Jump to content
Megeroni

False Positive - ESET Nod32 files

Recommended Posts

For a few days now Malwarebytes has detected some files from nod32's programdata as riskware. I believe these files are generated new every day, so it detects them every morning. I have emailed Nod32 and they believe they are not a threat. Attached is the log file.

MWB Log.txt

Share this post


Link to post
Share on other sites

Hello,

That is a little unusual.. The detection means that the extension does not match what the file really is. Perhaps it is an exe or something instead.
Nod32 support didn't tell you what creates these files?
I'd like to have a look at a couple of the files.

Can you restore those from quarantine & zip/attach a couple here?
Note: You will need to reboot before you have access to the files because MBAM will have them locked.

The ProgramData folder is hidden but if you open a new explorer window & paste in:
C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1
It should open right to the folder.

Any couple of these will be fine:

5907.PIC
5911.PIC
5913.PIC
5914.PIC
5916.PIC

You may also get a UAC prompt asking permission to access the folder. You can allow this.

Thanks!

Share this post


Link to post
Share on other sites

I also have this problem, but I tried to do as you suggested but on reboot the files disappeared and there were a new set. I zipped them and then ran Malwarebytes but it did not report them this time, so I am not sure that the attachment is any value.

pic files.zip

malwaresbytes.txt

Share this post


Link to post
Share on other sites

Hello,

We need the exact files that were detected. The ones you included are not MZ files. The actual extension indicates it is supposed to some sort of graphic file but it looks like this is not the case which is why the detections.
I checked with one of my co-workers who also uses ESET & that folder does not even exist on her machine so we need more info.

Can you restore them from quarantine & attach then zipped?
In your case they are in this folder:
C:\PROGRAMDATA\ESET\ESET NOD32 ANTIVIRUS\PICO\1

6913.PIC
6915.PIC
6917.PIC
6919.PIC
6921.PIC

Thanks!

Share this post


Link to post
Share on other sites

As I said, after I restarted, those files were not there. I did not quarantine them. I assume ESET refreshes something on start-up, but I can't say.

Share this post


Link to post
Share on other sites

My files have long since been quarantined and deleted. New .pic files are indeed generated every day and I have not had any detections for the last 2 days.

Edited by Megeroni

Share this post


Link to post
Share on other sites

Interesting.
If either of you have these hits again, please upload a couple. 

Since this is not at all a common thing to be happening, I suspect it might not be a false positive.

It wouldn't hurt to start a topic here just in case you do have an infection.
https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/

Follow instructions in this post:


Someone will be along to check your logs to make sure everything is OK or assist with cleanup if not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.