System sectors (Master Boot Record and DOS Boot Record) are often targets for viruses. These boot viruses use all of the common viral techniques to infect and hide themselves. While mostly obtained from an infected disk left in the drive when the computer starts, they can also be “dropped” by some file infectors or Trojans.
There are two types of system sectors found on DOS/Windows PCs:
- DOS Boot Sectors (DBS)
- Partition Sectors (often called Master Boot Record or MBR)
System sector viruses modify the program in either the DOS boot sector or the Master Boot Record. Since there isn’t much room in the system sector (only 512 bytes), these viruses usually have to hide their code somewhere else on the disk. These viruses sometimes cause problems when this spot already contains data that is then overwritten. To make themselves harder to find a system sector virus will sometimes find the “end” of the disk and write itself to the disk in an area beyond this with special routines to access that area to get its code back out.
Some viruses, such as the Pakistani Brain virus, mark the spot where they hide their code as bad. This is one reason to be suspicious if any utility suddenly reports additional bad sectors on your disk and you don’t know why (don’t panic, bad sectors occur frequently for a wide variety of reasons). These viruses usually go resident in memory on your PC, infect the hard disk, and infect any floppy disk that you access. Simply looking at the directory of a floppy disk may cause it to be infected if one of these viruses is active in memory. The more modern of these beasts exist as rootkits which can load either before, with, or as part of the operating system.
On Macintosh systems, some of these viruses even infected a diskette immediately upon inserting a diskette into the floppy drive. (PCs generally do not access a disk automatically as the Macintosh does.)
Since viruses are active in memory (resident), they can hide their presence. If Brain is active on your PC, and you use a sector editor to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected boot sector and instead return a saved image of the original boot sector. You will see the normal boot sector instead of the infected version. Viruses that do this are known as stealth viruses.
In addition to infecting diskettes, some system sector viruses also spread by infecting files. Viruses of this type are called multipartite (multiple part) viruses. Since they can infect both files and system sectors they have more avenues to spread. (Note: Some file viruses also infect system sectors to complete the circle.)
Summary
- System sectors (MBR and DBS) are often targets for viruses.
- Even data disks can be infected by these viruses.
- System sector viruses spread easily via floppy disk infections and, in some cases, by cross infecting files which then drop system sector viruses when run on clean computers.
 What Viruses Infect |
|
 |
 |
| What Viruses Infect | Files |
Comments from Original Post:
dinesh
Said this on 2009-09-16 At 08:12 am
hi
I am dinesh
I want viruses problem solution
thanks
#2
DaBoss
Said this on 2009-09-16 At 02:14 pm
In reply to #1
Best thing to do if you have a problem is to use anti-virus software to remove that problem. See the tutorial table of contents to the left for a link to a page listing vendors. Some have free removal tools and/or free software.
#3
Rasika
Said this on 2011-08-19 At 03:34 am
In reply to #1
So, You should wash your PC evry day…
[…with bleach! 🙂 –DaBoss]
