Adlice forum

Software feedback => RogueKiller => Topic started by: narlo on July 28, 2014, 01:40:02 AM

Title: TrendMicro - Not a ZeroAccess?
Post by: narlo on July 28, 2014, 01:40:02 AM

Version 9.2.4.0 [X64] - Windows 8.1 Pro [X64]

Just updated to the above version and RK now reports a ZeroAccess on a process called coreServiceShell.exe and a suspicious temporary file that I have yet to track down the creator.

The originating executable is actually from TrendMicro off of the path C:\Program Files\Trend Micro\AMSP

(See attachment)

I re-installed TrendMicro on 7/15/2014 (due to a license change), and the file creation & modified date for the suspected ZeroAccess, are the same.

So I'm struggling to understand why RK is reporting this as a ZeroAccess.

Anyone have the same issue?

Trend actually restarts the process immediately after RK Kills it, kind of funny to watch it.

Title: Re: TrendMicro - Not a ZeroAccess?
Post by: Tigzy on July 28, 2014, 11:51:26 AM

Hello

That's the same story as here: http://forum.adlice.com/index.php?topic=47
Can you please attach a dump of the process with process explorer? If you don't find how to do it, please attach the file itself.