How to Protect Boot Sector from Viruses in Windows

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q122221
This article has been archived. It is offered "as is" and will no longer be updated.
When you start your computer with a floppy disk that is infected with avirus, Windows is not capable of detecting it, which is true with manyoperating systems. Some viruses, such as the FORMS virus, may infect theboot sector of your hard disk drive. This article discusses some methodsof protecting the boot sector of the hard disk drive from viruses.
There is a misconception that if the partition of the hard disk drive isNTFS, the information in the partition is secure. NTFS, like other filesystems such as File Allocation Table (FAT) and High Performance FileSystem (HPFS), is not recognized until Windows starts the service forthe file system. The boot sector is separate from the file system in thatit is recognized by the system BIOS upon starting the computer.

In order to provide C2 level government security, the environmentsurrounding the system must meet the same level of security that Windows provides. The C2 standard requires physical security, such as lockingthe computer.

To protect your system from any type of virus infection inWindows and possibly recover the boot sector of the hard drive, use one of the following methods:
  • Remove any floppy disk in drive A after you shut down Windows.
  • Configure the system BIOS to disable floppy disk booting (no floppy seek) or change the order of the boot process to hard drive first.
  • Configure the system BIOS to enable system password protection.
  • To fix the boot sector, start the computer with a MS-DOS system disk and run the following command:
    fdisk /mbr
    WARNING: If your hard drive was prepared by a third-party disk manager program, such as Ontrack Disk Manager, then the fdisk /mbr command removes the overlay program of that third-party disk manager, such as the Overlay Manager, and the drive no longer starts. Therefore, you mustmake sure that the drive was not partitioned with a third-party disk manager program before you use this command.
  • Run the Repair utility to verify and recover Windows startup files.
The fdisk /mbr command works only on hard disk drives that are within the limitations of DOS. If you are accessing devices that are beyond the 1024 cylinder limit, you cannot run fdisk /mbr and you receive error code 1762.

If a virus has infected the Master Boot Record (MBR), you cannot run the Emergency Repair Disk until the virus is cleaned. Most virus programs have the same limitation as DOS so you cannot run a scan against the hard disk drive; however, DOS 6.22 Msav.exe will clean the MBR and RAM of the computer.
3.10 antivirus

Article ID: 122221 - Last Review: 12/04/2015 10:40:25 - Revision: 2.2

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Datacenter Server, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows NT Advanced Server 3.1, Microsoft Windows NT Server 3.5, Microsoft Windows NT Server 3.51, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Workstation 3.1, Microsoft Windows NT Workstation 3.5, Microsoft Windows NT Workstation 3.51, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Advanced Server 3.1

  • kbnosurvey kbarchive kbusage KB122221