home *** CD-ROM | disk | FTP | other *** search
- *** The following information is provided to describe ***
- *** the options available and the terms used ***
-
-
- BOOT SECTOR VIRUSES
- -------------------
-
- Not so long ago viruses infected either Boot Sectors or Files, but
- now an increasing number try to infect both, making them potentially
- much more infectious and also more difficult to clear out. Some
- viruses with the capability of infecting both files and sectors have
- not been generally recognised as such (eg FLIP and LIBERTY) which
- may have extended their opportunities to propagate.
-
- You will be able to pick out the infection targets easily as you
- navigate through PC-Virus Index, thanks to the check marks which
- vividly present this information. The target areas for boot sector
- viruses are:
-
-
- 1. DISKETTE BOOT SECTOR
-
- This is the Boot Sector that resides on every formatted diskette.
- Please note that diskettes do not have to be 'bootable' (ie with the
- hidden system files) in order to be infected and infective. Nor
- does a system have to be successfully booted in order for infection
- to pass: an attempt to boot is sufficient even if the 'Non System
- Disk ....' message results.
-
-
- 2. HARD DISKS
-
- There are always at least two Boot Sectors on a Hard Disk and they
- get called a variety of names and all are confusing, perhaps
- sometimes causing the wrong treatment to be applied. Irrespective
- of whatever any one else calls them (and nobody agrees!), we have
- called them:
-
- 3. MASTER BOOT SECTOR
-
- This is located at Head 0, Cylinder 0, Sector 1 - the first physical
- sector on the Hard Disk, what Norton calls 'absolute'. It contains
- the Partition Table which is system specific and because it is not
- addressable through DOS, users typically do not have backup copies.
- This sector and possibly also adjoining sectors are sometimes used
- by computer manufacturers for 'disk signatures' without which the
- hard disk will not function.
-
- This sector can be modified by FDISK which usually also rewrites
- many other sectors as well and by a 'low-level' format using DEBUG
- or disk management software. These are all destructive processes
- and a low-level format should only be undertaken by someone who
- knows the required procedure (which varies depending on controller
- card) and parameters (which vary with each model of hard disk).
-
- An infection on this sector is therefore bad news and the most
- widespread boot sector viruses (STONED & JOSHI) target this area.
- Disinfection is possible in many cases provided that the infection
- has been positively identified (eg through checksum verification)
- rather than just generally indicated.
-
- DOS FORMAT or any other 'high level' formatter will not disinfect
- viruses that have positioned themselves in this sector.
-
-
- 4. PARTITION BOOT
-
- Every Hard Disk also has at least one partition which will have been
- described on the Partition Table in the Master Boot Record. One of
- the partitions will also have been specified as the active or DOS
- bootable partition, usually Drive C.
-
- Clearing a virus from this sector is simply a matter of using DOS
- SYS but you must boot from a known clean diskette and you must use
- the right version of DOS. DOS versions earlier than 4.0 also require
- the system files to be in a special position. Either a potentially
- fraught 'low-level' format or a less demanding 'high-level' format
- are unnecessary overkill for disinfecting viruses of this type.
-
-
- ++++++++++++++ end of report ++++++++++++
- �
