Tuesday, September 25, 2007

Boot sector viruses and their prevention

boot sector viruses functions, spreading and problems

Boot sector viruses generally infect or substitute their own code for either the DOS boot sector or the Master Boot Record (MBR) of a computer. The MBR,  a small program running every time the computer starts up, controls the boot sequence and determines which partition the computer boots from, and the MBR generally resides on the first sector of the hard disk.

Thus, the MBR executes every time a computer is booted and eventually the deadly boot sector virus gets booted automatically. This result that once the boot virus code on the drive is infected, the virus will be loaded into memory on every startup. The virus then can spread to every disk on that system.

Since most antivirus and other security softwares cannot read and clean the MBR, the boot sector viruses are usually very difficult to remove. Most common boot sector viruses include Monkey, NYB or B1, Stoned, and Form.

Data disappearance from entire partitions or disks is one of the most frequent problems that Boot sector virus causes. Finally, the system becomes unstable. Often the infected computer fails to start up or to find the hard drive. Also, error messages such as "Invalid system disk" may become prevalent.

Sometimes, behaviours shown by autorun.exe virus are also in similar malfunctioning association with boot sector virus.

Precautions and damage control

> The best protection against boot sector viruses is the same as against viruses in general: a good antivirus program with up-to-date virus definitions. Antivirus programs do two key things:


> Scan for and remove viruses in files on disks, Monitor the operation of your computer for virus-like activity and look for known actions of specific viruses or general suspicious activity.

> Back up your files, so that you can restore them if a virus damages them.

> Keep your original application and system disks locked (write-protected). This will prevent the virus from spreading to your original disks.

> If you must insert one of your application floppy disks into an unknown computer, lock it first. Unlock your application disk only after verifying that the computer is free of viruses.

> Obtain public-domain software from reputable sources. Don't download software directly to a hard disk. Rather, save it to a floppy disk, lock the floppy disk, and check it thoroughly using reputable virus detection software. Don't copy it to your hard disk until you know it is safe. This can also help protect you from Trojan horse programs.

> Quarantine any infected computer. If you discover that a computer is infected with a virus, immediately isolate it from other computers. In other words, disconnect it from any network it is on. Don't allow anyone to copy or move files from it until the entire system has been reliably disinfected.

Some of this information was adapted from an article in the UITS publication Computing Times Online.

0 responses:

Post a Comment

Thanking you for your comment(s). Hope you will visit this blog again!

Subscribe to geeklog feed Bookmark and Share

Design by Free blogger template