Is WKCALREM.EXE-081781D7 a trojan?

I foolishly opened an e-mail that I knew I didn’t oughter this morning, that claimed someone had sent me an e-greeting card. Sinking feeling as soon as I’d clicked on the link :-[

Afterwards I checked my running processes and saw WkCalRem.exe running. Did a search on my pc, and the search threw up that, and WKCALREM.EXE-081781D7, which it shows as having been modified this morning at around the time I opened that e-mail.

I’ve run Avast, and nothing has shown up. Also Trend HouseCall. Is this an ordinary system file, or something more sinister?

PS - I’ve done an online search, and know that wkcalrem.exe is just a Microsoft Works Calendar Reminder. I do have Microsoft Works.

The saga continues - got a notification that LSA Shell (export version) (lsass.exe) was trying to access the internet for the first time. I denied permission.

I not happy :-[

Go for a full spyware search and do an online trojan scan to put your mind at rest

http://www.windowsecurity.com/trojanscan/

Online trojan scan

Not sure I have heard of an LSA Shell (export version), yes lsass.exe could well be a legit windows file depending on the location (which you didn’t mention), but nothing about it being an export version (suspicious). As far as I’m aware there should be no requirement for it to access the internet. In my firewall I have no entry to allow lsass.exe

If you are using XP or NT based OS then schedule a boot-time scan from within avast!

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2

Thanks all. I’ll try all those things. :slight_smile:

Hi,

Run the file through http://virusscan.jotti.org/ and see what the other AV scanners say about the file.

Cheers

Jlo