Megeroni Posted April 22, 2018 ID:1235391 Share Posted April 22, 2018 For a few days now Malwarebytes has detected some files from nod32's programdata as riskware. I believe these files are generated new every day, so it detects them every morning. I have emailed Nod32 and they believe they are not a threat. Attached is the log file. MWB Log.txt Link to post Share on other sites More sharing options...
Staff blender Posted April 22, 2018 Staff ID:1235392 Share Posted April 22, 2018 Hello, That is a little unusual.. The detection means that the extension does not match what the file really is. Perhaps it is an exe or something instead. Nod32 support didn't tell you what creates these files? I'd like to have a look at a couple of the files. Can you restore those from quarantine & zip/attach a couple here? Note: You will need to reboot before you have access to the files because MBAM will have them locked. The ProgramData folder is hidden but if you open a new explorer window & paste in: C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1 It should open right to the folder. Any couple of these will be fine: 5907.PIC 5911.PIC 5913.PIC 5914.PIC 5916.PIC You may also get a UAC prompt asking permission to access the folder. You can allow this. Thanks! Link to post Share on other sites More sharing options...
dubbya Posted April 25, 2018 ID:1236368 Share Posted April 25, 2018 I also have this problem, but I tried to do as you suggested but on reboot the files disappeared and there were a new set. I zipped them and then ran Malwarebytes but it did not report them this time, so I am not sure that the attachment is any value. pic files.zip malwaresbytes.txt Link to post Share on other sites More sharing options...
Staff blender Posted April 25, 2018 Staff ID:1236375 Share Posted April 25, 2018 Hello, We need the exact files that were detected. The ones you included are not MZ files. The actual extension indicates it is supposed to some sort of graphic file but it looks like this is not the case which is why the detections. I checked with one of my co-workers who also uses ESET & that folder does not even exist on her machine so we need more info. Can you restore them from quarantine & attach then zipped? In your case they are in this folder: C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1 6913.PIC 6915.PIC 6917.PIC 6919.PIC 6921.PIC Thanks! Link to post Share on other sites More sharing options...
dubbya Posted April 25, 2018 ID:1236414 Share Posted April 25, 2018 As I said, after I restarted, those files were not there. I did not quarantine them. I assume ESET refreshes something on start-up, but I can't say. Link to post Share on other sites More sharing options...
Staff blender Posted April 25, 2018 Staff ID:1236418 Share Posted April 25, 2018 No chance ESET is nabbing the files? You check it's quarantine history? Link to post Share on other sites More sharing options...
Megeroni Posted April 26, 2018 Author ID:1236794 Share Posted April 26, 2018 (edited) My files have long since been quarantined and deleted. New .pic files are indeed generated every day and I have not had any detections for the last 2 days. Edited April 26, 2018 by Megeroni Link to post Share on other sites More sharing options...
Staff blender Posted April 26, 2018 Staff ID:1236819 Share Posted April 26, 2018 Interesting. If either of you have these hits again, please upload a couple. Since this is not at all a common thing to be happening, I suspect it might not be a false positive. It wouldn't hurt to start a topic here just in case you do have an infection.https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ Follow instructions in this post: Someone will be along to check your logs to make sure everything is OK or assist with cleanup if not. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now