Virus Alert – OFFICE.EXE

Office.exe installs with the Lovegate family of worms including the W32.Lovegate.AO@mm worm. This worm spreads via files attached to email. In your Windows folder, it creates files called office.exe and video.exe. In your Windows\System or system32 folder, it creates files called iexplore.exe, kernel66.dll (hidden), tkbellexe.exe, update_ob.exe, hxdef.exe, real.exe, lmmib20.dll, mssign30.dll, odbc16.dll, winpatch.dll and msjdbc11.dll. It also creates a hidden, system, and read-only file called upDate.exe in your root folder (on most systems, this is your c:\ folder). This worm sets itself to run on system startup. It lowers system security and can shut down some antivirus software. It can log personal information making it available to a remote user. And it sends itself to those in your Windows address book.

We'd recommend removing this file using WinPatrol. First, kill it under Active Tasks then remove it from your Startup Programs. If running WinPatrol 8.x or later, right click the file then select 'Delete file on Reboot". Finally, reboot your system.

Additional background information can be found at http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ao@mm.html.

Because office.exe is a short and common name, it's possible that other programs not related to this family of viruses may be using it.

Virus

Remove