This type of virus infects Master Boot Record (MBR) or DOS Boot
Record (DBR) of a hard drive and Floppy Boot Recorde (FBR). MBR
is the first sector of a hard drive and is usually located on
track 0. It contains the initial loader and information about
partition tables on a hard disk. DBR is usually located a few
sectors (62 sectors after on a hard disk with 63 sectors per
track) after MBR. The DBR contains the initial loader for an
operating system and logical drive information. The FBR is use
for the same purposes as DBR on a hard drive, but it is located
on the first track of a diskette.
A boot virus can be overwriting and relocating. An overwriting
boot virus overwrites MBR, DBR or FBR sector with its code
preserving patrition table information or logical drive
information respectively. Relocating boot viruses save the
original MBR, DBR or FBR somewhere on a hard or floppy drive.
Sometimes such action can destroy certain areas of a hard or
floppy drive and make a disk unreadable.
All boot viruses are memory-resident. When a computer is started,
boot virus code is loaded in memory. A virus traps one of BIOS
functions (usually disk interrupt vector Int 13h) and stays
resident in memory. A virus then monitors disk access and writes
its code to boot sectors of media that is used on an infected
computers. For example a boot virus started from a diskette
infects a hard drive. Then a virus will infect all diskettes that
are inserted in to infected computer's floppy drive.
Boot viruses are quite rate nowdays, besides most of computer
motherboards have protection against boot viruses - access to MBR
is denied without user permission.
Disinfection
Automatic Disinfection
Usually viruses infecting boot and executable files are
automatically disinfected by F-Secure Anti-Virus (FSAV). In some
special cases it is recommended to use specific disinfection
tools provided by F-Secure. They can be downloaded from our ftp
site:
F-Secure Anti-Virus can be purchased from our webshop or from our
authorised distributors. A trial version F-Secure Anti-Virus,
limited to 30 days, can be downloaded from our website:
All the latest versions of FSAV can download anti-virus database
updates automatically. However, these updates can be also
downloaded and installed manually from our web or ftp sites:
It is not recommended to manually disinfect files and boot
sectors from viruses as it can cause damage to a system and make
it unbootable.
Contacting F-Secure for help
If you have problems with disinfection, please consult a computer
technician or send a message (and a sample) to our Viruslab. We
have guidelines for sending virus samples, hoaxes and
virus-related questions to F-Secure Viruslab published here:
