Can someone using office 2000 tell me if you see this as a listed process in task manager please? I am working on a computer that had a virus and I cleaned it up and it shows no virus detections now but still have somewhat of a problem. It is using a dial up connection and after I make the first dial up connection and open internet explorer and close it out and close the internet connection it then autodials and goes back online and attempts to go to porn sites. I have run adaware and cleaned it all up and the system shows to be clean. No programs listed in add and remove programs to cause this and no hint of anything anywhere else. I opened task manager and seen the msoffice2.exe and thought it looked suspious, so I closed it and the problem stopped. This computer has office 2000 on it but the msoffice2.exe doesnt look right to me or part of office 2000. Computer runs fine without this file in the system 32 folder. I did a google search for msoffice2.exe and no information available. I know if dialers and other crap that does all kinda crap like this but I cant find any other trace of a source of the problem. Thanks for any comments. May it be said when I die, He was a man of integrity.

Kill the process, kill the tree. it i9sn't a legit win process, neither a part of any legit application. Check this link out. http://www.liutilities.com/products/wintaskspro/processlibrary/security/

Thanks for the website, I say dialer but its not actually considered a dialer I would say that is on this. It using the existing dialup connection that is already setup instead of dialing to another connection like a dialer would. I can disable the ability for it to dial up and then xp pops up a message saying that either I or a program is trying to access the internet to get information from cardzvault.org. There again. Doing a google search doesnt give me any information about cardzvault.org. Its looking more and more like the msoffice2.exe is the problem. Its a funny thing though I cant find anything anywhere about this on the internet. Thanks again. May it be said when I die, He was a man of integrity.

File has been appearing in several of my computers. Not being detected as a virus, but certainly acts likes one. When trying to access the internet, it is 'acting as a server'. 1- disconnect from internet or any switch/router to avoid spread. 2- run MSCONFIG.exe and remove from msoffice2.exe from STARTUP 3- delete all registry entries (search for office2.exe). 4- install all critical windows updates, and search for *office2*.pf on your c: drive. 5- also try to rename your 'adminstrator' account, change it's password, and disable your guest account. This process has helped, but not guaranteeing that your pc is protected. Adaware and Spybot are not finding this file as spyware either.

We had considerable problems with this. It evaded our McAfee defences (now replaced) and only came up using web based scanners from Norton and Panda. Our 'guest' was actually recognised by both as a varient of W32\Gaobot. There is a fix on the symantec website for Gaobot but this didn't work for us. Symptoms included: disabling the McAfee on access virus scan. hogging 100% of processor time spreading quickly over our network disabling the taskmanager creating enormous network traffic Some computers were shutting down, although I am uncertain whether this was due to msoffice2.exe or whehter it let something else in when the on access scan was disabled. Our biggest problem is that it hides itself very well in sys32 folder. There is an option in the tools\folder options menu of explorer to show hidden files. Then there is ANOTHER option to show hidden SYSTEM files which this is masquerading as. you will also need to delete the pre fetch files and the entry in the layout.ini file there were approximately 6 registry fragments that needed to be removed. a simple search and delete worked ok. This only removes it from one PC - an obvious problem for networks... but this should get you started.

I had this thing slam my LAN until my switches rolled over and died, blasts ARP's until network utilization reaches 100% when you get this monster on multiple machines, I worked with symantec and they said its a new worm and they are adding it to their virus deffinitions. Creates a file c:\windows\system32\msoffice2.exe hidden and a few reg entries as stated above. They told me it was a spybot varient, I think one of my remote users that is visiting brought it in from the outside.

W32.spybot.worm varient that is