They just started playing with signing the downloads I think but it seems they haven't signed the nightlies and aren't vouching for their integrity.
As we don't have a valid code signing certificate at the moment, downloads
are unsigned, and we cannot guarantee their integrity.
Bottom line, if you didn't have Kicad up that's suspicious. You might want to open your task manager? and keep an eye on things or just delete that version for now if you feel unsafe. I walked away from Windows a long time ago so I can't be a lot more help. I know their are plenty of false positives with these malware engines. Some have even flagged themselves in the past.