable. Often the infected computer fails to start up or to find the hard drive. Also, error messages such as “Invalid system disk” may become prevalent.
How a Boot Sector virus Infects
The boot sector virus embeds its starting code in the boot sector of a storage device. The virus moves into the system memory once the computer attempts to read and execute the program in the boot sector.
In this way, the virus can take control of basic computer operations. Once in memory, the boot sector virus can spread to other drives, such as floppy and network drives.
All boot viruses are memory-resident . When an infected computer is started, the boot virus code is loaded in memory. A boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory, the boot virus can spread to every disk that the system reads. Boot sector viruses are typically very difficult to remove.
Once resident in memory, a boot virus can monitor disk access and write its code to the boot sectors of other media used on the computer. For example, a boot virus launched from a diskette can infect the computer’s hard drive; it can then infect all diskettes that are inserted in the computer’s floppy drive
A boot sector virus can cause a variety of boot or data retrieval problems. Data may disappear from entire partitions. In some cases, the computer suddenly may becomes unstable. Most of the times infected computer fails to start up or to find the hard drive. The error messages such as “Invalid system disk” is common as explained earlier.
Precautions to save from Boot Sector Virus
Follow the suggested guidelines to steer clear from the boot sector virus attacks.
- Do not open an email attachment unless you were expecting it and know whom it’s from.
- Do not open any unsolicited executable files, documents, spreadsheets, etc.
- Never open files with a double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
- Always have an antivirus program installed on your computer. See to that your virus protection program is up-to-date.
- Back up your files, so that you can restore them if a virus damages them.
- Keep your original application and system disks locked (write-protected). This will prevent a virus from spreading to your original disks.
- Quarantine any infected computer. If you discover that a computer is infected with a virus, immediately isolate it from other computers. Disconnect it from any network it is on. Don’t allow anyone to copy or move files from it until the entire system has been reliably disinfected.