locked
Anything weird with the Office? RRS feed

  • Question

  • Does anything look weird to you?  I have been working to assist in clean-up of computer and there were Vundo infected files.  Person cannot run anything that uses Internet Explorer and claims that he does not have Internet Explorer.  Also it appears to me that he may have tried to install Office illegally?

     

    This shows in the uninstall list from Hijackthis

    Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
    Microsoft Office Standard Edition 2003

     

    But also this file showed up in ComboFix log.

    2007-04-15 20:58:03 30,781 ----a-w C:\microsoft_office_2003_full_standard_edition_keygen.exe

     

    Diagnostic Report (1.7.0012.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Detailed Status: N/A
    Windows Product Key: *****-*****-BRVBB-38MQ9-3PMFT
    Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
    Windows Product ID: 76477-OEM-2111907-00106
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: 09716587-892c-4668-bb98-53b57c49e16b
    Is Admin: Yes
    AutoDial: No
    Registry: 0x0
    WGA Version: Registered, 1.7.18.5
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 16E0B333-138-80004005_E2AD56EA-344-8009_E2AD56EA-345-2efd_16E0B333-57-80004005
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.7.18.5
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 101 Not Activated
    OGA Version: Failed to retrieve file version. - 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-3178-80070002

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\PROGRA~1\AMERIC~1.0\aol.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>09716587-892c-4668-bb98-53b57c49e16b</UGUID><Version>1.7.0012.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-1530910916-2220889920-1791877040</SID><SYSTEM><Manufacturer>Compaq Presario 061</Manufacturer><Model>EX310AA-ABA SR1910NX NA630</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.08</Version><SMBIOSVersion major="2" minor="4"/><Date>20060510000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>D11F36FF0184C056</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard Company</name><model>Compaq Presario</model></SBID><OEM/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>274D539FAB3A876</Val><Hash>1yKWT5LTcEW44Ce3UIVRnCzbUbk=</Hash><Pid>70141-059-5015244-56271</Pid><PidType>1</PidType></Product></Products></Office></Software></GenuineResults>
    <!--[if !supportLineBreakNewLine]-->
    <!--[endif]-->

    Saturday, May 19, 2007 6:46 PM

Answers

  • Susan,

     

    First I want to say thank you providing the diagnostic results. This affords us an opportunity to perform an in-depth analysis as what could be the cause of your conflict/s. In turn we will attempt to provide a solution to resolve the problem/s you are experiencing. There are a couple dynamics happening. First it appears you have two versions of MS Office Suites installed and running on your system, according to the diagnostic report. Second you are receiving an Office Status Code: 101 not activated. Microsoft does not recommend running multiple versions of Office simultaneously but it is possible to install and use more than one version on a single computer. Attached is a Knowledge Base (KB) article describing problems you may encounter and offers advice on preventing different versions of Office from conflicting with each other http://support.microsoft.com/kb/290576/en-us. I would recommend uninstalling Microsoft Office 2003 Edition 60 Days Trial  (via the control panel) and using the Microsoft Office Standard Edition 2003
    which you have.

    Provided below is an extract from the diagnostic report highlighting the status of Office.

    OGA Data-->
    Office Status: 101 Not Activated
    OGA Version: Failed to retrieve file version. - 0x80070002


    Please follow the steps to attempt resolving activation issue. Open My Computer located on your desktop

    1.  Go to: C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\

    NOTE:  The application data file may be hidden. Use the Tools drop down menu and follow:  Folder Options->View->Hidden Files and Folders->Show Hidden Files and Folders to show the folder. Please re-hide the files once you have completed all the steps.
    2.  Right click the data.dat file, then click “Delete”.  (Also you may rename the file data.dat and move from the folder).
    3.  This data.dat file is for Office (not OGA)
    4.  Once the file has been deleted, open an Office application such as MS Word and “ACTIVATE” it.
    5.  If product activation was successful try the Office Genuine Advantage (OGA). Please launch the following link and begin the OGA process again: (this is the OGA part; Office Genuine Advantage):  http://www.microsoft.com/genuine/office/Validate.aspx?displaylang=eng

    The following Knowledge Base Articles can provide more information for Office Activation issues:

    http://support.microsoft.com/kb/903275/en-us
    Here you will find links for various resolutions which you may encounter. Also reference the following site for various telephone activation centers:  http://support.microsoft.com/kb/326851. Please re-post here should you need further assistance.

    Last if you still have problems after uninstalling MS Outlook 2002 please read further. Attached below is a Knowledge Base (KB) article http://support.microsoft.com/kb/290301. This will allow you to download the Windows Installer Cleanup Utility and explain detailed information. Use the Windows Installer Cleanup Utility and uninstall all Microsoft Office programs in question on your computer, then reinstall Microsoft Office using the genuine MS Office installation CD and product key.

    Did this work?  I look forward to the outcome at your earliest opportunity. Thank you and have a great day!

    Thank you
    Stephen Holm
    OGA Forum Manager

    Monday, May 21, 2007 8:39 PM
  • Susan,

     

    Please look @ the following Knowledge Base (KB) article http://support.microsoft.com/kb/928218/en-us. Here you will find detailed instructions for removing beta and trial release versions of Office Suite 2007 or program.

    Important:  This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    Description of the Microsoft Windows registries:  http://support.microsoft.com/kb/256986/

    Please post again if you need further assistance. Thank you and hope your weekend is great.

     

    Thank you
    Stephen Holm
    OGA Forum Manager

    Monday, May 21, 2007 8:40 PM

All replies

  • Susan,

     

    First I want to say thank you providing the diagnostic results. This affords us an opportunity to perform an in-depth analysis as what could be the cause of your conflict/s. In turn we will attempt to provide a solution to resolve the problem/s you are experiencing. There are a couple dynamics happening. First it appears you have two versions of MS Office Suites installed and running on your system, according to the diagnostic report. Second you are receiving an Office Status Code: 101 not activated. Microsoft does not recommend running multiple versions of Office simultaneously but it is possible to install and use more than one version on a single computer. Attached is a Knowledge Base (KB) article describing problems you may encounter and offers advice on preventing different versions of Office from conflicting with each other http://support.microsoft.com/kb/290576/en-us. I would recommend uninstalling Microsoft Office 2003 Edition 60 Days Trial  (via the control panel) and using the Microsoft Office Standard Edition 2003
    which you have.

    Provided below is an extract from the diagnostic report highlighting the status of Office.

    OGA Data-->
    Office Status: 101 Not Activated
    OGA Version: Failed to retrieve file version. - 0x80070002


    Please follow the steps to attempt resolving activation issue. Open My Computer located on your desktop

    1.  Go to: C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\

    NOTE:  The application data file may be hidden. Use the Tools drop down menu and follow:  Folder Options->View->Hidden Files and Folders->Show Hidden Files and Folders to show the folder. Please re-hide the files once you have completed all the steps.
    2.  Right click the data.dat file, then click “Delete”.  (Also you may rename the file data.dat and move from the folder).
    3.  This data.dat file is for Office (not OGA)
    4.  Once the file has been deleted, open an Office application such as MS Word and “ACTIVATE” it.
    5.  If product activation was successful try the Office Genuine Advantage (OGA). Please launch the following link and begin the OGA process again: (this is the OGA part; Office Genuine Advantage):  http://www.microsoft.com/genuine/office/Validate.aspx?displaylang=eng

    The following Knowledge Base Articles can provide more information for Office Activation issues:

    http://support.microsoft.com/kb/903275/en-us
    Here you will find links for various resolutions which you may encounter. Also reference the following site for various telephone activation centers:  http://support.microsoft.com/kb/326851. Please re-post here should you need further assistance.

    Last if you still have problems after uninstalling MS Outlook 2002 please read further. Attached below is a Knowledge Base (KB) article http://support.microsoft.com/kb/290301. This will allow you to download the Windows Installer Cleanup Utility and explain detailed information. Use the Windows Installer Cleanup Utility and uninstall all Microsoft Office programs in question on your computer, then reinstall Microsoft Office using the genuine MS Office installation CD and product key.

    Did this work?  I look forward to the outcome at your earliest opportunity. Thank you and have a great day!

    Thank you
    Stephen Holm
    OGA Forum Manager

    Monday, May 21, 2007 8:39 PM
  • Susan,

     

    Please look @ the following Knowledge Base (KB) article http://support.microsoft.com/kb/928218/en-us. Here you will find detailed instructions for removing beta and trial release versions of Office Suite 2007 or program.

    Important:  This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    Description of the Microsoft Windows registries:  http://support.microsoft.com/kb/256986/

    Please post again if you need further assistance. Thank you and hope your weekend is great.

     

    Thank you
    Stephen Holm
    OGA Forum Manager

    Monday, May 21, 2007 8:40 PM