A boot virus can be overwriting and relocating. An overwriting boot virus overwrites MBR, DBR or FBR sector with its code preserving patrition table information or logical drive information respectively. Relocating boot viruses save the original MBR, DBR or FBR somewhere on a hard or floppy drive. Sometimes such action can destroy certain areas of a hard or floppy drive and make a disk unreadable.
All boot viruses are memory-resident. When a computer is started, boot virus code is loaded in memory. A virus traps one of BIOS functions (usually disk interrupt vector Int 13h) and stays resident in memory. A virus then monitors disk access and writes its code to boot sectors of media that is used on an infected computers. For example a boot virus started from a diskette infects a hard drive. Then a virus will infect all diskettes that are inserted in to infected computer's floppy drive.
No comments:
Post a Comment