Hello,
I have a problem with boot scan. It identifies 2 files both infected with MBR:Backboot-G [Rtk]:
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx

• I can delete or move it to chest with no problem

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

• this one can’t be deleted because of error 0xC0000043 {A file cannot be opened because the share access flags are incompatible.}

Can you please help me remove it?
Thank you

Update:
I tried TDSS killer and it found the culprit but was unable to cure MBR, said it can’t cure it and asked if it should write standard boot code. I selected yes, rebooted, then rebooted again with AVAST boot scan. First file was still there, removed it, ran boot scan again and everything is clear. Yay!

Just for information, it was causing ~20% CPU spikes every 5 seconds when internet connection was active, even in safe mode with networking. It was hiding behind “System” process.

If you need help from a expert, follow instructions and attach requested logs >> https://forum.avast.com/index.php?topic=194892.0