What is a Boot Sector Virus?

What is a Boot Sector Virus? 

Boot sector viruses are a type of malware that infects a system’s boot partition or the master boot record (MBR) of a hard disk. A boot sector is the section of a disk containing the code and data needed to start the operating system (OS) of a computer. While the computer is starting up and before security software is engaged, the virus executes its malicious code. 

How do Computers become Infected? 

Computers become infected when starting up from an infected disk. The virus infects a computer at a basic input-output system level (BIOS) using disk operating system commands (DOS) to spread to other disks. After the appearance of Windows 95, boot sector viruses took a back seat for a while due to the limited use of DOS instructions. However new programs now write code to the MBR in order to load early in the start-up process and conceal the actions of malware.  

The MBR is on the first sector of your hard drive and executes whenever you power up your computer. This means that even if you try to remove boot sector viruses using an antivirus, they get loaded back into your computer’s memory on your next boot.  

Originating from your boot sector, these viruses will then spread to all the disks on your computer. This makes boot sector viruses tough to remove. 

It's also possible for email attachments to contain boot virus code, which can infect the targeted computer as well as others on a shared network. If opened, these attachments infect the host computer and could possibly contain instructions to mail out further batches of email to an individual’s contact list. 

Symptoms of a Boot Sector Virus 

Users are unlikely to know if they have a boot sector virus until they run an antivirus solution or conduct a malware scan. There are a few different signs that a computer has been infected with a boot sector virus. Here are some examples: 

• Boot sector viruses, like most others, can cause your computer to slow down 
• Files may start to be encrypted or disappear altogether  
• Boot sector viruses can cause a computer to be unable to boot, it may boot to a blue screen, or the OS will not start, or a black screen with an error message may occur 

Preventing Boot Sector Viruses 

Removing boot sector viruses can be a challenge, however, it is easier to prevent them from infecting your computer in the first place. The most common way these viruses spread is through shared removable media. Before you insert any removable storage device into your computer, make sure that it is not infected with malware. A virus might not be installed on your device when you connect the media, but if you leave it connected while starting up your device, your hard drive will become infected. 

Prevention Tips: 

• Use strong, up to date, antivirus software to scan your device for suspicious activity 
• When using removable storage devices, such as USB drives, scan it with an antivirus tool before accessing any of the files stored on it 
• Avoid using storage devices that you don’t know the content of 
• Don’t download files from emails you weren’t expecting 
• Stay vigilant of the network you are connected to, boot sector viruses can be transferred between computers on a shared network 
• Don’t download apps from sites that require you to use their own download manager  

Removing Boot Sector Viruses 

You should always have antivirus software in place to remove malicious files; you should also make sure that the software will protect the boot sector. If the virus is unable to be removed due to encryption or excessive damage to existing code, then your hard drive may need reformatting in order to eliminate it. 

How Can Securiwiser Help? 

Securiwiser offers comprehensive scanning of your devices, network, and systems to make sure that you are cyber secure and no anomalous behaviour falls off the radar. Your security posture will be analysed and each aspect graded based on its performance, so you always know what might need attention. If your systems are compromised in any way securiwiser will send a detailed report of the scans and their findings and you will be told what to do to remediate the problem.