win32: malware-gen detected in boot time scan after MBAM scan

[REDACTED]

Hello everyone!

I'm looking for a bit of expert advice on this one. Any help/information you can give is GREATLY appreciated. I need this computer to work properly for my work.

I think I am symptom free as of right now but I need to make sure that my system is completely clean.

Trying not to be too wordy: In October, I run boot time scan and malware is found. Avast says it is cleaned. I move on. Recently, Avast repeatedly detects malware (via threat detected pop-ups), scan returns nothing. I try boot time scan, malware detected(Somoto-J[PUP]), quarantined and removed. Avast continues to randomly detect malware in temp files. After another boot time scan, Im slammed with 1000's of javaws.exe processes. I restart and uninstall java and download MBAM and FRST. I scan with FRST and MBAM finds a bunch and removes all after reboot. Second MBAM scan including rootkits returns nothing. So to double check, I run another boot-time scan, and Avast finds ANOTHER win32:malware-gen in the temp files. I have since cleaned out the entire temp folder to see if that will help but I fear something may be hiding in registry,etc. lastly, I just downloaded aswMBR and did a quick scan.

I am following advice posted here: https://forum.avast.com/index.php?topic=53253.0 but I found that later on and didn't follow the same order.

Attached are: FRST log, addition.txt, MBAM initial scan log, and aswMBR.txt

Again, any help with this is GREATLY appreciated. It is crucial that I get this computer clean and working properly.

Please let me know if any further details are required.

[REDACTED]

Also attaching the scan logs from avast to see if that will help at all....

Couldn't find the Report folder in avast's files and searched for the aswboot.txt and couldn't find that either so I am attaching screenshots from the avast GUI.

[Pondus]

FRST should always be run last as it then will show status after any detection/removal

Malware expert is notified, it may take hours before he is online

[REDACTED]

Pondus,

Thank you for the swift reply.

And noted. I ran another FRST scan and attached the new logs just in case that will be helpful.

[Pondus]

In case you dont know, PUP = Possible Unwanted Program
Avast PUP detection is default off in all shields/scan except for boot scan, so if you want pup detection you need to turn it on in all shields/scan you want it

[REDACTED]

I knew what PUPs are, but found out that tidbit about bootscans in recent research. I have since enabled scanning for PUPs in Avast settings.

Thanks again.

[dbrisendine]

Have there been any further detections since running Malwarebytes' Antimalware?  (Asking because the last FRST scan / logs look clean.)

[REDACTED]

Nope. Seems to be running clean now. I ran a full system scan with all of the options turned on in Avast and it came up with nothing. Thanks for your help!

[dbrisendine]

You're welcome!!