I run Windows 7 with Avast for my antivirus.
Last night upon booting up my rig Avast alerted me that I had VBS:Malware-Gen, and to run a bootscan.
Bootscan quarantined and removed several files, but identified that the NTUSER.DAT files for my only user profile and System32 were infected and could not be deleted due to share flags (and as little as I know about this, I do know removing those files would be BAD).
Running bootscan again would find more files each run, suggesting the malware was still active and replicating itself once boot was complete.
On the advice of a friend I ran Combofix. After doing so Avast still says I have the VBS:Malware-gen. However, running Bootscan now only finds the infection in three places - the two aforementioned NTUSER.DAT files, and a file the temporary internet files location that it supposedly quarantines each time. Subsequent runs of bootscan finds it only in the same location.
I then downloaded and ran MalwareBytes. It finds no infection, even upon full scan including rootkit.
Wondering which is wrong - do I still have the malware and MalwareBytes can't see it? Or have I removed it, but the footprints it left behind are triggering false positives in Avast?
Any help would be appreciated.