Learn something new every day More Info... by email
A boot sector is the portion of a hard disk or floppy disk that has the code stored on it to boot special programs, and to reference other key features to keep the disk working. There are many types, but there are two main ones: the master boot record and the volume boot record. A master boot record exists on a drive that has been partitioned, and it usually finds the active partition and run its own volume boot record. The volume boot record, in turn, often contains code to run the operating system on the computer.
Hard disk drives contain a master boot record as their first boot sector, while floppy disks or USB disks usually only contain a volume boot record as their first boot sector, as they cannot be partitioned. The BIOS of a computer, the part that runs before anything else, immediately looks to this sector of a drive, whether it is a master or a volume, for instructions on what to do next. The boot sector can actually include instructions to do fairly complex things, which comes in use for things like giving a user the option to run one of many operating systems, but also means there is the potential for abuse in the form of viruses.
To be a boot sector, the sector need meet only one criteria, which is to have a signature of 0xAA55 as its final two bytes. A failure to have this signature can result in an error, and the computer may not complete booting. This can happen for a number of reasons, including a virus, or simply a corrupted sector from a physical error on the drive itself.
This type of virus is simply one that replaces the normal boot sector code with code of its own choosing. Because the boot sector is loaded whenever a computer starts up, such viruses can be incredibly destructive, and in some cases may be quite difficult to properly remove. Since the virus is loaded into memory as soon as the computer starts up, it can also be spread quite easily to every drive or disk that the infected computer comes into contact with.
The most common way that a boot sector virus is spread is by leaving an infected disk in the disk drive of a computer. When it next starts up, the BIOS reads the volume boot record of that disk, receives the virus, and passes it into memory. From there it can spread to other drives, and to other disks inserted. A virus can also be passed over a network, however, if it is not properly protected, and may even be transmitted as an attachment to an email.
Removing a boot sector virus requires a good anti-virus program. Many encrypt the boot sector when they infect it, so that it is not a straight-forward matter to remove the virus. For this reason, it’s important to use a good antivirus program that has a registry of many such viruses, and so can carefully remove the virus without causing damage to your computer.