Hello,
Since July 12 I've been occasionally seeing alerts from Avast regarding Script:SNH-gen [Trj] with this message:
Threat blocked
We've safely aborted connection on www.whereisip.net because it was infected with Script:SNH-gen [Trj]
I've confirmed that the message is coming from the webshield as the same alerts are mentioned in the C:\ProgramData\AVAST Software\Avast\report\WebShield.txt file.
At first I assumed it was from some site I browsed, but I don't know which as I didn't see the alert from Avast until later in the day because I had it running in silent mode.
Some days I don't see the alert at all, and sometimes see the alert right after booting up, for example, last night I went to bed running an Avast boot-time scan. The scan found nothing but I saw that Avast had 3 more instances of the same alert again after the scan completed and the reboot to Windows happened, there was no web browser opened.
I've read through your instructions and run MalwareBytes and FRST, and I've attached the logs. FRST didn't seem to find anything, it's logs were empty? MB didn't appear to find anything either. I'm thinking this might be a false positive, but I have no idea what app is trying to connect to
www.whereisip.net as Avast doesn't tell me that.
Thank you.