Suspicious Files Detected

[REDACTED]

Hi, my first time posting here so apologies if I'm in the wrong area!
Avast has detected 54 suspicious files which "MAY" be harmful. 
I'm not sure whether I should delete them or not!
The threat name is: Rootkit: Hidden Process
All the files under under C:\Windows\Installer and all have the same name: MSIC5C7.tmp
What should I do?
thank you

edit:  I also have Malwarebytes installed.  I just ran a scan and it didn't detect anything!

[Asyn]

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

[REDACTED]

Files attached, thank you

[REDACTED]

Also a screen shot of the Avast message

[Pondus]

was this a boot time scan?

[REDACTED]

Sorry, not quite sure which scan you mean.  The Avast message just popped up while I was writing an email, I assume it was running a scan in the background while I was working.

[Pondus]

Sorry, not quite sure which scan you mean.

https://support.avast.com/en-ww/article/Antivirus-Boot-time-Scan

The Avast message just popped up while I was writing an email, I assume it was running a scan in the background while I was working.

OK


it may take hours before the malware expert is online ...

[REDACTED]

Thanks Pondus, should I run this boot time scan?  I'm just worried if I close the current Avast message I may not find it again!  I can't see it listed in the notifications within the Avast software.  However I'm not very experienced at this kind of thing, if you hadn't already detected that!

[Pondus]

@Sass Drake will check your logs when he is online

[REDACTED]

Great, thank you. Appreciate the comments.  Will wait to hear further!

[Sass Drake]

Logs looks clean but we will check reported file.

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

VirusTotal: C:\WINDOWS\Installer\MSIC5C7.tmp

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Thanks for your help @Sass Drake.

Report attached as instructed.

Please note, I saved the file into Downloads rather than Desktop as that's where the FRST tool was located... I don't suppose the location affects the way it works, just mentioning in case it does!

The log suggests there are no issues.  Would you recommend allowing Avast to remove the suspicious files or not?

[Sass Drake]

Now I can only guess it is Avast false positive. Please let us know will it continue display alerts.

[REDACTED]

Hi, I ran a full scan through Avast this morning and it picked up the same files, but this time there are 70. 
This makes me think I should delete them!
Picture of the scan result attached.

[REDACTED]

I guess I should have waited for advice, but I clicked Resolve on the previous message.  Then ran another scan and now there are 72 files found 

Not sure why I've got a different scan result screen this time, I think it may have been a quick scan rather than full scan like I ran this morning