Thread: Found cause as to why office 2003 prof files open slow...what do you think?
View Single Post
  #2  
Old September 4th, 2004, 03:15 AM
Milly Staples [MVP - Outlook]
external usenet poster
  
Posts: n/a
Default
I would suspect a trojan backdoor being opened.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the (insert latest virus name here) virus, all mail sent to my personal
account will be deleted without reading.

After searching google.groups.com and finding no answer, Jim asked:

| All,
|
| One of the computers on our network is having an issue with Office
| files opening very slow and I think I have found the cause. Let me
| know what you think...
|
| Problem: Opening Office Files via a shortcut and/or the file itself
| takes an abnormal amount of time. However, the offic app is loaded
| and then the file accessed by going to file - open, there is no slow
| down and office responds as expected.
|
| Tried First: I tried deleting the temp items and the recent
| key/delete folder fix and these did not resolve the issue. I also did
| a repair/reinstall of Office and still had same problem. Next, I ran
| two virus scans on the machine one locally and one remotely and
| nothing was found. Then, I ran three spyware/adaware programs and
| found over 480 files/reg/directories that needed to be cleaned. I
| turned off sys restore...removed them, rebooted, and turned sys
| restore back on. This STILL did not fix the problem.
|
| Solution: I found some very intersting .exe files that were running
| as processes in the task manager that looked very strange. Here are
| the names of the files: oqds0WMQ.exe, ojqN9Y44.ese, YfqamdX.exe,
| Phed4.exe. I did a search for these files and could only find them in
| the prefech folder. I deleted them from there after again, turning
| off system restore and did a reboot. They are no longer in prefech
| and cannot be found in the registry nor the hardrive. Howerver, these
| processes still startup when the system is rebooted. Now, if I kill
| the processes in task manager, they come back as soon as they are
| stopped. However, if I kill the whole process tree, they stop and do
| not come back. Once I did this...POW...office starts running like it
| normally should.
|
| I have done some searching online for these files and I have found
| nothing not even a google returns data on these files.
|
| What do you guys think? New virus or New spyware?
|
| My guess is another process is generating these files and this may be
| impossible to pinpoint.
|
| Thanks, Jim