False Positive - ESET Nod32 files

[Megeroni]

For a few days now Malwarebytes has detected some files from nod32's programdata as riskware. I believe these files are generated new every day, so it detects them every morning. I have emailed Nod32 and they believe they are not a threat. Attached is the log file.

MWB Log.txt

[blender]

Hello,

That is a little unusual.. The detection means that the extension does not match what the file really is. Perhaps it is an exe or something instead.
Nod32 support didn't tell you what creates these files?
I'd like to have a look at a couple of the files.

Can you restore those from quarantine & zip/attach a couple here?
Note: You will need to reboot before you have access to the files because MBAM will have them locked.

The ProgramData folder is hidden but if you open a new explorer window & paste in:
C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1
It should open right to the folder.

Any couple of these will be fine:

5907.PIC
5911.PIC
5913.PIC
5914.PIC
5916.PIC

You may also get a UAC prompt asking permission to access the folder. You can allow this.

Thanks!

[dubbya]

I also have this problem, but I tried to do as you suggested but on reboot the files disappeared and there were a new set. I zipped them and then ran Malwarebytes but it did not report them this time, so I am not sure that the attachment is any value.

pic files.zip

malwaresbytes.txt

[blender]

Hello,

We need the exact files that were detected. The ones you included are not MZ files. The actual extension indicates it is supposed to some sort of graphic file but it looks like this is not the case which is why the detections.
I checked with one of my co-workers who also uses ESET & that folder does not even exist on her machine so we need more info.

Can you restore them from quarantine & attach then zipped?
In your case they are in this folder:
C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1

6913.PIC
6915.PIC
6917.PIC
6919.PIC
6921.PIC

Thanks!

[dubbya]

As I said, after I restarted, those files were not there. I did not quarantine them. I assume ESET refreshes something on start-up, but I can't say.

[blender]

No chance ESET is nabbing the files? You check it's quarantine history?

[Megeroni]

My files have long since been quarantined and deleted. New .pic files are indeed generated every day and I have not had any detections for the last 2 days.

Edited April 26, 2018 by Megeroni

[blender]

Interesting.
If either of you have these hits again, please upload a couple. 

Since this is not at all a common thing to be happening, I suspect it might not be a false positive.

It wouldn't hurt to start a topic here just in case you do have an infection.
https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/

Follow instructions in this post:

Someone will be along to check your logs to make sure everything is OK or assist with cleanup if not.