Hi Sandi, [added just before sending this reply] - After reading what I've written below, I thought I should warn you that this is probably going to show you more about the "flow" of my thinking than answer your question. lol It's not just AVG that's been flagging this file recently. Still, it is often a false positive caused by an aggressive definition file update. Since much more than AVG has been recently coming up with this, I now have to wonder if there's just one crew that creates these definitions that then sells them to all of the AV companies. If not, then there's an awful lot of sharing of virus solutions going on out there in AV land. lol The fact that the file is located under its standard "Common Files\MS Shared\Works" parent folder is almost enough to confirm this without looking it up. Still, to be safe (one of the primary tenets of PCTT, I might add), I did some research and found that the name of this particular file (legitimate, but normally worthless) HAS INDEED been used by a trojan or other malware. As a result, my own caution alert just went up a bit. Still, I have to wonder how a malware pest was able to locate this file under an old backup folder since most malware doesn't have any hard drive scanning capability. Very odd! However, those infections have the bad file residing under the C:\Windows or C:\Windows\system32 folders (locations that are NEVER used by Microsoft for this particular file). Since these files are obviously placed there directly by the referenced malware, it shows that they don't bother looking all over your hard drive to see if there's an old copy of the original file somewhere else (like your year old backup). As a result, I am still very much inclined to believe that this is just a false positive. So, what can you do about this that will make all parties happy? Well, if you don't use the MS Works Calendar Reminder program (and I seriously doubt you're somehow using it from within an old backup), just delete the file. If you also have Works installed on your present Windows system (that is, the file also exists at its standard ...Common Files\MS Shared\Works\... location), you'll want to keep this info in the back of your mind, just in case it's ever flagged like the old one. If it is, again, just delete the file if you know you'll never be using the Reminder function. If you DO use it, you'll have to go into the Preferences/Options/Settings of your AV program and create an exception for that file so it's never scanned again. REFERENCES: The first link below will take you to a site (sysinfo.org) that lists all of the known files that come into question like this. Some are linked to malware while some are not. I highly recommend that anyone interested load up the page to see what the site is all about. Then, click on the second link below to get to the main database page and bookmark that for future reference. It's not the only research you should conduct when facing something like this, but it's a great start to your own research. :O) http://shrunklink.com/adia http://www.sysinfo.org/startuplist.php Here is another process database site that explains various files found throughout Windows. You'll also find numerous other tests and info in the links on the left side of the page. I suggest adding this one to your Malware Research folder as well. http://www.auditmypc.com/process/wkcalrem.asp Here's yet another Process database for your concideration. (and I think I'll stop there before I completely take over your bookmarks folder) :O) http://shrunklink.com/adib Peace, GMan "The only dumb questions are the ones that are never asked!" ----- Original Message ----- From: "Sandi Beach" <sandib2@xxxxxxxxx> To: "pctechtalk" <pctechtalk@xxxxxxxxxxxxx> Sent: Saturday, October 13, 2007 4:06 PM Subject: -=PCTechTalk=- Trojan Horse Generic 8.LDI > AVG found three of the above and put them in the vault. A search on > Google > gave no hits with the above information but when I put in wkcalrem.exe, > which was in the description, I found a number of hits. It is Microsoft > Works Calendar Reminder. I never use this. > The path shown in AVG was C\Old Drive\joyce\Joyce\Program Files\Common > Files\Microsoft Shared\Works Shared\wkcalrem.exe > Two with this path (except only one Joyce in one of them) were in C\Old > Drive. The third left out the two Joyces but was otherwise identical and > it > was in the C Drive. > For now I am leaving them in the vault. I am curious as to why they are > just now showing up as the Old C Drive folder has been there since a > reformat over a year ago. Would it be because I just downloaded updates > to > virus definitions? Could it be a false positive? > I have signed up for Google alerts on the Trojan Horse Generic 8.LDI to > see > if I can learn anything from that. > I have also signed up for Google alerts on wkcalrem.exe > Anyone else using AVG getting this Trojan Horse showing up? > Sandi --------------------------------------------------------------- Please remember to trim your replies (including this sentence and everything below it) and adjust the subject line as necessary. To unsubscribe or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ To contact only the PCTT Mod Squad, write to: pctechtalk-moderators@xxxxxxxxxxxxx ---------------------------------------------------------------