This delightful species of malware is capable of infecting every single executable (.exe, .scr, .dll) on a system, spreading via flash drives’ autorun executables, turning infected computers into full-blown zombies (ie, recruiting them into b0tnets), actively disabling anti-virus clients and other Windows security services, and generally corrupting systems so badly that there is absolutely no way to repair them short of completely reformatting the infected hard drive. (And if you have any autorun-enabled flash drives lying around, you sure as heck better not plug them back in once you’ve reformatted, because you’ll probably find yourself right back where you started if you do.) Here are a few resources I’ve found which may help clean up this mess.
First off, please be advised: Vitro and Virut appear to be different names for the same family of polymorphic malware – but Virut is much, much better documented (Win32:Vitro is the name used by Avast; most other AV vendors refer to the thing as Win32.Virut). In any case, here are some resources I’ve dug up on this family of disgusting vermin:
https://forums2.symantec.com/t5/Malicious-Code/W32-Virut-CF-Collateral-Damage/ba-p/388834
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=314
https://kc.mcafee.com/corporate/index?page=content&id=KB60908
http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99
Best Removal Utility
http://www.avg.com/us.virus-removal.ndi-67762
Both Symantec and AVG (links above) offer specialized removal tools that are supposedly capable of stripping the virus code (approximately 9Kb extra) out of infected files; I’ll update this post when I’ve had a chance to test the fixes out.
Update: AVG’s tool doesn’t actually strip out the virus code at all; as far as I can tell, all tool does is to somehow corrupt the code so that it cannot run properly (surprisingly, this approach does seem to be quite successful in at least deactivating the virus).
Additional update: It seems that most of the other anti-virus vendors have suddenly figured out how to detect AVG’s fix, so that properly “patched” files actually don’t generate false positives (in my preliminary testing, it seemed that cleaned files were still being flagged as infected by most AV engines on virustotatal.com). Additionally, Symantec’s repair utility turns out to be considerably less versatile than AVG’s (Symantec’s will only run under safe mode, and has no options, whereas AVG’s will run under any environment – even wine! – and offers extensive command-line control), and doesn’t do nearly as good a job of detecting infections. Consequently, here’s my recommendation:
Technosophy 
Hi i had this virus and yes avast shows it as vitro(w32.vitro) and norton 360 and avg as virut (W32.virut.cf) etc…
I had to install windows like alomost 10 times and the freaking thing would come back again and yes as stated above dont plug in any portable media with exe or scr files and you are screwed, avg removal toll is the best so far and thats waht i used to get rid of this darn virus and if you think you have infected any portable midia , what i did was plug them all in to my USB hubs and run avg removal tool as it does the scanning of all drives and leaves them virus free so far everything looks good, and i have another laptop to clean up so what i did vas i have a little portable hard with windows xp on it and the avg tool so i can use it to clean up the rest and, have only windows on your drive if you choose to use this method to clean infected PC’s cause it will scan your portable device too, will keep updated any… experiences pls share
have you tried using any of the tools offered by Eset Nod 32 or Kaspersky? Both these vendors produce the world’s best and 2’nd best anti virus softwares.
Also do you think anti-virus programs with heuristics analysers are able to detect the virus?
Well I have 6 windows installations now thanks to this virut vitro thing.
Thanks for mentioning that rmvirut.exe will run in wine because that’s what I’m trying now.
Symantec’s tool seems to be blind to what I have.
Now that I’ve seen the explanation I can see that rmvirut.exe seems to be doing something.
It describes finding an instance and altering of the virut.vitro as a “scanned file” Uninfected files aren’t counted. Files it can’t do anything with are “scanned” but not “cleaned” (about 300 so far in my case).
I think I’ll have to delete them manually.
thanks technosopher i was tired with reinstalling windows be-cos of this vitro virus avg works fine thanks for sharing your greatest knowledge with us