How to Deal With Boot Sector Viruses

What to do when you get a boot sector virus

What to Know

  • Avoid boot sector viruses by removing removable media from the PC before you shut it down.
  • Disinfect boot sector viruses with antivirus software (preferred option) or the DOS SYS command for restoring the first sector.
  • Boot from a known clean system disk when disinfecting boot sector viruses.

This article explains how to avoid and disinfect boot sector viruses on PCs with BIOS MBR. Nearly all Windows 10 PCs use the new EFI GPT boot system, as opposed to the older BIOS MBR. This guide is mostly historical in nature.

How to Avoid Boot Sector Viruses

The first sector of a hard drive is called the boot sector and contains the Master Boot Record (MBR). The MBR contains the information concerning the location of partitions on the drive and reading of the bootable operating system partition and is responsible for loading the remainder of the operating system.

A boot sector virus is one that infects the first sector—the boot sector—of a removable or hard drive. Boot sector viruses can also infect the MBR.

Typically, infected removeable media and subsequent boot sector infections result from "shared" disks or USB drives with pirated software applications. It is relatively easy to avoid boot sector viruses. Most are spread when users inadvertently leave removable media that is infected with a boot sector virus in the PC. The next time they boot up the PC, the virus infects the local drive. Most systems allow users to change the boot sequence so that the system always attempts to boot first from the local hard drive (C:\) or CD-ROM drive.

Disinfecting Boot Sector Viruses

Boot sector repair is best accomplished by the use of antivirus software. Because some boot sector viruses encrypt the MBR, improper removal can result in a drive that is inaccessible and a system that won't boot.

However, if you are certain the virus has only affected the boot sector and is not an encrypting virus, the DOS SYS command can be used to restore the first sector. Additionally, the DOS LABEL command can be used to restore a damaged volume label, and FDISK /MBR will replace the MBR. None of these methods is recommended, however. Antivirus software remains the best tool for cleanly and accurately removing boot sector viruses with minimal threat to data and files.

Creating a System Disk

When disinfecting a boot sector virus, the system should always be booted from a known clean system disk. This usually means a bootable Windows install DVD or USB.

Historically, On a DOS-based PC, a bootable system disk could be created on a clean system running the exact same version of DOS\Windows as the infected PC. From a command prompt, you could enter SYS C:\ A:\.

This copies the system files from the local hard drive (C:\) to a floppy drive (A:\). For USB drives, the drive letter may be D:, E:, or some other letter. Make sure to change the drive letter to the removable media you are using.

If the disk\drive has not been formatted, the use of FORMAT /S will format the disk and transfer the necessary system files.

On Windows 10, 8.1, 8, and 7, you can easily use a 3rd party tool like Rufus to create a bootable USB. Once you have a bootable USB drive, booting off of itand cleaning your drive with antivirus or following the above commands will be your final step.

Was this page helpful?