docx e-mail attachment opens with ascii language

On a workstation with MS Office 2000 and Microsoft compatibility pack for Office installed several e-mail attachments .docx open with ascii language. Any suggestions for being able to read this would be appreciated.
atf3docAsked:
Who is Participating?
 
BillDLConnect With a Mentor Commented:
Thanks for the feedback.  I have an XP (SP3) system with Outlook Express, but have Office 2003 installed.  The Office compatibility pack is installed on this system, so I should be able to go through the motions of observing the processes involved.

You are aware of the fact that a *.docx file (and others like *.xlsx) are really just zip files containing XML files that define the way MS Word or other capable word processing application displays the document?  It's easy enough to demonstrate this by renaming a test *.docx file as a *.zip file and using WinZip or other program to unpack the contents.

When you open any message in Outlook Express it extracts the various components of the email out to a sub-folder of the logged-on user's Temporary Internet Files folder, including the attachment which is then opened from that folder.  Some of these temp files persist, while others are deleted when the attached file is closed in the application, or when the message is closed, or only when Outlook Express is closed.

I could have seen several possible reasons why an attachment opened from within an email message may fail to open, or cause an error, but it's a puzzle why the "best practice" method of first saving the attachment out as a local file failed when the user double-clicked on that to open it.

I'm curious to know if your USB Flash Drive is formatted as FAT32 or NTFS.  If it is FAT32, then that does not support "ADS" (Alternate Data Streams).  I'm not sure if you are aware, but on a drive formatted as NTFS files can contain additional MetaData that is usually only retrievable and viewable in certain ways.  This is a method commonly used maliciously to create "RootKits", but it is ironically also used as an additional form of security to warn users of files that have come from other computers and may present a risk.

I can't recall if it came out with Windows XP's SP3 or with IE7, because I installed them at the same time, but you will know if you have ever seen the prompt before (see screenshot).

As far as I am aware it doesn't matter if the file is copied from an Intranet, Internet, or even from one computer to Flash drive and then to another computer, but an *.INI file is injected into the file as an alternate data stream (more about this below).

On opening such a file the user is normally warned and prompted as shown in the 1st screenshot below.  If you untick the "Always ask before opening THIS file" box then click "Run", that particular file will not prompt again because the action removes the *.INI file (the metadata "flag" inside it).

If you Right-Click on the file and choose "Properties" you will see an "Unblock" button as shown in the 2nd screenshot.  In this case if you click that button, then click "Apply", it removes the metadata flag so that no warning will be issued when the file is then double-clicked to open it.

Now, this metadata is only supported in files downloaded to NTFS drives.  If the file is copied to a FAT32 drive and then back to an NTFS drive, the metadata is lost, hence my reason for asking how your Flash Drive is formatted.

For additional information only, and not particularly relevant to you at present, one program that allows you to see this Alternate Data Stream (ADS) embedded in the downloaded file is "streams.exe" by Mark Russinovich's SysInternals:
http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
http://download.sysinternals.com/Files/Streams.zip

Usage:
streams [-s] [-d] <file or directory>
-s     Recurse subdirectories
-d     Delete streams

So, in your case if you wanted to check out the *.docx attachment you could just drop it into the same folder as streams.exe and execute the command:

streams "your file.docx"

The "flag" applied to a file downloaded from the internet will show like this:

   :Zone.Identifier:$DATA       26

To remove that Alternate Data Stream from "your file.exe" you would execute the command:
    streams -d "your file.exe"

To see the actual data you could use this command:
      more < "your file.exe"::$DATA
but it would not be in any human readable format.

To see the contents of the *.INI file which is embedded into the file, you could execute the following command:
    more < "your file.docx:Zone.Identifier"
it should show the following familiar *.INI file syntax:

[ZoneTransfer]
ZoneId=3

where the ZoneId can be any of the following, depending where the file came from:

NoZone = -1
MyComputer = 0
Intranet = 1
Trusted = 2
Internet = 3
Untrusted = 4

More about this type of data stream here:
http://forum.sysinternals.com/forum_posts.asp?TID=9115
http://www.wikistc.org/wiki/Alternate_data_streams

My suspicion is that this security flag being added to the attachments could be causing the issue.  I suppose there would be one way to test, and that is to have the user email one of his/her own to him/herself to see if the security prompt shows.

I will need to use somebody else's computer later today to generate a couple of test *.docx files and email them to myself, and I will then be able to assess whether my thoughts about ADS being a possible cause are true.

I'll get back to you later.
0
 
BillDLCommented:
I assume you are referring to emails being read in Microsoft Outlook 2000?

What operating system is installed on the affected workstation?

Does this ONLY happen when opening *.docx attachments from within Outlook, or does it ALSO happen if the user saves the attachment out to a local folder and then double-clicks on it to open the saved file?

You say that it opens in ASCII text.  Is the actual content of the Word document being shown in a readable format as plain text, or is it just showing a bunch of gobbledegook characters?

If it's just gobbledegook, is there a distinctive file header right near the start of the first line like "PK", and then right down at the bottom a list of *.xml files with paths suffixed by "PK"?

On opening the *.docx file I would normally expect the user to be prompted with a file format conversion dialog as shown below.  Is this happening, and is the user choosing "Word 2007 Document"?

File-Format-Converter.jpg
0
 
atf3docAuthor Commented:
This workstation is using Outlook Express. OS is Windows XP Pro. The problem happens even when right clicking and saving the attachment to open later. The text is just gobbledegook.If it were opening in readable text, I wouldn't have a problem. There was no "file format conversion" prompt offered.Since I posted this, I went back in and was going to copy the problematic e-mail attachments to a flash drive to see if they would open in Word 2007; once I had copied to the flash drive and tried to open the document from the flash drive, the document opened normally. I removed the flash drive and opened the document on the computer that had been having problems; it opened normally as well. Any ideas on why this would suddenly start working normally.
atf3doc
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
BillDLCommented:
Whoops, the screenshots.

Unblock-01.jpg
Unblock-02.jpg
0
 
BillDLCommented:
I have a suggestion that might resolve the issue.

MS Word > Tools menu > Options > General tab.
Tick the "Confirm conversion at Open" option.
Apply change > close Word.

See if that now shows the conversion prompt when the attachment is double-clicked or is first saved out then double-clicked.

If that doesn't help, then I suppose we will have to compare registry entries for the file association.

Just for completeness, here's the processes involved when an email containing such an attachment is opened and then the attachment is opened.

On opening email:
Randomly named folder BA28TIPL is created as sub-folder of Temporary Internet Files folder and populated with:
CAZAK2KX (random name - zero bytes)
wbk176.tmp
They both remain even when the message is closed, but would be deleted if Outlook Express was closed.

On reopening the email, another *.tmp file is created with a new number: wbk178.tmp.  These *.tmp files are the HTML content of the email message.  The number is randomly generated.

On double-clicking an attached *.docx file from the attachments field I get a "Mail Attachment" security prompt as shown in the second screenshot below.  The attachment is simultaneously extracted with its proper name to the same Temporary Internet Files folder as the other files.

New zero-byte files with random names, eg. CANY97DD and CAHXORUW are generated each time the email is closed and reopened, but they aren't significant.

If I accept the security prompt and allow it to open, Microsoft Word launches with the format conversion prompt I showed in my previous comment, and simultaneously a Word temp file is created.  The naming of this will be the first 2 characters of the file name being replaced by ~$ and the file is hidden.  It starts off with only a tiny amount of info in it, and this process is really just doing what MS Word would be doing for a saved file, except that the hidden temp file would be in the same folder as the *.doc or *.docx file being opened.

Nothing on my system changes after I choose Word 2007 from the file format conversion prompt and the document opens.  The temporary Word document is deleted as I close Word, but the file with the full name that was extracted remains until I close the email.

If I save the *.docx file out to a folder, I see that the file properties DO show the "Unblock" button, even though I emailed the file to myself - I presume because it has passed through another server the flag is applied to it.  Strangely enough though, double-clicking to open the file DOES NOT show the security warning and check box to remove the security flag from it.  That is a surprise to me.
1st-Security-Prompt.jpg
0
 
atf3docAuthor Commented:
Flash Drive is FAT32.
atf3doc
0
 
BillDLCommented:
Thank you atf3doc
0
 
crrfxCommented:
I had the same problem while opening *.docx files, which were, however, not E-Mail attachments. In addition, I used Office XP on a Windows XP (SP3) system with the Office 2007 file converter installed. My solution was the following:

MS Word > Tools menu > Options > General tab.
Untick instead of tick the "Confirm conversion at Open" option.
Apply change > close Word.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.