Even a non-bootable floppy can contain a virus in the boot sector.
- storing information about the disk, and
- storing a short program that either puts a message on the screen saying the disk cannot be used to start the computer if it’s a data disk, or a short program that starts to load the operating system if it’s a system disk which can start the computer (boot disk).
This special sector is numbered 0,0 and is called the Boot Sector.
A hard disk also has a DOS boot sector, but it’s located in a different sector on the hard disk (see note below). Other removable devices have DOS boot sectors that are defined by the format utility for that device. Bootable CD-ROMs, if infected by whomever wrote out the disc, could also be the source of an infection.
Since the DOS boot sector is executed every time you power on or boot your PC, it is very vulnerable to virus attack. Damage to this sector can make your disk appear to be unreadable. This sector is rewritten whenever you do a “SYS” or a “FORMAT /S” to a disk.
Warning: Even a non-bootable floppy can contain a virus in the boot sector. If you leave an infected floppy in your PC when you power on or boot, you will be infected even though the PC won’t successfully boot from that floppy.
When a floppy disk is formatted as a non-system disk under Windows XP it behaves similarly but its boot sector structure is different…
Under XP not only is there a little program but that program also looks for the NTLDR file which can then point to a boot device. If you copy the files NTLDR, NTDETECT.COM, and BOOT.INI from your XP hard drive to an XP-formatted floppy disk this disk can then be used as an emergency boot disk should the hard disk boot files become damaged. See the Microsoft Knowledgebase article on this for more details.
When a hard disk is formatted (FORMAT command) a boot sector, similar to that on a floppy diskette, is also created. Note: This boot sector should not be confused with the Master Boot Record (MBR) on a hard disk. In order to distinguish between the two, we’ve adopted the terminology of DOS Boot Sector (DBS) for the boot sector created by FORMAT on a hard disk (the DOS part is a holdover from the original Virus Tutorial but it’s a good way to tell the difference so I’ve kept the notation). The DOS/Windows PC’s BIOS will generally ignore the difference between the two boot records. If the boot device is a floppy disk the DOS Boot Sector on that disk will be read; if the boot device is a hard disk them the MBR will be read. You can see the difference here with a Windows XP MBR and Boot Sector from the same disk.
The fact that the BIOS simply transfer control to whatever is in the first sector of the boot device means that if a virus or other malware can insert code into that area then it can take control of the computer’s booting process and, at best, insert itself into the system, or at worst make it unusable.
The term bootblock is sometimes used for the boot sector, but this is only common on non-DOS/Windows systems (e.g., Sun systems will often use that term).
|Partition Sector||FDISK /MBR|
Comments from original:
Said this on 2009-12-30 At 12:10 am
I want to know that, is boot sector can be made manually by using some software?
thanks in advance.
Said this on 2009-12-30 At 12:58 pm
In reply to #1
A boot sector itself is just code so, yes, you can “create” one using a variety of means. One would be to just use the FORMAT command in DOS/Windows. Another would be to use a disk image utility to image the sector and then rewrite it to other media. CD/DVD software sometimes ship with utilities that create a boot sector to make CDs or DVDs bootable discs. And so on.