Computers Byte! Online

What it does

A boot sector virus infects or substitutes its own code for either the DOS boot sector or the Master Boot Record (MBR). The MBR is small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk.

Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory the boot virus can spread to every disk that the system reads.

Symptoms

A boot sector virus can cause a variety of boot or data retrieval problems. In some cases, data disappears from entire partitions. In other cases, the computer suddenly becomes unstable. A common problem is failure to start up or to find the hard drive.

How it spreads

A boot sector virus is usually spread by infected floppy disks. In the past, these were usually bootable disks, but this is no longer the case. A floppy disk does not need to be bootable to transmit the virus. Any disk can cause infection if it is in the drive when the computer boots up. The virus can also be spread across networks from file downloads and from e-mail file attachments. In most cases, all write-enabled floppies used on an infected PC will themselves pick up the boot sector virus.

In the past, setting the computer to boot first from the C:\ drive and then the A:\ drive was a reasonable precaution against boot sector viruses. This is no longer the case. Viruses are now more dangerous and spread much more easily.

Some CMOS setups can be configured to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if you need to reinstall or upgrade the operating system, you will have to change the setting back to make the MBR writable again.