I have been using a custom scan on Avast which scans pretty much every option you can select including memory, and last evening while it was running picked up on two instances of win32:banker trojan in javaw.exe. Unfortunately I was not keeping logs of any scans at that time so that is why I'm going to type out a basic summary of what I've done. After detection, I jumped online to start seeing what I needed to know/do about this and now realize that scanning memory can potentially yield strange results or false positives, from what I have read. So I went back and did a standard default Avast Full system scan which yielded 0 infections. I then ran a full Malwarebytes scan, 0 infections. During the time of the initial custom scan that picked up the infection I had been playing a game which uses Java, therefore javaw.exe was a running process at the time. I restarted my custom scan, which includes memory scan, without running javaw.exe, and it found 0 infections. Thinking I was beginning to narrow it down I made another custom scan that only scanned memory, and without running javaw.exe it found 0 infections. I started up the game which started up java, and then ran the memory scan and it almost immediately had two hits for the win32banker. I also uploaded the javaw.exe file to VirusTotal and it yielded 0/46 clean result. Basically, Avast is detecting a trojan only when javaw.exe is a running process and the memory is scanned. I am wanting to know if this is just a false alarm or if this is a legitimate threat? I am on Windows 7 Home Premium OS and the Java version is Java 7 Update 17 64-bit version. Any clarification is greatly appreciated, and I have run a new set of scans today with logs and trojan detections if needed. Thank you!
