I foolishly opened an e-mail that I knew I didn’t oughter this morning, that claimed someone had sent me an e-greeting card. Sinking feeling as soon as I’d clicked on the link :-[
Afterwards I checked my running processes and saw WkCalRem.exe running. Did a search on my pc, and the search threw up that, and WKCALREM.EXE-081781D7, which it shows as having been modified this morning at around the time I opened that e-mail.
I’ve run Avast, and nothing has shown up. Also Trend HouseCall. Is this an ordinary system file, or something more sinister?
The saga continues - got a notification that LSA Shell (export version) (lsass.exe) was trying to access the internet for the first time. I denied permission.
Not sure I have heard of an LSA Shell (export version), yes lsass.exe could well be a legit windows file depending on the location (which you didn’t mention), but nothing about it being an export version (suspicious). As far as I’m aware there should be no requirement for it to access the internet. In my firewall I have no entry to allow lsass.exe
If you are using XP or NT based OS then schedule a boot-time scan from within avast!
If you haven’t already got this software (freeware), download, install, update and run it.