G
Guest
On 11-2-04 in the morning, some malicious code was run on an XP home machine
that I am responsible for. The result was that the registry was overwritten,
and the documents and settings folder was replaced. Trying to access the
documents and settings folder with explorer or power desk yielded an access
denied message. I used a file recovery utility (Active Undelete 5.0) to
recover the documents that were lost including outlook express .wab and .dbx
files and word and excel files.
While examining hundreds of lost and deleted folders on the hard drive,
I found that most of them contained a small file named AXEL.DAV. In this file
was the name Axel Davis. I also found remnants of some executables which were
probably malicious code that ran and later deleted themselves. A few had
names begining with 33WW and one was named run and hide. . I did a google
search on AXEL.DAV, and came up with a web page, axeldavis.com where the
writers claim to know what an AXEL.DAV file is but they won't say. They also
provide a copy of a google search page with links to a microsoft forum dated
in 2002 where a few people posted messages about their system being hit by a
virus which left hundreds of AXEL.DAV files on their machine.
I would like to know if this was a virus or trojan, or if a hacker
somehow got through and took over the computer.
that I am responsible for. The result was that the registry was overwritten,
and the documents and settings folder was replaced. Trying to access the
documents and settings folder with explorer or power desk yielded an access
denied message. I used a file recovery utility (Active Undelete 5.0) to
recover the documents that were lost including outlook express .wab and .dbx
files and word and excel files.
While examining hundreds of lost and deleted folders on the hard drive,
I found that most of them contained a small file named AXEL.DAV. In this file
was the name Axel Davis. I also found remnants of some executables which were
probably malicious code that ran and later deleted themselves. A few had
names begining with 33WW and one was named run and hide. . I did a google
search on AXEL.DAV, and came up with a web page, axeldavis.com where the
writers claim to know what an AXEL.DAV file is but they won't say. They also
provide a copy of a google search page with links to a microsoft forum dated
in 2002 where a few people posted messages about their system being hit by a
virus which left hundreds of AXEL.DAV files on their machine.
I would like to know if this was a virus or trojan, or if a hacker
somehow got through and took over the computer.