Combofix Compromised Alert Message

Sorry to bring you the bad news but if ComboFIx is detecting Virut, your Windows Operating system files have become infected and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.

Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the infection.

 

You're welcome. Make sure you follow the below instructions immediately upon reinstall:

How to Protect yourself from malware!

 

Chiming in here. According to navyjax2 he has had luck with
Nortons W32.Virut Removal Tool

http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

He also used a combination of Microsoft’s Malicious Software Removal Tool.
http://majorgeeks.com/Microsoft_Malicious_Software_Removal_Tool_d4471.html

And Spybot.
http://majorgeeks.com/Microsoft_Malicious_Software_Removal_Tool_d4471.html

Spybot will not run in normal mode with this infection. To get spybot to run, navigate to the spybot install folder. Generally c:/program files/spybot look for 2 files with 10 random letters ending in .SCR. One is for updates and if you double click it, will do nothing. The other one will run spybot.

Worth trying before a format.

 

Many AV companies have tools that attempt to remove Virut but they simply don't always work and frequently can even render a PC unbootable.

The newer forms of Virut that are around do not seem to get fixed by any removal tools and in many cases, the scanners do not even detect the infection at all. There are actually bugs in the malware code itself which has cause it to become harder to properly detect and remove. And even if you think you have gotten all traces removed, these infections normally leave PCs in a very unreliable/untrustworthy state.