What is a boot sector virus?

What is a boot sector virus?
A boot sector virus is one that infects the first sector, i.e. the boot sector, of a floppy disk or hard drive. Boot sector viruses can also infect the MBR. The first PC virus in the wild was Brain, a boot sector virus that exhibited stealth techniques to avoid detection. Brain also changed the volume label of the disk drive.

How to avoid boot sector viruses.
Commonly, infected floppies and subsequent boot sector infections result from "shared" diskettes and pirated software applications. It is relatively easy to avoid boot sector viruses. Most are spread when users inadvertently leave floppy disks in the drive - which happen to be infected with a boot sector virus. The next time they boot up their PC, the virus infects the local drive. Most systems allow users to change the boot sequence so that the system always attempts to boot first from the local hard drive (C:\) or CD-ROM drive.

Disinfecting boot sector viruses.
Boot sector repair is best accomplished by the use of antivirus software. Because some boot sector viruses encrypt the MBR, improper removal can result in a drive that is inaccessible. However, if you are certain the virus has only affected the boot sector and is not an encrypting virus, the DOS SYS command can be used to restore the first sector. Additionally, the DOS LABEL command can be used to restore a damaged volume label and FDISK /MBR will replace the MBR. None of these methods is recommended, however. Antivirus software remains the best tool for cleanly and accuarately removing boot sector viruses with minimal threat to data and files.

Creating a system disk.
When disinfecting a boot sector virus, the system should always be booted from a known clean system disk. On a DOS-based PC, a bootable system disk can be created on a clean system running the exact same version of DOS as the infected PC. From a DOS prompt, type:

SYS C:\ A:\

and press enter. This will copy the system files from the local hard drive (C:\) to the floppy drive (A:\).

If the disk has not been formatted, the use of FORMAT /S will format the disk and transfer the necessary system files. On Windows 3.1x systems, the disk should be created as described above for DOS-based PC's. On Windows 95/98/NT systems, click Start | Settings | Control Panel | Add/Remove Programs and choose the Startup Disk tab. Then click on "Create Disk". Windows 2000 users should insert the Windows 2000 CD-ROM into the CD-ROM drive, click Start | Run and type the name of the drive followed by bootdisk\makeboot a: and then click OK. For example:

d:\bootdisk\makeboot a:

Follow the screen prompts to finish creating the bootable system disk. In all cases, after the creation of the bootable system disk, the disk should be write protected to avoid infection.

More information

Free Virus Removal Tools

Sure the antivirus vendors want to make money, but if you ever get the chance to meet one of their virus researchers, you'll find their real motivation is to protect users. As corny as that may sound, it's true. That's why when stubborn or fast-spreading infectors are discovered, antivirus vendors release special tools to remove the malware - and give the tools away free. It's no substitute for installed antivirus software, but if you're already infected and in a pinch, it's the next best thing to, well, installed antivirus software.

• Create a Free F-Prot Rescue CD - FRISK Software - one of the oldest and most respected antivirus companies (and the secret sauce hidden in a lot of antivirus products being sold under other names)- offers their F-Prot for DOS scanner free for personal use. It's ideal for making a rescue CD so you can scan the system from a clean boot.
• McAfee AVERT Stinger - McAfee AVERT Labs offers a handy utility to run in Windows that cleans some of the more common malware.
• Microsoft Malicious Software Removal Tool - Microsoft offers a free tool to remove prevalent software active on the system. The tool is offered via Automatic Updates, Windows Updates, and Microsoft Updates, or it can be manually downloaded using the provided link.
• Symantec Virus Removal Tools - Antivirus vendor Symantec offers a wide range of free cleaning tools for individual malware removal.
• F-Secure Virus Removal Tools - Another good choice for individual malware removal are these free tools from F-Secure.
• For a second opinion scan or a not-so-stubborn infector, try one of the Top Online Scanners

http://antivirus.about.com/od/securitytips/a/resources.htm