Removing Boot Sector Viruses

Information covering the removal of boot sector viruses from the hard drive.

virussmopt The process needed to remove this type of virus from hard drive and memory is as follows:

NOTE: The instructions below are for Windows 95, 98 and ME. Users of NT, 2K and XP should not reboot their machine and should consult their anti-virus vendor for case-by-case support. The process below will not remove viruses from infected floppies, these must be scanned and disinfected after the memory and hard drive are clean.

* Boot the machine from a clean, write-protected floppy system diskette.
* This will take you to the DOS prompt (something like A:\> .)
* You now need to run your anti-virus scanner or disinfect manually.

AV Scanner

To do this, browse to the necessary location on your hard drive then run your anti-virus scanner from the command-line.

The location of the command-line scanner varies between products, consult your anti-virus product documentation for details.

Manual

The process described here will remove boot sector viruses from the master boot record (MBR) of hard disks. Since there are several boot sector viruses which also infect files, the method of disinfection using an AV scanner is preferable. It is also possible that in some cases this process will leave some or all of the hard-drive unreadable, the check described should lessen this danger but users are advised that success is not guaranteed. Users of multi-boot systems should be aware that this may leave all but the primary DOS partition unbootable.

After a clean boot, type:

DIR C:

(Where C is the drive letter of your hard disk) Do you see a correct listing of what is on the hard disk? If so, you can usually manually overwrite the viral code by issuing the following command:

FDISK /MBR

Once this is done, remove all floppy disks from your machine, and reboot as normal.

Frequently Ask Question:

What is a boot sector?

All disks and hard drives are divided into small sectors. The first sector is called the boot sector and contains the Master Boot Record (MBR). The MBR contains the information concerning the location of partitions on the drive and reading of the bootable operating system partition. During the bootup sequence on a DOS-based PC, the BIOS searches for certain system files, IO.SYS and MS-DOS.SYS. When those files have been located, the BIOS then searches for the first sector on that disk or drive and loads the needed Master Boot Record information into memory. The BIOS passes control to a program in the MBR which in turn loads IO.SYS. This latter file is responsible for loading the remainder of the operating system.

What is a boot sector virus?

A boot sector virus is one that infects the first sector, i.e. the boot sector, of a floppy disk or hard drive. Boot sector viruses can also infect the MBR. The first PC virus in the wild was Brain, a boot sector virus that exhibited stealth techniques to avoid detection. Brain also changed the volume label of the disk drive.

How to avoid boot sector viruses?

Commonly, infected floppies and subsequent boot sector infections result from "shared" diskettes and pirated software applications. It is relatively easy to avoid boot sector viruses. Most are spread when users inadvertently leave floppy disks in the drive - which happen to be infected with a boot sector virus. The next time they boot up their PC, the virus infects the local drive. Most systems allow users to change the boot sequence so that the system always attempts to boot first from the local hard drive (C:\) or CD-ROM drive.

Add this page to your favorite Social Bookmarking websites