Hi Jim Selleck,
Did you made an upload of an infected executable to virustotal.com and can you post the results you get there here as an attached file? The following information I distilled from tweakers netherlands:
If you are infected by virut vitro, then this is an advanced virus that tries to infect all kind of files. After a reformat a re-infection can occur easily through infected back-ups.
I informed above in the thread:
"The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. "Buggy" file infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess"
So virut will attach to an important system file that is used for a plethora of things, and so creates room for the virus as it pleases so-to-say, because almost every program makes use of these system-APIs. Also the virus scanner itself is not immune from it....
Scanning from another computer is not a very bright thing to do either in case of a file-injector involved seen to re-infection, the only sensible thing to do in such a case is using a PE CD.
The virus only injects when it is active, but an autorun is also enough to infect.
Best policy is preventing infection by running fully updated and patched Windows and third party software, and to use in browser security like Firefox with NoScript installed. Malcreants at the moment will use every weakness in IE browsers known for spreading their drive-by-malware-infectors.....and one ounce of prevention is worth 10 kg of cleansing after the fact....
polonus