How To Remove A Patching Virus (w32.Virut & w32.Sality)

[starforce]

This guy made a video on how to remove this virus.one of the nastiest file infectors:
Virut is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously. The only symptoms are a strange HDD activity while infecting, and also unwanted TCP traffic. Virut tries to connect you into an IRC network under the user name "Virtu" and zombify you. Unfortunately, the cleaning of this virus is very difficult or almost impossible.

http://www.ca.com/us/securityadvisor....aspx?id=55141



The virus remains resident in memory and infects executable files with ".EXE" and ".SCR" file extensions.


It's damage to the system is almost beyond repair as it disables Windows File Protection:


The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.


http://www.ca.com/us/securityadvisor....aspx?id=55141

Therefore all those running processes are most probably now the virus agent.

There is a claim by Grisoft that the following tool can remove the infection:

http://www.softpedia.com/get/Antivir...-Remover.shtml

This claim is hard to believe. Not only almost all the running processes are infected but also their copy in i386 folder and in the dll cache are patched.

The following video will show you how to remove a patching virus (like virut or sality) from your PC without having to resort to a reformat. This video also demonstrates how a highly infected computer can be returned to normal by using a few free anti-malware applications (and a lot of time).
How To Remove A Patching Virus (w32.Virut & w32.Sality) | Remove-Malware.com
this tool
you cen try it from avg
Win32/Virut Remover Download - Softpedia
this site well help you
http://remove-malware.com/
regards
big love
starforce