AXEL.DAV files malicious code?

G

Guest

On 11-2-04 in the morning, some malicious code was run on an XP home machine
that I am responsible for. The result was that the registry was overwritten,
and the documents and settings folder was replaced. Trying to access the
documents and settings folder with explorer or power desk yielded an access
denied message. I used a file recovery utility (Active Undelete 5.0) to
recover the documents that were lost including outlook express .wab and .dbx
files and word and excel files.
While examining hundreds of lost and deleted folders on the hard drive,
I found that most of them contained a small file named AXEL.DAV. In this file
was the name Axel Davis. I also found remnants of some executables which were
probably malicious code that ran and later deleted themselves. A few had
names begining with 33WW and one was named run and hide. . I did a google
search on AXEL.DAV, and came up with a web page, axeldavis.com where the
writers claim to know what an AXEL.DAV file is but they won't say. They also
provide a copy of a google search page with links to a microsoft forum dated
in 2002 where a few people posted messages about their system being hit by a
virus which left hundreds of AXEL.DAV files on their machine.
I would like to know if this was a virus or trojan, or if a hacker
somehow got through and took over the computer.
 
D

David H. Lipman

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt244.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave






| On 11-2-04 in the morning, some malicious code was run on an XP home machine
| that I am responsible for. The result was that the registry was overwritten,
| and the documents and settings folder was replaced. Trying to access the
| documents and settings folder with explorer or power desk yielded an access
| denied message. I used a file recovery utility (Active Undelete 5.0) to
| recover the documents that were lost including outlook express .wab and .dbx
| files and word and excel files.
| While examining hundreds of lost and deleted folders on the hard drive,
| I found that most of them contained a small file named AXEL.DAV. In this file
| was the name Axel Davis. I also found remnants of some executables which were
| probably malicious code that ran and later deleted themselves. A few had
| names begining with 33WW and one was named run and hide. . I did a google
| search on AXEL.DAV, and came up with a web page, axeldavis.com where the
| writers claim to know what an AXEL.DAV file is but they won't say. They also
| provide a copy of a google search page with links to a microsoft forum dated
| in 2002 where a few people posted messages about their system being hit by a
| virus which left hundreds of AXEL.DAV files on their machine.
| I would like to know if this was a virus or trojan, or if a hacker
| somehow got through and took over the computer.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AXEL.DAV 3
malicious software removal tool 34
Origin exploit discovered, allows EA store to launch malicious code 0
Deleting a "malicious" folder? 2
Microsoft PowerPoint Code Execution Vulnerability 12
Virus in 1386 files in WindowsXP 4
Windows 10 Insufficient disk space to fix volume bitmap. 5
malicious code. please help, urgent :( 3

Top