引导扇区病毒(Boot Sector Viruses)是驻留在硬盘驱动器中的恶意程序。他们通过用他们的代码替换您的主引导记录 (MBR)(Master Boot Record (MBR))或DOS 引导扇区(DOS Boot Sector)来感染您的机器。在某些情况下,引导扇区病毒会加密MBR。这种操作模式使引导扇区病毒变得强大。
什么是引导扇区病毒?
主引导记录(Master Boot Record)位于硬盘驱动器的第一个扇区,并在您打开 PC 电源时执行。这意味着即使您尝试使用防病毒软件删除引导扇区病毒,它们也会在您下次引导时重新加载到您的计算机内存中。
这些病毒源自您的引导扇区,然后将传播到您计算机上的所有磁盘。这使得引导扇区病毒难以清除。
此外,如果Windows正在运行,常规防病毒程序将无法访问MBR。但是,您可以使用可引导的防病毒磁盘来删除引导扇区病毒。本指南向您展示了如何执行此操作以及其他解决方案,以彻底清除您的计算机的引导扇区病毒。
如何防止引导扇区病毒
虽然删除引导扇区病毒非常具有挑战性,但很容易避免一开始就感染它们。这些恶意程序传播的最常见方式是通过共享的可移动媒体。
在将任何可移动存储驱动器插入计算机之前,您必须确保它没有感染引导扇区病毒。当您连接媒体时,病毒可能不会进入您的计算机,但如果您在启动系统时保持连接,那么您的硬盘驱动器将被感染。
保护您的机器免受引导扇区病毒的侵害与一般的病毒保护类似——您必须拥有可靠的防病毒软件和防御措施,并始终保持其病毒定义的更新。我不能过分强调防病毒软件的作用。在这种情况下,您需要它们来实现这两个功能,主要是:
- 监视您的计算机系统中的恶意活动。
- 检测(Detect)计算机系统中的已知恶意操作和模式。
- 扫描病毒并从系统磁盘中清除它们。
在接下来的部分中,我们将更深入地了解这些病毒如何感染您的计算机系统。
提示(TIP):您可以使用MBR 过滤器保护计算机的(MBR Filter)主引导记录(Master Boot Record)。
引导扇区病毒(Boot Sector Virus)如何进入?
正如我们所强调的,引导扇区病毒主要通过物理存储介质进入您的 PC。但是,它们也可能捆绑在下载中,尤其是来自不受信任的站点和电子邮件附件。
当您连接受感染的USB笔式驱动器或将软盘插入计算机时,病毒会转移到您的系统并感染MBR。它会修改或完全替换现有的MBR代码,并且在您下次启动时,病毒会加载到您的系统中并与MBR一起运行。
关于下载受感染的文件和电子邮件附件,引导扇区病毒在您下载它们时基本上是(mostly)无害的。但是,当您打开恶意文件时,它就会开始感染主机。在许多情况下,所有者可能已经为程序编写了指令,以增加和创建批次以向您的联系人发送电子邮件。
值得庆幸的是,计算机的BIOS架构得到了改进,这在很大程度上遏制了引导扇区病毒的传播。这一发展是由于包含允许用户阻止代码修改 PC 硬盘驱动器的第一个扇区的选项。
如果您从未更新过 BIOS(updated your BIOS),那么现在是进行更新的好时机。
阅读:(Read: )如何使用MBR Backup或MDHacker备份和恢复(MDHacker)主引导记录(Master Boot Record)。
如何删除引导扇区病毒
大多数引导扇区病毒可以加密MBR;如果您没有正确删除病毒,您的驱动器可能会受到严重损坏。
另一方面,如果病毒不加密MBR,只(only)感染引导扇区,则可以使用DOS SYS命令恢复坏扇区。
此外,您还可以使用DOS LABEL命令恢复受影响的卷标。如果感染严重且无法修复,您可以使用FDISK/MBR命令替换MBR 。
虽然所有这些方法在某些情况下都可能有效,但使用免费的可启动防病毒救援软件(free bootable antivirus rescue software)是删除引导扇区病毒的最安全方法。最重要的是,使用防病毒软件,您不太可能丢失保存在硬盘上的文件和数据。
阅读(Read):如何修复主引导记录(How to repair the Master Boot Record)。
TRIVIA:第一个 MS-DOS PC 病毒(first MS-DOS PC virus)创建于 1986 年,它是Brain 病毒(Brain virus)。Brain是一种引导扇区病毒,仅感染 360k 软盘。有趣(Interestingly)的是,尽管它是第一个病毒,但它具有完全隐身能力。V-Sign是第一个多态引导扇区病毒。
What is a Boot Sector Virus and how to prevent or remove them?
Boot Sector Viruses are malicious programs that reside in your hard drive. They infect your machine by replacing your Master Boot Record (MBR) or DOS Boot Sector with their code. In some cases, boot sector viruses will encrypt the MBR. This mode of operation is what makes boot sector viruses are potent.
What is a Boot Sector Virus?
The Master Boot Record is on the first sector of your hard drive and executes whenever you power on your PC. This means that even if you try to remove boot sector viruses using an antivirus, they get loaded back into your computer’s memory on your next boot.
Originating from your boot sector, these viruses will then spread to all the disks on your computer. This makes boot sector viruses tough to remove.
Also, if Windows is running, regular antivirus programs will not have access to the MBR. You can, however, use bootable antivirus disks to remove boot sector viruses. This guide shows you how to do this and other solutions for ridding your computer of boot sector viruses for good.
How to prevent Boot Sector Virus
While removing boot sector viruses is quite challenging, it’s easy to avoid getting them in the first place. The most common way that these malicious programs spread is through shared removable media.
Before inserting any removable storage drive into your computer, you must be sure that it isn’t infected with a boot sector virus. The virus may not get on your machine when you connect the media, but if you leave it connected while you boot up your system, then your hard drive will be infected.
Protecting your machine from boot sector viruses is similar to doing it for viruses in general – you must have reliable antivirus software and defenses and always keep their virus definitions updated. I can’t overemphasize the roles of antivirus software. In this case, you need them for these two functions, primarily:
- To monitor your computer system for malicious activity.
- Detect known malicious actions and patterns in your computer system.
- Scan for viruses and get rid of them from your system’s disks.
In the section that follows, we’ll get more in-depth on how these viruses infect your computer system.
TIP: You can protect your computer’s Master Boot Record with MBR Filter.
How does a Boot Sector Virus get in?
As we’ve emphasized, boot sector viruses enter your PC mainly via physical storage media. However, they may also come bundled in downloads, especially from untrusted sites and email attachments.
When you connect an infected USB pen drive or insert a floppy disk into your computer, the virus gets transferred to your system and infects the MBR. It modifies or completely replaces the existing MBR code, and on your next boot, the virus is loaded into your system and runs with the MBR.
Regarding the download of infected files and email attachments, boot sector viruses remain mostly harmless when you download them. However, when you open the malicious file, it then begins to infect the host machine. In many cases, the proprietor might’ve encoded instructions for the program to multiply and create batches to email your contacts.
Thankfully, the computer BIOS architecture has improved, and this has curbed (to a large extent) the spread of boot sector viruses. This development is due to the inclusion of the option to allow users to block codes from modifying the first sector of PC’s hard drives.
If you’ve never updated your BIOS, now’s a good time to do it.
Read: How to backup & restore Master Boot Record with MBR Backup or MDHacker.
How to remove a Boot Sector Virus
Most boot sector viruses can encrypt the MBR; your drive can get severely damaged if you don’t remove the virus properly.
On the other hand, if the virus doesn’t encrypt the MBR and only infects the boot sector, you can use the DOS SYS command the restore the bad sector.
Further, you can also use the DOS LABEL command to restore affected volume labels. If the infection is severe and beyond repair, you can replace the MBR with the use of the FDISK/MBR command.
While all of these methods may work for some cases, using a free bootable antivirus rescue software is the safest way to remove boot sector viruses. Most importantly, with antivirus software, you are unlikely to lose files and data saved on your hard drive.
Read: How to repair the Master Boot Record.
TRIVIA: The first MS-DOS PC virus was created in 1986 and it was the Brain virus. Brain was a boot sector virus and only infected 360k floppy disks. Interestingly, even though it was the first virus, it had the full-stealth capability. V-Sign was the first polymorphic boot sector virus.