Boot Sector Virus: How to Identify and Remove

Boot Sector Virus

A boot sector virus is a computer virus that infects the boot sector of disks or Master Boot Record (MBR) of hard disks. Some boot sector virus infects the hard disk instead of MBR.

What is a Boot Sector?

A boot sector is a region of a storage device i.e., Hard Disk, Floppy Disk, Optical Disk (CD/DVD) and other storage device that contains machine code to be loaded in RAM (Random Access Memory) by computer system built-in firmware.
All hard disks and other storage devices are divided into small sectors. The first sector of disk is called the boot sector and contains the Master Boot Record. The MBR contains the information related to he location of partition and reading of the bootable operating system partition in disk.
During the boot up process of DOS based computer, the BIOS searches the certain system files. IO.SYS and MS-DOS.SYS. When these two files are located the BIOS searches for the first sector on the disk and loads the MBR information in RAM.
What is a boot sector virus?

A boot sector virus is a computer virus that infects the first sector of storage devices, i.e., Boot Sector. Boot sector virus is piece of infected code residing in boot sector of disks. This infected code (boot sector virus) runs when computer is booted from infected disk, once booted, it will infect other storage devices connected to computer too with infected code.
While boot sector virus infects at BIOS level, it uses DOS commands to execute to other storage devices.

How boot sector virus spreads?

Boot sector virus most commonly spreads using physical media devices. An infected optical disk or USB drive connected to a computer will transfer infected code when the drive’s VBR (Volume Boot Record) is read, then it modifies or replaces the existing boot code. The next time user tries to boot their computer, the virus will be loaded and executed immediately as a part of Master Boot Record.

How to get rid of boot sector virus?

Boot sector virus encrypts the boot sector, so it could become difficult to remove them. In many cases, users are not even aware that they have been infected with boot sector virus until they run effective Antivirus Program or Malware scan. Some of effective Antivirus to identify and remove boot sector viruses are:

Steps to remove boot sector virus using Kaspersky Rescue Disk

In order to remove boot sector virus and scan computer for other malware, we are going to use Kaspersky Rescue Disk. Perform the following actions carefully:
  1. Boot your computer from Kaspersky Rescue Disk using Graphic Mode. For instructions booting in graphic mode visit here.
  2. After booting in Graphic mode, first of all update Antivirus database.
  5. You could choose drives to scan for infection. By default Kaspersky Rescue Disk scans Disk boot sector and hidden startup objects.
  6. Now, click on Start Objects Scan.
  8. After completing the scan, the application will ask you to perform some actions with detected threats. You can select one the following actions:
  • Disinfect: Select this option to repair or disinfect the selected file.
  • Delete: Delete infected files if disinfection fails.
  • Quarantine: Quarantine contains those files that are detected as threat but its not confirm that they are malicious or not.

