Ms. Ducktoes did it! I beat the dreaded Virut without reformatting. This is how I did it.

1. The Dr. Web Cureit Live CD I spoke of in the last post didn’t work. At the beginning of the scan, it stopped everytime. So instead:
2. I created an Ultimate Boot CD for Windows. I downloaded the image from the UBCD website and burned it to cd. There are detailed instructions on the site on how to do this.
3. I booted off the cd and went on the Internet through the UBCD interface. I downloaded Dr. Web Cureit to the Ram drive.
4. Then from the “Run” option off the start menu I browsed to the B: Ram drive and opened cureit.exe.
5. Dr. Web Cureit started. I had to stop the Express scan and run the Custom scan and select the C drive or the C and D drives since I had more than one hard drive. Otherwise Dr. Web Cureit just scanned the CD.
6. I cured the files instead of deleting them. The Virut virus changes the system files and your computer system needs them.
7. I scanned a three times this way.
8. I rebooted but the computer wouldn’t start. So I did a “repair install” with my Windows Xp cd.
9. After the Repair Install, it booted, but after the logon, the logon kept returning. I couldn’t get past it.
10. So I booted off the UBCD and replaced the Userinit.exe file in the System32/dllcache folder. I found another copy of it in the 1386 folder and copied and pasted. You can search using the Windows Explorer on the UBCD disk.
11. Then I ran regedit (still off UBCD) and searched for userinit. I found the registry keys related to userinit. One of them was set for the logon to repeat over and over, so I changed it from “1″ to “0″.
12. Then I rebooted and the computer started and the logon didn’t repeat!!
13. Immediately I went into Safe Mode and started running virus scans like crazy. I ran Malwarebytes, AVG, SuperAntiSpyware and Dr. Web Cureit again. And found more trojans and viruses.
14. After all the scans ran clean. I rebooted.
15. The Virut was removed!!! And I didn’t reformat.

The worst virus I’ve ever seen is now making its way through Bit Torrent and Limewire and other file sharing programs. It’s called Virut. And once you have it it’s pretty much game over and time for a clean install. You’re done. At least you’re operating system is kaput. So if I were you I’d make sure your anti-virus is working and updating regularly. And stay away from P2Ps until this settles down. Lots of people are losing everything on their computers. What makes Virut so nasty is that it patches itself to every executable, so everything time you run an anti-virus, it “patches itself” onto the anti-virus. Also it changes system files, so if you “delete” instead of “cure” or “heal” them, you’ll be facing at least a Repair install.

Some fixes for Virut run in Safe Mode, but on my client’s computer, Safe Mode isn’t working. I’m right now trying a method I saw on the Internet that uses Dr. Web. Cure-it.