Modification of the hard drive areas responsible for the initial loading of the system has become increasing popular with cybercriminals. Moreover, cybercriminals have now moved on from just modifying the MBR (master boot record) to infecting the code of the NTFS loader. We recently discovered an interesting piece of malware — Cidox. It is peculiar in that it infects the load area code of the boot