Booting From An Infected Disk

I for got to put a post on how the booting from an infected floppy disk or drive affects the computer. Now let us look into it. A infected disk means it contains potentially harmful files such as viruses or Trojans. If it is a bootable disk the virus may be in the boot sector of the disk which is a very dangerous condition. In the case of hard disks the virus may be in the partition table or boot sector or in both location. The virus in the infected boot disk ensures the original content of the boot sector are copied to a safe location so that it will not be lost easily.
Now let us checkout how the booting from an infected disk affects the computer. Before entering into this topic one must know about the booting procedure. (I have already put a post on booting from a non-infected disk. Click here to refer it.) It will be helpful if you refer it.
The various stages of the booting from infected disk is given below:
a)POST routines are executed.
b)Set up the Interrupt Service Routine Table (IVT).
c)The size of the RAM is calculated during the RAM test and the size is stored in the location 0x413 and 0x414.
d)Standard equipments are initialized.
e)Non standard equipments are initialized.
f)Reading the boot up sequence.
g)The contents in the boot sector are loaded into the main memory and the control is passed to the program in the main memory. In the infected disk virus will be loaded in to the main memory and the control is passed to the virus in the main memory.
h)Virus gets loaded in a memory where a bootstrap program gets loaded. The virus cannot load the file IO.SYS. So virus has to load Disk Bootstrap Program in to the memory. This Disk Bootstrap Program is loaded in the place where the virus is loaded. As a result the virus will be overwritten. Thus the virus in the memory is destroyed. But the virus maker is too tricky and he will not let it to do so. The virus is programmed to load a copy of itself in the high end of the memory before loading the Disk Bootstrap Program. The size of the memory will be available at the location 0x413 and 0x414. The virus after loading into the high end of the main memory, it reduces the size of the memory stored in the location 0x413 and 0x414 by its size. After this process the virus will load the Disk Bootstrap Program and the control is passed to it.
i)The remaining part of the booting will occur in the normal way. But the virus will be active in the memory. It can capture interrupts and perform malicious task. It captures the interrupt for writing into memory and copies itself into the memory whenever the interrupt for memory writing is called. This way by capturing interrupts and being active in the memory the virus is able to spread themselves and perform malicious tasks in the computer. Since these processes does not informs anything to the user, the user feels that everything is OK and the virus will remain undetected. If we try to boot a system with an infected disk, the virus will affect that system also.