Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winword.exe


  • Please log in to reply
7 replies to this topic

#1 Ngarskel

Ngarskel

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:09:58 AM

Posted 31 August 2006 - 06:21 AM

Alrght...I turn my computer on today to find WINWORD.EXE consuming 100% of my CPU...I dont know what the bleep is going on, I ended it, cpu is alright. Database say's it's part of a trojan... True Not? Only thing I can think it is is this: WINWORD.EXE-37F6AE09.pf


Might be a false alarm, my copy of windows word expiered today...But wouldent it do that stuff after I urned it on?
Advice would be nice, thanks...Pardon the rhyme
"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:58 AM

Posted 31 August 2006 - 07:17 AM

If it's located in C:\Program Files\Microsoft Office, then it's a legitimate file.
If not, then it's probably an infection of some sort.

The legitimate file:
winword.exe - the main executable for Microsoft Word
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Ngarskel

Ngarskel
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:09:58 AM

Posted 31 August 2006 - 08:22 AM

it's in c:\windows\prefetch


Would posting a hjt log be prudent?

I dont want to bother them with an unneccisary log if it might not be a problem, I did check my MS Word...The trial edition did expire and it did turn off alot of settings.Could that have been it?

Edited by Ngarskel, 31 August 2006 - 08:42 AM.

"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:58 AM

Posted 31 August 2006 - 10:19 AM

have you tried deleting it from the Prefetch folder?
Does it return after deletion?
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 Ngarskel

Ngarskel
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:09:58 AM

Posted 31 August 2006 - 10:24 AM

Besides ending the task with task manager, I havent fooled with it. I dont screw with anything in the windows folder except temp interent files and cookies. Basically no.


I posted a HJT Log just in case, but It may be awhile..There really busy.


I was just informed by email that copies of MS OFfice 2k3 just came in..Limited quantites...Figuring this out would be nice, need to go run and grab ones.

Edited by Ngarskel, 31 August 2006 - 10:25 AM.

"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]

#6 Ngarskel

Ngarskel
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:09:58 AM

Posted 31 August 2006 - 10:48 AM

Alrighty...I should be able to figure this one out quickly. I just uninstalled MSO SK3 trial edition, The bookstore only had professional edition $69.95. If I restart and it shows up after uninstalling MSO and deleting it out of prefetch. THEN I have a problem
"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]

#7 Ngarskel

Ngarskel
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:09:58 AM

Posted 31 August 2006 - 10:58 AM

Alrightyyyy...The only trace of that pf file is now in the recyle bin and didnt come back... Thanks for telling me to delete it and see if it came back.
"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:58 AM

Posted 31 August 2006 - 12:51 PM

You're welcome, Ngarskel.
Glad it worked for you.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users