Suspected virus - Place to upload?

[kurdtpage]

Hi everyone.

I have a suspected infected file on my system (C:\Windows\System32\wermgr.exe). I suspect that it is infected because it behaves like it is infected. It tries to create lots of .tmp files with random filenames (e.g. C:\Windows\Temp\WER9C1B.tmp, C:\Windows\Temp\WER1AB9.tmp, etc). I've seen this happen a lot with other viruses.
Is there a place where I can upload the suspected file to check if its clean or not? It may be that this is a new virus/trojan/whatever that hasnt been picked up yet.

I'm running Windows 7 Ultimate 64bit SP1.

[Asyn]

You can check it at VT. (www.virustotal.com)

[polonus]

Hi kurdtpage,

And check the file hash against the data found here: http://www.backgroundtask.eu/Systeemtaken/taakinfo/16970/wermgr.exe/
The legit version is a driver - wermgr.exe is Lexmark Power Manager and comes as part of the Lexmark Printers Software. Do you have such a printer installed?
Again some malware camouflage themselves as wermgr.exe, particularly if they are located in c:\windows or c:\windows\system32 folder; so check it is not malware: http://spywarefiles.prevx.com/RRHJCH404737/WERMGR.EXE.html

polonus

[kurdtpage]

I dont have ANY printers attached to this computer, never have.

How do I check the hash of the file? I have the hash from the VirusTotal website but how do I compare that to the hash of the file on my system?

Also, task manager reports it as "windows error reporting". Command line is strange, "c:\windows\system32\wermgr.exe" "-outproc" "700" "1172"

It tries to create random files after my computer starts up, eventually gives up after 10 mins or so (I'm using comodo firewall and it reports this as a safe application, but suspicious activity)

[Pondus]

How do I check the hash of the file? I have the hash from the VirusTotal website but how do I compare that to the hash of the file on my system?

If you uploaded the file in your system to VirusTotal then you have the hash