Hi, From time to time OsfInstaller.exe pops up in task manager as a running process, and causes high cpu load. I always know it loads cause than the fans of my Dell XPS 13 become very noisy. McAfee and HitmanPro don't detect it as virus, but I also can't find much info on this exe which is odd. When I stop the proces, after a while it always comes back even the same day. So what exactly is OsfInstaller.exe? The source path of the .exe is C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16 So it seems having something to do with MS Office, which I have, but can I uninstall or delete this OsfInstaller.exe file even when using MS Office like Word etc? What can I do best to stop this from popping up all the time? Hope somebody can give some advice! Thanks in advance.
Nobody can help? If I would delete Osfinstaller.exe, what would happen? In the same folder I also see following files starting with "osf". I still have no clue what these are and if I can disable or delete them. Also weird that some start with capital "O" in their name and others with lowercase so those are no typo's of mine: osfbgt.dll OsfInstaller.exe osfInstaller.exe.manifest OsfInstallerBgt.exe OsfInstallerConfig.xml OsfInstallerConfigOnLogon.xml OsfTaskengine.dll Folder path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16
Yeah but what, "OsfInstaller.exe pops up in task manager as a running process, and causes high cpu load. I always know it loads cause than the fans of my Dell XPS 13 become very noisy."
Exactly. Why does this exe pops up in task manager as a running process causing high cpu loads? If I would disable or delete this file, what would happen? So strange there's almost zero info on this file if you google it.
Rather than delete OsfInstaller.exe, rename it to OsfInstaller.exe.old. If MS Office apps run w/o issue, your problem is solved. Alternatively, use Autoruns and search for it. If found, you can disable(uncheckmark) whatever is starting it.
Another thing to verify is that this OsInstaller.exe is the legit one. There has been at least one malicious instance of it: https://www.hybrid-analysis.com/sam...557982edba134863ce254676832?environmentId=120 . Make sure what is running loaded from this directory, C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16. If so, submit it to VT for a scan. Don't know how indicative that is, since no AV detected the Hybrid-Analysis sample. One thing that is known is unexplained high CPU usage is indicative of coin miner activity.
