Boot viruses: we recognize the enemy in person

Despite the numerous advantages and revolutionary convenience of the Windows operating system, it has one significant drawback. To be more precise, we are talking about the susceptibility of the system to virus attacks of various types and origins. Let's talk about what boot viruses are, how they work, what harm your computer can do, and how to deal with them.

Did you notice that the computer began to hang almost immediately after passing the BIOS tests? Several times reinstalled the system or formatted the hard drive, but did not notice any positive changes? Be careful, because this is the first alarm signal, indicating that the so-called boot viruses have settled on the computer.

Their main feature is the area of defeat. Viruses of this type affect the boot sector of the disk. And in the memory they penetrate even before the antivirus program. That's why finding them, as a rule, is quite difficult.

Boot viruses do not always carry destructive functions. However, even in this case they remain extremely dangerous. Why? Everything is very simple. Errors in programming cause unstable operation of the operating system, you can lose a lot of important data stored in the computer's memory. And installing a "non-native" system in general can produce unpredictable effects.

You can verify the presence of the boot virus by tracking the interception of interrupt vectors before the operating system is directly loaded. During the transfer of control to the Master Boot Record (MBR) sector, all interrupts are processed exclusively with the participation of the BIOS. This significantly reduces the range of addresses. The boot virus will somehow intercept some interrupts, at the expense of which it will be able to function. As a rule, the combination includes 13h (disk), 8h or 1Ch (timer), 9h (keyboard), 12h (memory size), 21h (MS DOS), 17h (printer). Slightly changing the loader, you can see these interceptions, that is, detect the presence of viruses.

If you do not find that the boot viruses got into the computer in time, you can face big problems, the minimum of which is the need to reinstall the system and format the hard drive after cleaning. In particularly difficult cases, the possibility of reinstalling the system may not be there.

Prevention and treatment of computer viruses is carried out with the help of special utilities. For example, against the boot viruses, the Norton Disk Doctor ("Norton Disk Doctor") program proved to be very good. What else can I do?

1. Disconnect the hard drive from your PC and connect it to another computer with the antivirus installed (preferably it's a high-quality licensed program). After the hard drive is checked and the viruses are found, the hard disk can be reconnected to your computer.

2. Add a boot function to the BIOS from the CD, and then boot the computer, using the already "emergency" disk. The disk should contain antivirus software, as well as fresh databases to it.

3. Find a specialist who is able to manually overwrite the boot sector, taking into account the features of your software. This process is long and time-consuming, but 100% effective.