Jump to content

What are these non-existent temp files "C:\Windows\Temp\NOD****.tmp"


JGTruff

Recommended Posts

I've been noticing a dramatic spike in CPU on a single core and have deduced this is from ESET. I ran ProcMon to find out more about what's happening and it appears to be "ekrn.exe" reading an INSANE amount of .tmp files in C:\Windows\Temp\. All of the files look like this C:\Windows\Temp\NOD****.tmp  (NOD6BD1.tmp, NOD7627.tmp, etc, etc.) When I look at my temp folder, these files are nowhere to be seen.

Does anybody know what's going on?

Thank you.

Link to comment
Share on other sites

  • Administrators

Those are temporary files created when scanning archives, usually by the on-demand scanner since real-time protection doesn't scan inside archives. Are you positive that no on-demand scan is running?

Link to comment
Share on other sites

In the Eset GUI, Advanced Setup -> Malware Scans section, check under Idle-State Scan section and verify that " Enable Idle-state scanning" option is not check marked. Note that the default ThreatSense setting for this option is to scan archives.

Link to comment
Share on other sites

Thank you Marcos. I believe it is from on-demand scans actually. I do have archives switched off but self-extracting archives are on, are self-extracting archives also a cause of this?

Link to comment
Share on other sites

  • Administrators
7 hours ago, JGTruff said:

Thank you Marcos. I believe it is from on-demand scans actually. I do have archives switched off but self-extracting archives are on, are self-extracting archives also a cause of this?

Yes, sfx archives need to be unpacked too. Also runtime archives, such as UPX, are unpacked.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...