2024-04-25

virus attack

Boot Sector Viruses

DATARECOVERYUNION.COM08 mins

Boot Sector Viruses Before discussing what a boot sector virus does, let’s first take a look at what a boot sector is. A floppy disk or hard drive is comprised of many segments and clusters of segments, which (in the case of a hard drive) may be separate by partitions. There has to be a way to find all the data spread across these segments, hence the boot sector operates as a virtual rendition of a library’s Dewey Decimal system. Each disk also has a Master Boot Record or (MBR) that locates and runs the first of any necessary operating system files needed to facilitate operation of the disk. When a disk is read, it first seeks the MBR, which then passes control to the boot sector, which in turn provides pertinent information regarding what is located on the disk and where it is located. The boot sector also maintains the information that identifies the type and version of the operating system the disk was formatted with.

This is a highly simplistic overview of the boot sector function, but it serves our purpose well as it underscores the critical nature of the MBR and boot sector.

Obviously, a boot sector or MBR virus that invades this space on the disk puts the entire operation of that disk at risk.

A boot sector virus is spread via infected floppy disks. This typically occurs when users inadvertently leave a floppy disk in drive A. When the system is next started, the PC will attempt to boot from the floppy. If the disk is infected with a boot sector virus, that virus will infect the boot sector of the user’s local drive (C). Unless the floppy disk happens to be a bootable system disk, the user will simply see a standard warning that the drive contains a “non-system disk or disk error” and the user will be prompted to “replace the disk and press any key when ready”.

This is a standard error message and is not in and of itself indicative of a boot sector infection. All it means is that a non-bootable disk is contained in the drive the computer is first trying to boot from.

Most users will realize a floppy has been left in the drive, remove it, and reboot the system, unaware they may have just infected their system with a boot sector virus. Of course, if the disk was bootable, they would not receive the error noted above, but will simply be booted to a DOS screen.

Care should be taken to ensure that any bootable floppies have been checked for the presence of boot sector viruses and these disks should be write-protected to ensure no future infection takes place.

Even non-bootable disks can spread a boot sector infection when they are accessed. Further, a boot sector infected hard drive will also infect any floppies used in the system. Where applicable, use write-protected floppies to protect against this.

To write-protect a floppy disk, hold it so that the metal plate is facing downwards. Along the top edge there may be an “open” square. Look closely and you will find a small cover that can be pushed back and forth over the open square. If the cover is closed, i.e. the square is covered, the disk can be written to. If the cover is open, i.e. the square is not covered, the disk cannot be written to and is considered write-protected.

Of course, you would not want to write-protect floppies you use to copy files to, as you would receive a write protection error the next time you attempted the copy.

Most of today’s PCs no longer seek out the floppy drive during bootup, instead using the CD-ROM drive as the first boot device. This can be configured via the system CMOS screen to change the boot sequence to check the hard drive first, the CD-ROM drive second, and the floppy drive third, if at all.

Changing settings in CMOS incorrectly can result in system failure and should not be attempted by inexperienced users. Instructions for accessing the CMOS configuration screen for your PC can generally be found in the motherboard manual.

The first boot sector virus was discovered in 1986. Dubbed Brain, the virus originated in Pakistan and operated in full-stealth mode, infecting 360Kb floppies.

Perhaps the most infamous of this class of viruses was the Michelangelo virus discovered in March 1991. Michelangelo was a MBR and boot sector infector with a March 6th payload overwriting critical drive sectors. Michelangelo was the first virus to attract a large amount of media focus.

Read More

What risks do viruses pose to the data on internal or external hard drive?

DATARECOVERYUNION.COM02 mins

Rirus Recovery When it comes to data storage, viruses can be divided into two basic categories:

  • Viruses that delete data.
  • Viruses that corrupt data.

Viruses that delete data will tell the Operating System (such as Windows) to flag files as being deleted. The data itself becomes unavailable but it still exists on the platters until it’s overwritten. This data is recoverable using 3rd-party data recovery softwares which will scan the platters and mark recognizable files as not deleted, effectively restoring them to the directory structure.

Viruses that corrupt data are the most dangerous because they overwrite files with garbage data and then possibly flag them as deleted. This makes the data unrecoverable.
In either case, it is very important to have Antivirus software running on any machine whether it’s connected to the internet or not (viruses can be propagated from CDs, floppies, and other storage mediums) and keep a backup of any critical data on a removable storage device which will help prevent viruses from propagating to your backup.

Read More

Virus Protection Key to Healthy Computing

DATARECOVERYUNION.COM03 mins

Computer viruses are proving to be highly complex but preventing viruses from infecting your computer systems is simple. Use two well-known brands of anti-virus software and keep them as current as possible.

Beyond that, there are some simple, common sense procedures that everyone should use, whether at work or in the home computing environment. Never open a file whose origins are unknown. In a simpler day, that wisdom only applied to executable files, or files that did something. They have the suffixes .exe, .com and .bat and each can start a program on your computer. These viruses spread through games downloaded from the Internet, on borrowed diskettes and through the old ‘bulletin board’ services.

Today, unfortunately, a whole new wave of viruses has been unleashed on unsuspecting computer users because software manufacturers introduced feature-rich new programs without considering how vulnerable they are to viruses. Now, almost any document and many email messages can carry and spread ‘macro’ viruses at lightning speed. That’s why it is so important never to open messages or documents from unknown sources. Viruses can delete data, change file names or even damage the physical media the data where the data is stored.

How important is virus protection?
If your data is critical to your business operations, there is nothing more important. Even though about 75 per cent of all data loss incidents are caused by human error or system malfunctions, a virus attack can still cripple your data center. A combination of regular, verified backups and constantly updated virus protection are absolutely essential to protect your data – and your organization.

Read More