Hi, my first time posting here so apologies if I’m in the wrong area!
Avast has detected 54 suspicious files which “MAY” be harmful.
I’m not sure whether I should delete them or not!
The threat name is: Rootkit: Hidden Process
All the files under under C:\Windows\Installer and all have the same name: MSIC5C7.tmp
What should I do?
thank you
edit: I also have Malwarebytes installed. I just ran a scan and it didn’t detect anything!
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
Files attached, thank you
Also a screen shot of the Avast message
was this a boot time scan?
Sorry, not quite sure which scan you mean. The Avast message just popped up while I was writing an email, I assume it was running a scan in the background while I was working.
Sorry, not quite sure which scan you mean.https://support.avast.com/en-ww/article/Antivirus-Boot-time-Scan
The Avast message just popped up while I was writing an email, I assume it was running a scan in the background while I was working.OK
it may take hours before the malware expert is online …
Thanks Pondus, should I run this boot time scan? I’m just worried if I close the current Avast message I may not find it again! I can’t see it listed in the notifications within the Avast software. However I’m not very experienced at this kind of thing, if you hadn’t already detected that! 
@Sass Drake will check your logs when he is online
Great, thank you. Appreciate the comments. Will wait to hear further!
Logs looks clean but we will check reported file.
VirusTotal: C:\WINDOWS\Installer\MSIC5C7.tmp
Thanks for your help @Sass Drake.
Report attached as instructed.
Please note, I saved the file into Downloads rather than Desktop as that’s where the FRST tool was located… I don’t suppose the location affects the way it works, just mentioning in case it does!
The log suggests there are no issues. Would you recommend allowing Avast to remove the suspicious files or not?
Now I can only guess it is Avast false positive. Please let us know will it continue display alerts.
Hi, I ran a full scan through Avast this morning and it picked up the same files, but this time there are 70.
This makes me think I should delete them!
Picture of the scan result attached.
I guess I should have waited for advice, but I clicked Resolve on the previous message. Then ran another scan and now there are 72 files found :-[
Not sure why I’ve got a different scan result screen this time, I think it may have been a quick scan rather than full scan like I ran this morning
Hi, the file is not listed in the Virus Chest! Perhaps Avast was unable to delete it when I clicked Resolve?
I have browsed to C:\Windows\Installer and I cannot see the files there either, and I have not acted on the last scan result showing 72 files of the same name! (How can files with identical names even exist?)
Then we will have to wait for response from Avast team.
Thank you for your help to date, @Sass Drake, I really appreciate it!
Is there anything I need to do to bring this to the attention of the Avast team or will they see this post?
Just to summarise the current situation, I didn’t like to shut down my computer with this unresolved for fear that something would be triggered when I rebooted, so I tried to remove all the suspect files to the “Chest”. I have also tried to Delete them.
Running a quick scan immediately after, shows no viruses. But then when I run it again there are 70 or 80 files created again, always with the same name, MSIC5C7.tmp.
They don’t appear in the Virus Chest and I can’t see anything when I look in the C:\Windows\Installer location.
I have run Malwarebytes and Spybot Search and Destroy and they find no issues.
thank you