I hope this is the correct forum for this thread.

I am running Windows 98 and DOS 6.22 / Windows 3.11 on a 1Ghz AMD Athlon processor. My Motherboard has boot virus detection built into the CMOS. Motherboard is ASUS A7V133 Socket A with VIA Apollo KT133A Chipset.

A few days ago I started PowerQuest Drive Image which must run in DOS Mode. Windows 98 was shut down automatically and system restarted in DOS Mode. During bootup, there was a message about a Boot Sector virus. I used a set of Diskettes to restart the system and run Drive Image.

When I shut the system down and restarted Windows 98 via Boot Magic utility, there was no indication of a virus. I tried to duplicate the scenario which cause the message. I started Drive Image. Windows 98 shut down and Drive Image started with not virus message.

I do not use any virus protection or firewall software. I avoid diskettes and CDs from unknown sources. I do not open suspicious email, and ignore any attached files form unknown sources.
So far, I have had no trouble.

Am I likely to have a boot virus now dormant for some reason?

Did the message occur due to some transient fluke? What damage does a boot sector virus do?

Does anybody know algorithm is used to detect a boot virus? Is it a comparison of the boot sector with a previously stored copy? Is it a check sum? Is it based on knowledge of a virus signature.

Boot Magic must modify the boot sector to do its job. Could Boot Magic alteration of the boot sector cause erroneous detection of a virus?

I am querying PowerQuest, expecting to get little or no help in 2-3 days. They are good about trouble shooting their own software and providing tech support in general, but I suspect that they will have little help on this subject, unless it happens often to users of their products.

------------------
Gouverneur, the Dinosaur from pre-compter era.
Eschew Obfuscation!
If one hundred million people believe a foolish idea, it is still a foolish idea.

This has happened to me and I think it was error because program was writing to boot sector. I have nortons anti virus and ran it after the message and it found nothing. My system like yours is working fine. If like mine one time deal would not worry about it. of course I think I would still check for viruses.

------------------
One day I will be a pro, Thanks Andy

all i can give is this

System Sector Viruses (AKA Boot Sector Viruses)
These are viruses which plant themselves in your system sectors. System sectors are special areas on your disk containing programs that are executed when you boot your PC. Sectors are not files but simply small areas on your disk that your hardware reads in single chunks. Under DOS, sectors are most commonly 512 bytes in length. These sectors are invisible to normal programs but are vital for correct operation of your PC. They are a common target for viruses. There are two types of system sectors found on DOS PCs, DOS boot sectors and partition sectors (also known as Master Boot Records or MBRs). If the term boot sector is new to you, then please read the page on system sectors for more details on why system sectors are important and how they work.
System sector viruses (also commonly referred to as boot sector viruses) modify the program in either the DOS boot sector or the partition sector. Since there isn't much room in the system sector (only 512 bytes), these viruses often have to hide their code somewhere else on the disk. These viruses sometimes cause problems when this spot already contains data which is then overwritten. Some viruses, such as the Pakistani BRAIN virus mark the spot where they hide their code as having bad sectors. This is one reason to be alarmed if CHKDSK or Scandisk suddenly reports additional bad sectors on your disk. These viruses usually go resident in memory on your PC, and infect any floppy disk which you access. Simply doing a DIR on a floppy disk may cause it to be infected. Some viruses will infect your diskette as soon as you close the drive door. Since they are active in memory (resident), they can hide their presence. If BRAIN is active on your PC, and you use a sector editor to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected boot sector and return instead a saved image of the original boot sector. You will see the normal boot sector instead of the infected version. Viruses which do this are known as stealth viruses. In addition to infecting diskettes, some system sector viruses spread by also infecting files.

Sectors are not files but simply small areas on your disk that your /hardware reads in single chunks. Under DOS, sectors are most commonly 512 bytes in length. These sectors are invisible to normal programs but are vital for correct operation of your PC. You can not see system sectors on your diskette in the same way that you can see files. They are simply a special reserved location at the beginning of your diskette.
DOS Boot Sectors
The very first sector on disk or diskette that DOS is aware of is the boot sector. From a DOS perspective, this is the first sector on the disk. Every floppy and hard disk has a boot sector containing executable code. This sector contains an executable program whether the disk is bootable or not. Since this program is executed every time you power on or boot your PC, it is very vulnerable to virus attack. Damage to this sector can make your disk appear to be unreadable. This sector is rewritten whenever you do a "SYS" or a "FORMAT /S" to a disk.
Warning: even a non-bootable floppy can contain a virus in the boot sector. If you leave the floppy in your PC when you power on or boot, you will be infected even though the PC won't successfully boot from that floppy.
Partition Sector (AKA Master Boot Record or MBR)
On hard (fixed) disk drives, the very first sector is the partition sector (also known as the master boot record or partition table). Each physical hard disk drive has one of these sectors. A single physical disk can be partitioned into one or more logical disks. For example, you may have a physical drive partitioned into C: and D: logical disks so that your single physical disk appears (to DOS) to be two logical disks. The single partition sector contains the information that describes both logical disks. If the partition sector is damaged, then DOS may not even recognize that your disk exists. The partition sector also contains a program which is executed every time you power up or boot your PC. This program executes and reads the DOS boot sector (or other operating system boot sector) which also contains a program. Numerous viruses plant their code in the partition sector.

Boot Sector viruses are the most common types, and cannot normally spread across a network. These are usually spread by accident via floppy disks which may come from virtually any source such as unsolicited demonstration disks, new software (even from reputable sources), new or repaired hardware, or disks used on your PC by salesmen or engineers.







------------------
W/Me (memory eater)
Me Help (http://www.webtechgeek.com/center_Frame_win_me_tips.html)
BUDS TS. (http://www.geocities.com/~budallen/whatsnew.html)
answers (http://www.dewassoc.com/support/index.html)

Yoda, very good and full of good information. Will nortons anti virus take care of them? Enjoyed reading your post.

------------------
One day I will be a pro, Thanks Andy

ya might want to go here and look around?
http://service4.symantec.com/SUPPORT/qdeckkb.nsf/5891cb657a5c5f38852566d600716af5/df1cb661fac8f344852566d00011bae0?OpenDocument

------------------
W/Me (memory eater)
Me Help (http://www.webtechgeek.com/center_Frame_win_me_tips.html)
BUDS TS. (http://www.geocities.com/~budallen/whatsnew.html)
answers (http://www.dewassoc.com/support/index.html)

I tend to think that if you did not have the BIOS Av turned off and you tried using a program like Boot Magic, you would get the error. That is why you should disable the AV if you are doing something major like installing an OS, or even some utilities, Basically any operation that impacts the boot sector it should generate a warning.

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

mjc, I think that is what happened to me!

------------------
One day I will be a pro, Thanks Andy

Originally posted by andyswork@beci.net:
mjc, I think that is what happened to me!



that is precisely what has happened to you, dinosaur, andy - (and thousands of others of us) !

"Boot Magic must modify the boot sector to do its job. Could Boot Magic alteration of the boot sector cause erroneous detection of a virus?"

the BIOS av noticed the change and has reported a virus. That's all.

no worries since it was an action on your part that caused this, rather than an 'outside' influence.

http://www.PCGuide.com/ubb/wink.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

[This message has been edited by sea69 (edited 11-10-2001).]