I have the same thing.
Here is what happened to me yesterday: I got a message (I assume now falsely from avast) saying to update avast. I have clicked on it and it created a new Firefox shortcut on my pc and pinned it to the taskbar.
Then it opened a similar firefox but it asked to add several addons like ‘update avast’ or something similar. Hopefully for me I did not accept the “allow addon install”. I closed Firefox and deleted the wrong shortcut on my windows taskbar and openned again the correct firefox. It has no strange addons installed inside it.
This morning hitmanpro tells me :
[i]"Properties
Name backup.exe
Location C:\Program Files\Common Files\AV\avast! Antivirus
Size 656 KB
Time 76.6 days ago (2015-12-03 17:43:19)
Authenticode Valid
Entropy 6.6
Product Avast Upgrade
Publisher AVAST Software
Description Avast Settings Backup
Version 10.3.0.54
Copyright Copyright (c) 2014 AVAST Software
RSA Key Size 2048
LanguageID 1033
SHA-256 AC4FD796792192FC2DDDF0B0FCBF9E941FEFB764F566380683416A2CD20073C1
Scoring (87.0)
One or more antivirus vendors have indicated that the file is malicious.
Program starts automatically without user intervention.
Program is code signed with a valid Authenticode certificate.
The file appears to be part of an installation package or setup program. This is typical for most programs.
I try to scan the folder “C:\Program Files\Common Files\AV” with Avast and it found nothing !! ;(
I also scanned my pc with malwarebytes and nothing came.
I don’t what to do to remove it properly !
Thanks in advance