[rnd.usr]

I have a little question. Hoes does AV's remove file infections from system files? They sure can't wipe the modified bytes, replace with an original(because distribution is illegal) or remove the file, so how do they do it?

[EP_X0FF]

This is depends on AV and it implementation.
In several cases they
1) can ask you to allow download of clean file copy or use installation CD;
2) rebuild file, zeroing infection payload part/cut malware overlay and restoring EP/modified part (file still will be modified).

[Cch123]

Adding on to what EP_X0FF said, there are other methods to fix these infections.

Some antivirus monitor and record the actions of programs running on the computer. When the program is identified as malicious, the antivirus undos all the actions and modifications that the program made, based on what the antivirus recorded.
Additional Info:
http://support.kaspersky.com/6270
http://www.webroot.com/us/en/business/p ... g-rollback

Another technique is repairing the file based on the cloud. The antivirus compares the infected file on the computer with the clean file in its cloud database. It then determines the difference between the two files and the local antivirus then repairs the file accordingly by changing the infected file back into its clean copy.
Additional Info:
http://www.pcmag.com/article2/0,2817,2424097,00.asp

Hope my explanation helps.