boot sector virus

A boot sector virus is malware that infects the computer storage sector where startup files are found. The boot sector contains all the files required to start the operating system (OS) and other bootable programs. The viruses run at bootup, allowing them to execute malicious code during startup time -- before many security layers are executed, including antivirus software.

There are two types of boot sector viruses. The older types run from the first sector of the storage media that is used to start up the computer. This type was especially common at the time of floppy disks for DOS-based booting. This older type of virus can, at least theoretically, also exist on other media such as CD, DVD ROM, flash drives and other removable storage. More common and recent are viruses that infect the master boot record (MBR). Although they don’t infect the actual boot sector, these viruses still inject themselves into the boot process similarly to those that do, to conceal malicious actions. MBR-infecting viruses don’t require that media is left in the computer at boot time as true boot sector viruses do.

Boot sector viruses are among three classes of viruses: macro viruses, file infectors and system or boot-record infectors. Of the three classes, boot sector viruses can be the most privileged and damaging. Because boot sector viruses affect the location where the computer stores essential start up files, they can make a computer unbootable.

Boot sector viruses and root kits are related types of malware and both can host further infections. Boot sector viruses often don’t have the same level of concealment as root kits but because they run early in startup, they can have all the privilege that modern root kits do. Current operating systems, BIOS and UEFI architectures include protection against boot sector viruses, making them less common than they were in older systems.