BOOT SECTOR VIRUS

A boot sector virus is a computer virus that infects the master boot record of a storage device (MBR). A boot sector virus does not have to successfully boot the victim's computer in order to infect it. As a result, boot sector viruses can spread even on non-bootable media. These viruses copy their infected code to the boot sector of a floppy disk or the partition table of a hard drive.

The virus is loaded into the computer's memory upon startup. As soon as the virus is saved to memory, it infects the system's non-infected drives.

PROPAGATION

Since the demise of floppy disks, boot sector infections have become extremely rare. Furthermore, modern operating systems feature boot-sector protections that make it impossible for boot sector viruses to infect them.

Boot sectors can be found on hard drives, floppies, and, on rare occasions, CDs and DVDs. The boot sector program is automatically located and loaded by the hardware during the booting process. Following that, the boot sector loads the rest of the operating system into memory. Without a boot sector, a computer cannot load the operating system.

Typically, a boot sector virus infects a computer via modifying the boot sector program. The virus overwrites the default program with a tainted version of its own. A boot sector virus can only infect a computer if it is utilized to start up the computer. If the virus is injected after the computer has booted up or is running the operating system, the computer will not be infected.







PROGRAM FILES

The directory or standard folder in Windows where third-party software are installed by default is called Program Files. All of the program data for an application installed in this folder is stored in its own subfolder. There are two Program Files directories in 64-bit versions of Windows, one for 64-bit programs and the other for 32-bit programs:


"Program Files", by default

"Program Files(x86)", for 32-bit programs



Most programs' installers allow users to choose or establish their own path for the application's install directory during the installation process. This means that the Program Files directory is only a convenience and orderly addition to the system, rather than a requirement.

There are a few exceptions to the rule that an application or program can run regardless of where it was installed. Some programs require installation in the Program Files directory, frequently due to hard-coded locations, environment variable requirements, or other unknown circumstances.
These apps, on the other hand, often do not allow users to install them elsewhere and hence do not provide that choice during installation. Other programs may also require the installation of a certain folder. A device driver installer, for example, does not provide the user the choice of choosing an install location; instead, it usually only asks for permission to be installed or not, then installs and finishes.

FILE-INFECTING VIRUS

A file-infecting virus, sometimes known as a file injector, infects executable files with the purpose of causing lasting damage or rendering them unusable. A virus that infects files overwrites or inserts infected code into executable files is known as a file-infecting virus.
This virus is capable of infecting a variety of operating systems, including Macintosh, Windows, and Unix. It usually infects files with the extensions.exe or.com. The virus may partially or totally overwrite the infected file when it is accessed or executed.
A virus that infects files can also travel across the system and across the network, infecting other computers. Furthermore, a severe file-infecting virus has the ability to totally reformat a hard drive.

Win32.Sality.BK is a well-known file-infecting virus that ranked in the top ten malware infestations in 2011 and 2012. Read more on history of malware here.

Multipartite Virus

Raffaele Perri

 next article