Win.32:Buterat-WD[Trj] description needed

Could anybody give a description for Win.32:Buterat-WD[Trj], please?
Can’t find it not on site nor through the web search.
The reason for a question is :
I was using avast free. Few weeks ago the computer was infected with smth, that wasn’t detected by avast at all. The file after which the problem begun was scanned with avast and signed as clear and the full scan after I find out about the infection showed nothing , but the start pages of all browsers were changed to …webalta.ru, it was written as a start page, as a tool for web search, had written in the system many registry keys and added itself to the shortcuts of all browsers (if watch the shortcut’s properties) (the problem was solved by hand – deleted shortcuts, cleared registry, changed settings for browsers).
On the 6 feb. network shield showed that Trojan was blocked from a file with extension .swf, than in short time avast started launching some exe files in sandbox (from TEMP folder of current user (with limited rights)) – both files had random collection of letters in their names and self restored after moving them to chest, the main process was launched by java prog.
The scanning at startup found 18 critical elements (16 – JAVA….[Expl], 2- Java:Agent-CJZ[Trj], ater it the scan at startup, full scan of pc, scan with dr.webCureIt! showed that computer is clear. One of exe files and 2 files with jv in their names still self restored (avast showed no еркуфе) till the whole folder TEMP wasn’t cleaned under Admin.
Changed avast free to trial avast internet security. Made a full scan on 10th of feb. and Win.32:Buterat-WD[Trj] was found in C:\System volume information , and it’s last changes were done on the 6th of feb. , when there were java viruses in progress. I’d like to know is there any connection between problems and what activity does Win.32:Buterat-WD[Trj], what should I expect for and why it wasn’t detected while scans on 6-7th of feb. Thank you.

Here is relevant information found on this backdoor malware: https://www.drwebhk.com/en/virus_techinfo/BackDoor.Butirat.24.html
On the removal read this in Russian: http://virusinfo.info/showthread.php?t=132619 (link poster xnamex info cyber helper)
On netprotocol.exe
Netprotocol.exe is Trojan/Backdoor.
Kill the process netprotocol.exe and remove netprotocol.exe from Windows startup.
We suggest you to remove netprotocol.exe from your computer as soon as possible.
Kill the process netprotocol.exe and remove netprotocol.exe from Windows startup.
And → http://www.file.net/process/netprotocol.exe.html

pozdrawiam,

polonus

Thank you for your help.
Scanned with Dr.Web!CureIt in safe mode with quick scan and choosing all positions – it found nothing; hand search through the registry – 1 item netprotocol was found in Current user – Search assistant – it was deleted, and nothing else found; checked the branches HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - nothing suspicious found ;
Scanned with Malwarebytes – noted notepad.exe as Trojan.Agent ( nor dr.web nor avast didn’t find anything in it), and noted 3 keys – PUM Disabled Security Center – Firewall, Update, AntiVirus (during scan in normal mode with avast stopped and in safe mode), nothing else found.