I've been running into systems that have been infected with win32.virut.cf. Some systems have been cleanable because they were barely hit but some systems not so lucky. Does anyone have a good methodology for cleaning a system? These systems have the following files get infected: services.exe, svchost.exe, explorer.exe, etc. What I did was:
1. disable system restore, reboot into safe mode.
2. Run Spybot, immunize and clean, Use autoruns to cleanup the system and process explorer to end anything that may be running.
3. Clean temp files locations and C:\, C:\windows, C:\windows\system32, C:\windows\system32\drivers of fake files (I usually organize the date fields and can find newer files and get rid of the suspicious items)
Reboot and the system is still infected. I've also tried this again but also ran the removal tool for Virut.cf from symantec. Still infected. I've had it 99% clean and then it starts blue screening. I've tried scf /scannow to repair system files and a Windows repair. System is still infected and unstable.
Is the best option a system reinstall? I want to know the best ways to combat spyware. Reinstalls suck to do compared to being able to save a system.
NOTE: Currently I don't have a system to test this on, I'm looking for good suggestions for combating these threats, good guides or best practices, etc...