New
#1
Trend Micro still finding threat in PendingDeletes after SFC operation
I posted yesterday about sudden threats from PTCH_ZACCESS.SIX popping up on my machine. Using the info on the Trend website, I ran an SFC scan on the Services.exe file, which it found as corrupt and supposedly restored it to its proper state.
Since then Trend has flagged a few other things, including a file called simply "n" listed as the threat TROJ_SIREF64.SM, which showed up in several places. Most of those were quarantined and removed on reboot, except for one that I removed myself this morning from the Local AppData folder in my user profile.
Now this morning Trend has thrown up another notification of that PTCH_ZACCESS.SIX threat, but this time it's a file called "$$DeleteME.services.exe.01cd70f09b4bc3fd.0000" in the Windows\winsxs\Temp\PendingDeletes folder. As I understand it, the files in this folder are created after an SFC scan. Right now I have 6 files in that folder, other files from 2009, not that one. So I guess that file is gone. But I cannot manually delete those other files. The other odd thing is that if I look at the Temp folder, PendingDeletes is not shown, despite Explorer being set to show hidden files and folders. The only folder shown is PendingRenames which has thousands of files in it.
I don't understand why all these threats are popping up all of a sudden. It all started after visiting the Orbea Bikes website yesterday (very high end bicycle manufacturer). I got a notification about an Adobe Flash update, but the update was one version older than what was already installed on my machine. After that my Trend Micro started going crazy with all these threat notifications: Mal_Xin12, PTCH_ZACCESS.SIX, and TROJ_SIREF64.SM, contained within the files services.exe, that weird beacucqitear.exe file, this file called "n", and that $$DeleteMe.services.exe file.
Could there be something else malicious on my machine that's creating this stuff after Trend or myself finds the files and deletes them?
Quote