Seems like no one in the world really know how to fully eliminate the W32.Virut virus. I have been fighting this bastard for two days straight with many different methods to fully disinfect the Virut infection in the past. If your customers are urgently needed the pc or laptop, then the only best solution is backup the data and reformat it, without bother wasting too much time fixing it.
Virut is a very nasty virus that can inject malicious code to any existing executable programs like .exe file and create bunch of .scr files in your system32 folder. That’s not all, it even capable of spreading through any USB removable device like pen drive and external storage. According to Miekiemoes blog also, it can mess up the web designer’s work too. Read the quote below:
This latest variant may also search for htm, html, asp and php files on the drives and modifies them by inserting an iframe that points to a malicious website. So you can already imagine what may happen if the owner is a web designer and uploads the infected webpages.
However, someone from Remove-Malware.com said it can be done easily. Oh, Really? Of course, you must check this out if that is true or not. According to the blogger (who is also work onsite serving computer), the method he used is running the free Dr Web Cure IT in UBCD4Win environment and starts full scanning and clean from there. Wasn’t it is much the same thing putting the external infected drive to another PC to do the cleaning in Safe Mode? This solution only disinfect the executable files including other files in “system32” folder and does not actually clean the Virut virus at all.
Since he didn’t mention anything about fixing or repair the network using the UBCD4Win boot CD. I am going to wait for his response on the comments. But based from my own experience, Virut virus creates a backdoor like on the network connection. Once you connect to the internet, it eventually starts causing traffic on the sharing network users and downloads the virus again. No one could figure out how to prevent the download from the host. The IP address cannot be easily blocked by the firewall. If he did not manage to fix this problem that’s means most of his client infected by it, are still expose to Virut threat.
I am not offending or conclude the Remove-Malware blogger are wrong. But I believe he fail to aware how bad does the Virut virus has done to Window and said maybe he was lucky he can clean it. I don’t quite believe that when you are working one or two hour onsite. Nothing is guarantee when you are onsite servicing because I also work as an IT technician and I can’t say if I really disinfect the entire infections virus and spyware or not. For the time being, the best solution is to perform scanning and disinfect the virus before you backup your data and reformatting.