Author Topic: TrendMicro - Not a ZeroAccess?  (Read 4297 times)

0 Members and 1 Guest are viewing this topic.

July 28, 2014, 01:40:02 AM

narlo

  • Guest
TrendMicro - Not a ZeroAccess?
« on: July 28, 2014, 01:40:02 AM »
Version 9.2.4.0 [X64] - Windows 8.1 Pro [X64]

Just updated to the above version and RK now reports a ZeroAccess on a process called coreServiceShell.exe and a suspicious temporary file that I have yet to track down the creator.

The originating executable is actually from TrendMicro off of the path C:\Program Files\Trend Micro\AMSP

(See attachment)

I re-installed TrendMicro on 7/15/2014 (due to a license change), and the file creation & modified date for the suspected ZeroAccess, are the same.

So I'm struggling to understand why RK is reporting this as a ZeroAccess.

Anyone have the same issue?

Trend actually restarts the process immediately after RK Kills it, kind of funny to watch it.
« Last Edit: July 28, 2014, 01:41:53 AM by narlo »

Reply #1July 28, 2014, 11:51:26 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: TrendMicro - Not a ZeroAccess?
« Reply #1 on: July 28, 2014, 11:51:26 AM »
Hello

That's the same story as here: http://forum.adlice.com/index.php?topic=47
Can you please attach a dump of the process with process explorer? If you don't find how to do it, please attach the file itself.