Q: possible unknown virus WinOffice11.exe This thread is locked from future replies


I am at wits end here.

I have a problem with Windows 7 Premium 64 bit. I notice I have a new file called WinOffice11.exe *32 running in my task manager. This file is located in C:\Program Files (x86)\windows\winoffice11.exe

I am unable to remove this file. I stop the program in task manager, delete the folder but upon reboot after clearing cache and temp files etc I get the same file back.

So I think it is a virus yet I cannot see to get any virus scanner to remove it. I have zone alarm installed, I even ran the OneLiveCare full scan and it was still there.

I know this is not a standard install file from MS or is it?

I do run VM on the effected machine.

Thanks for the help




I have never heard of this file but it does look suspicious. Here is a simple way to prevent it from being created:

1. Kill the process in the Task Manager.
2. Delete the file winoffice11.exe
3. Create a new folder under the name of C:\Program Files (x86)\windows\winoffice11.exe.

Since this is now a folder rather than a name, whatever is normally creating it can no longer do so because you cannot have a file of the same name as a folder. Whether this will stop the rogue program is another question. It's author might have anticipated the situation and taken appropriate counter measures, e.g. by deleting the folder or by creating a file under a different name.

Does the problem persist when you run msconfig.exe and untick each and every task under the Startup tab?

I add a note to Pegasus reply try using Process Explorer by
Mark Russinovich instead.

Direct link:

Process Explorer helps provide more details about the running program,
if necessary, use a MD5 hash file generator and generate a checksum of
that *.exe and post it here. 

Try this:

I hope you find this information useful. If you need any further assistance,
please feel free to contact me and let me know.

I hope this information was helpful…

Have a nice day…

Best regards,
Former Microsoft MVP
Consumer Security
Microsoft Community Contributor

Did this solve your problem?

Sorry this didn't help.



If your machine locks up after you unticked the rogue program in msconfig then it appears to be quite nasty. You can undo the unticking action by performing a System Restore like so:

1. Keep tapping F8 during the early boot phase.
2. Select Repair from the menu.
3. Enter the Administrator's password when prompted. It is often blank.
4. Select System Restore when prompted.
5. Set Windows back by a few days.

Did this solve your problem?

Sorry this didn't help.

Question Info

Views: 863 Last updated: December 4, 2017 Applies to: