I don't use Outlook. I use MS Word all the time, but not as email editor.
After I posted, I thought of another thing I could look at. I called up
Windows Explorer and searched for all files for each day Winword.exe ran for
the Internet and sorted the results for the time of day. This would give me
an idea about what would have been going on just before, just during, or
just after the time stamp given for Winword.exe outbound.
The closest I could come (to this type of a time stamp: 10:37:41 AM) is help
center, and sqlite. By investigating SQLite I find it is a single file on a
host machine which can be used to create a database and manage itself. It is
an Open Office tool that can be embedded into many types of programs. So
I've done another search for August 23 and it looks like one of the programs
that uses SQLite is my security program.
On August 23, the sorted search shows SQLite creating seven little databases
between 10:13 AM and 10:14 AM (the scraps show up in the temp file). At
10:15 AM a "Common000.log" has been created which shows an update install is
in progress and during the installation, there is a search for old files
left behind, or double files which need to be cleaned out for the new
installation, and assurances that the paths are correct or not.
Also at 10:15 AM two system files are created in
Microsoft\Crypto\RSA\MachineKeys.
At 10:18 AM and 11:17 AM, SQLite creates two more databases (could it be the
first one and the last one?).
The next thing that happens is my own Word document where I have captured
the print-screened result of a just completed Virus Scan that occurred
immediately after the update installation.
Final Analysis: the Common000.log began on July 29 which was the day my
computer received my security program's major update (which had a number of
flaws). On continuing dates, the installer would add the next segment of its
search and delete for old and install the new, and ended on August 23, 10:14
AM. The final SQLite database was created at 11:17:40 AM and may be a
report-back to the security program's headquarters (I'm guessing). Tht is
the time stamp for Winword.exe to head out past the firewall.
Very Final Analysis: I am going to UNBLOCK Winword.exe from the firewall.
Very interesting study.
dsg
: From: "DSG" <
[email protected]>
:
: | In my security program, I have blocked winword.exe from the internet. I
see
: | in the event logs from said security, that it shows up in Outobund
events
: | often. Not daily, but every other day or so. Only once during August did
its
: | date stamp match up to an occasion when I was using it myself. Maybe it
: | needs to go to the Internet. So should I take it off the blocked list?
My
: | security program scans program files.
: |
:
: Do you use MS Outlook and use MS Word as the email editor ?
:
: --
: Dave
:
http://www.claymania.com/removal-trojan-adware.html
:
http://www.ik-cs.com/got-a-virus.htm
:
:
