Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trend Micro still finding threat in PendingDeletes after SFC operation

03 Aug 2012   #1
PatrickGSR94

Windows 7 Professional x64
 
 
Trend Micro still finding threat in PendingDeletes after SFC operation

I posted yesterday about sudden threats from PTCH_ZACCESS.SIX popping up on my machine. Using the info on the Trend website, I ran an SFC scan on the Services.exe file, which it found as corrupt and supposedly restored it to its proper state.

Since then Trend has flagged a few other things, including a file called simply "n" listed as the threat TROJ_SIREF64.SM, which showed up in several places. Most of those were quarantined and removed on reboot, except for one that I removed myself this morning from the Local AppData folder in my user profile.

Now this morning Trend has thrown up another notification of that PTCH_ZACCESS.SIX threat, but this time it's a file called "$$DeleteME.services.exe.01cd70f09b4bc3fd.0000" in the Windows\winsxs\Temp\PendingDeletes folder. As I understand it, the files in this folder are created after an SFC scan. Right now I have 6 files in that folder, other files from 2009, not that one. So I guess that file is gone. But I cannot manually delete those other files. The other odd thing is that if I look at the Temp folder, PendingDeletes is not shown, despite Explorer being set to show hidden files and folders. The only folder shown is PendingRenames which has thousands of files in it.

I don't understand why all these threats are popping up all of a sudden. It all started after visiting the Orbea Bikes website yesterday (very high end bicycle manufacturer). I got a notification about an Adobe Flash update, but the update was one version older than what was already installed on my machine. After that my Trend Micro started going crazy with all these threat notifications: Mal_Xin12, PTCH_ZACCESS.SIX, and TROJ_SIREF64.SM, contained within the files services.exe, that weird beacucqitear.exe file, this file called "n", and that $$DeleteMe.services.exe file.

Could there be something else malicious on my machine that's creating this stuff after Trend or myself finds the files and deletes them?


My System SpecsSystem Spec
.

03 Aug 2012   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

If sounds as if you have one of the newer Sirefef variants. The newer variants are hard to remove, as they take advantage though the registry by presenting a genuine MS file & then switching over to the infected file, thus eluding complete detection.

MS is recommending a complete reinstall for Sirefef and doing a disk wipe would also be a good idea.

Encyclopedia entry: Win32/Sirefef - Learn more about malware - Microsoft Malware Protection Center

Quote:
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.

Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup.
Clean Install Windows 7
My System SpecsSystem Spec
03 Aug 2012   #3
PatrickGSR94

Windows 7 Professional x64
 
 

holy smokes man, that's crazy. Could I have gotten this thing just from going to a bicycle manufacturer's website?

*edit*
I just ran a complete, full scan with MBAM, full scan with Spybot S&D, and scan with TDSSKilller, all in safe mode in an administrator account. Nothing at all came up in any scan. I guess I'll wait and see if there are any more problems.
My System SpecsSystem Spec
.


05 Aug 2012   #4
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

If you know the physical location of the file, you can always submit it to Virus Total for 40+ opinions.

https://www.virustotal.com/

A Guy
My System SpecsSystem Spec
05 Aug 2012   #5
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Patrick,

Borg has given you excellent advice.
My System SpecsSystem Spec
05 Aug 2012   #6
shawn77

32 bit
 
 

Eset online scanner will help you remove this particular infection

ESET Online Virus Scanner | ESET
My System SpecsSystem Spec
05 Aug 2012   #7
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by shawn77 View Post
Eset online scanner will help you remove this particular infection

ESET Online Virus Scanner | ESET
If so, here are some instructions to run a scan there from a security expert:
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats and the Scan Archives options are ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

A Guy
My System SpecsSystem Spec
Reply

 Trend Micro still finding threat in PendingDeletes after SFC operation




Thread Tools





Similar help and support threads
Thread Forum
Cannot remove Trend Micro
Probably not the right place but I know there are the best folks in here so........... Have a Toshiba A200 laptop running Vista SP2 32bit with a Core duo 2.0Ghz 2Gb RAM (DDR2 667Mhz) and an 80GB HDD. Now the friend wanted me to get the email put right but on stating this machine I found it...
System Security
McAfee or Trend Micro
My last AV has expired and as a temporary fix, I installed Trend Micro Titanium on my PC. I was wondering which would be the best paid version to go with - Trend Micro Titanium 2011 or McAfee 2011? Has anyone had any problems with these AV vendors/programs before? :geek:
System Security
Has anyone used Trend Micro Titanium?
After my Norton license is up, I am thinking about trying out the new Trend Micro Titanium 2011 Maximum Security product and was wondering if anyone has tried it/has had good luck with it. I haven't really heard too much about it. Thanks! :)
System Security
Trend Micro Office Scan 10...what is it?
This is free software from my university. What will this program do for me and is it worth downloading and running?
System Security
Trend Micro
Hi everyone. Installed Win7 and was very pleased, i then downloaded my Trend Micro and installed that and then all my problems started. I had blue screens freeze ups and many notices of driver problems, i could not fix the issues so re-formatted and installed 7 back on again. I'm currently anti...
System Security
Trend Micro discovers new ransomware
According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App