Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trend Micro still finding threat in PendingDeletes after SFC operation


03 Aug 2012   #1

Windows 7 Professional x64
 
 
Trend Micro still finding threat in PendingDeletes after SFC operation

I posted yesterday about sudden threats from PTCH_ZACCESS.SIX popping up on my machine. Using the info on the Trend website, I ran an SFC scan on the Services.exe file, which it found as corrupt and supposedly restored it to its proper state.

Since then Trend has flagged a few other things, including a file called simply "n" listed as the threat TROJ_SIREF64.SM, which showed up in several places. Most of those were quarantined and removed on reboot, except for one that I removed myself this morning from the Local AppData folder in my user profile.

Now this morning Trend has thrown up another notification of that PTCH_ZACCESS.SIX threat, but this time it's a file called "$$DeleteME.services.exe.01cd70f09b4bc3fd.0000" in the Windows\winsxs\Temp\PendingDeletes folder. As I understand it, the files in this folder are created after an SFC scan. Right now I have 6 files in that folder, other files from 2009, not that one. So I guess that file is gone. But I cannot manually delete those other files. The other odd thing is that if I look at the Temp folder, PendingDeletes is not shown, despite Explorer being set to show hidden files and folders. The only folder shown is PendingRenames which has thousands of files in it.

I don't understand why all these threats are popping up all of a sudden. It all started after visiting the Orbea Bikes website yesterday (very high end bicycle manufacturer). I got a notification about an Adobe Flash update, but the update was one version older than what was already installed on my machine. After that my Trend Micro started going crazy with all these threat notifications: Mal_Xin12, PTCH_ZACCESS.SIX, and TROJ_SIREF64.SM, contained within the files services.exe, that weird beacucqitear.exe file, this file called "n", and that $$DeleteMe.services.exe file.

Could there be something else malicious on my machine that's creating this stuff after Trend or myself finds the files and deletes them?

My System SpecsSystem Spec
.

03 Aug 2012   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

If sounds as if you have one of the newer Sirefef variants. The newer variants are hard to remove, as they take advantage though the registry by presenting a genuine MS file & then switching over to the infected file, thus eluding complete detection.

MS is recommending a complete reinstall for Sirefef and doing a disk wipe would also be a good idea.

Encyclopedia entry: Win32/Sirefef - Learn more about malware - Microsoft Malware Protection Center

Quote:
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.

Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup.
Clean Install Windows 7
My System SpecsSystem Spec
03 Aug 2012   #3

Windows 7 Professional x64
 
 

holy smokes man, that's crazy. Could I have gotten this thing just from going to a bicycle manufacturer's website?

*edit*
I just ran a complete, full scan with MBAM, full scan with Spybot S&D, and scan with TDSSKilller, all in safe mode in an administrator account. Nothing at all came up in any scan. I guess I'll wait and see if there are any more problems.
My System SpecsSystem Spec
.


05 Aug 2012   #4

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

If you know the physical location of the file, you can always submit it to Virus Total for 40+ opinions.

https://www.virustotal.com/

A Guy
My System SpecsSystem Spec
05 Aug 2012   #5

MS Windows 7 Ultimate SP1 64-bit
 
 

Patrick,

Borg has given you excellent advice.
My System SpecsSystem Spec
05 Aug 2012   #6

32 bit
 
 

Eset online scanner will help you remove this particular infection

ESET Online Virus Scanner | ESET
My System SpecsSystem Spec
05 Aug 2012   #7

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by shawn77 View Post
Eset online scanner will help you remove this particular infection

ESET Online Virus Scanner | ESET
If so, here are some instructions to run a scan there from a security expert:
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats and the Scan Archives options are ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

A Guy
My System SpecsSystem Spec
Reply

 Trend Micro still finding threat in PendingDeletes after SFC operation




Thread Tools



Similar help and support threads for2: Trend Micro still finding threat in PendingDeletes after SFC operation
Thread Forum
Solved Cannot remove Trend Micro System Security
Solved McAfee or Trend Micro System Security
How to installed kaspersky and trend micro in one PC Installation & Setup
Has anyone used Trend Micro Titanium? System Security
Trend Micro - New DELL Laptop System Security
Trend Micro System Security
Trend Micro discovers new ransomware System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:53 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33