When the hard disk is repartitioned and formatted, the boot record will be rewritten. Boot the system.
The main boot sector is located in the 0 track 0 cylinder 1 sector of the entire hard disk, including the hard disk master boot record MBR (Main Boot Record) and the partition table DPT (Disk Partition Table). The role of the master boot record is to check whether the partition table is correct and to determine which partition is the boot partition, and at the end of the program, transfer the startup program of the partition (that is, the operating system boot sector) into the memory for execution.
The boot area records some of the most basic information of the hard disk, such as the partition information of the hard disk. This information can ensure that your hard disk can work normally, but if the information is modified, the data in the hard disk will be Will be lost. Generally, machines that download stuff from the Internet or copy stuff around are most susceptible to boot sector viruses. Viruses like CIH take advantage of this, destroying your hard drive partitions and causing your data to be lost. Therefore, the security of the boot area is very important.
The boot sector virus is the earliest virus that appeared on the PC, and it is also the earliest virus type discovered in my country. This type of virus mainly infects the boot sector of the floppy disk and the boot sector of the hard disk or the master boot record.
A normal computer startup process is: the computer reads the boot sector or the master boot record loads it into the memory, and then boots the corresponding system. A machine infected with a boot sector virus will first load the virus into the memory and then proceed with the normal boot process.
In the 1980s and 1990s, there were many boot sector viruses, such as Stone, Brain, Pingpang, Monkey, etc. However, with the development of Windows, some boot sector viruses gradually became invalid. Up. But there are still some boot sector viruses that survive, and the infection rate is quite high. The most common one is the WYX (Polyboot) virus.
Symptoms of the virus
An error occurs in the floppy disk read and write, and the floppy drive is read for no reason.
On March 15th, Kingsoft Security Lab captured a computer virus named "ghost". After the virus successfully ran, it could not find anything in the process or system startup add-ons. Abnormal, and even if the system is formatted and reinstalled, the virus cannot be completely removed. Just like a "ghost", "the ghost is not scattered", so it is called a "ghost" virus. This virus has therefore become the first "boot zone" downloader virus in China.