Skip to main content

Choose your country

Boot virus

Classification

Category:

Malware

Platform:

W32

Aliases:

  • Boot virus
  • BOO virus
  • Boot virus
  • MBR virus
  • DBR virus

Summary

This type of virus infects the Master Boot Record or DOS Boot Record of a hard drive, or the Floppy Boot Record of a floppy drive.

Removal

Technical Details

A boot virus (also known as a boot infector, an MBR virus or DBR virus) targets and infects a specific, physical section of a computer system that contains information crucial to the proper operation of the computer's operating system (OS).
Though boot viruses were common in the early 90s, they became much rarer after most computer motherboard manufacturers added protection against such threats by denying access to the Master Boot Record (the most commonly targeted component) without user permission.
In recent years however, more sophisticated malware have emerged that have found ways to circumvent that protection and retarget the MBR (e.g, Rootkit:W32/Whistler.A).

How a boot virus infects

Boot viruses differ based on whether they target the Master Boot Record (MBR), the DOS Boot Record (DBR) or the Floppy Boot Record (FBR):
  • The MBR is the first sector of a hard drive and is usually located on track 0. It contains the initial loader and information about partition tables on a hard disk.
  • The DBR is usually located a few sectors (62 sectors after on a hard disk with 63 sectors per track) after the MBR, and contains the initial loader for an operating system and logical drive information.
  • The FBR is use for the same purposes as DBR on a hard drive, but it is located on the first track of a diskette.
A boot virus can be further subdivided into either overwriting or relocating:
  • An overwriting boot virus overwrites MBR, DBR or FBR sector with its own code, while preserving the original partition table or logical drive information.
  • A relocating boot virus saves the original MBR, DBR or FBR somewhere on a hard or floppy drive. Sometimes, such an action can destroy certain areas of a hard or floppy drive and make a disk unreadable.
All boot viruses are memory-resident . When an infected computer is started, the boot virus code is loaded in memory. It then traps one of BIOS functions (usually disk interrupt vector Int 13h) to stay resident in memory.
Once resident in memory, a boot virus can monitor disk access and write its code to the boot sectors of other media used on the computer. For example, a boot virus launched from a diskette can infect the computer's hard drive; it can then infect all diskettes that are inserted in the computer's floppy drive.

Protect your devices from malware with F‑Secure Total

Protecting your devices from malicious software is essential for maintaining online security. F‑Secure Total makes this easy, helping you to secure your devices in a brilliantly simple way.

  • Award‑winning antivirus and malware protection
  • Online browsing, banking, and shopping protection
  • 24/7 online identity and data breach monitoring
  • Unlimited VPN service to safe­guard your privacy
  • Password manager with private data protection

Choose how many devices you want to protect to get started.

  • Free customer support
  • Cancel anytime
  • The trial does not obligate you to buy the product
Try Total 30 days for free

After 30 days your subscription will renew automatically for one year at €69.99.

More Support

Community

Ask questions in our Community.

User guides

Check the user guide for instructions.

Contact Support

Chat with with or call an agent.

Submit a Sample

Submit a file or URL for analysis.