I've been having recurring problems with the Shopperz trojan in Windows 10. Each time I reinstall Windows, it comes back. I find Shopperz by scanning Windows with ClamTK (GUI for ClamAV) from a linux partition.
So last time I reinstalled Windows, I scanned after each change I made. I started with a backup that I made yesterday from a backup I made a year ago. This backup is basic Windows 7 that is up to date on updates as of 11 Dec 2015, Comodo Security Suite, and Chrome. I can't think of anything else extra in the backup. So after restoring Windows 7 from the backup, I made a linux partition and scanned Windows with ClamTK. Windows 7 was clean. Next I upgraded to Windows 10 without visiting any webpages or installing anything else, and scanned again. This time ClamTK found the Shopperz trojan. So I'm wondering if Microsoft made a change to dnsapi.dll that is just enough of an intrusion to register as Malware? I also tried scanning the Windows 10 partition with Comodo for Linux, and it came up clean. So it is just ClamAV that is finding Shopperz malware in Windows 10.
Here is the path and ID of the trojan from ClamTK, I just stop the scan after the first trojan is found since it takes several hours to finish...