-
April 20th, 2005, 08:33 AM
#1
Axel.DAV Virus or some other Malware
Greets Guys,
HAve a machine that has been hit with some form of MAlware..
ALL the customers Files have been deleted.. many of the Program Files Folders have been deleted.. Windows, System and system32 mostly deleted.. A common file in EVERY Folder is AXEL.DAV which has the contents of AXEL Davis..
The best information I have come up with is a heap of victems.. On this Google Search
One of the references was to redlof.A VBS virus.. but the symantec details dont match what I have seen so far..
I WILL BE RE FORMATTING THE HDD.. BUT first I have to recover the customers Documenst and accounting data..
What I am looking for is some information of the attack vector so I can help the customer prevent this next time.. (besides giving them the drill on BACK UP, Back Up, Back Up)
BRB..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 20th, 2005, 02:34 PM
#2
Hi Undies,
This heap of garbage looks like the culprit for generating it:
http://www.mailsend-online.com/
Bloody skiddies
-
April 20th, 2005, 03:10 PM
#3
..Ok finaly got to the Link.. Bloody ISP (Telstra PigPond) has DNS and routing problems..
Other than "Run and Hide" I dont see a relivence to Axel.dav?
All I have found in any of the links in search is people who have found a ton of these files in their system.. from all I have checked sofar they are all 1k in size and contain 2 words (Axel Davis)..
I have not found any virus or worm that is reported to leave such files in peoples machines.. just a number of people refering to axel.dav as a virus.. me thinks I will do file recovery on the system - System32, TIF and Email folders (as well as the needed files) I want to know what this sucker is..
Just finished a HDD Regen scan on the first 15GB of the HDD (160GB hdd) 1 bad sector - repaired - in about the 8GB point.. should be far enopugh away from system filles.. the HDD should be ready by morning ..
BTW for the look'n peepers..
System is a Compaq SR1278AN
P4 3.2GHz
512Mb PC3200
160GB SATA
WinXP Home..
hmm looks like I need to invest in a SATA to USB adapter or at least a SATA Card (with external cable) for my pc
..
im out for the day.. cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 20th, 2005, 03:49 PM
#4
Other than "Run and Hide" I dont see a relivence to Axel.dav?
There isn't one, but that was the only computer program related entry on the whole of the net
Seems like some skiddie concoction using a virus generation toolkit and some stuff off that site?
If you get a chance have a look around for any other file fragments and names, there might be a few more clues..........also, where are the axel.dav files...............does it look as if they overwrote genuine files??
Cheers
-
April 20th, 2005, 11:02 PM
#5
Thanks Nihil, I see what your saying..
Axel.dav is in every folder.. now here is a bit of information.. ALL folders that remain were created at 3.17 Am of 2 days ago (19th April..it is the 21st in this part of the world ATM)
If it wasnt for the fact that these machines come with a **** load of software.. if would say the customer had tried to reinstall
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 20th, 2005, 11:20 PM
#6
..Ok finaly got to the Link.. Bloody ISP (Telstra PigPond) has DNS and routing problems..
Giggling like hell.... ROFLMAO..... Lying on the floor with people attempting to give me Heart Massage.....
Here, you might want to call....
Joke.... but it was something that made me laugh..... thanks....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 21st, 2005, 09:18 AM
#7
A news letter from late 2003:
Good Morning to all our Customers.
Oh sorry.. Good evening if your with Telstra Bigpond
..
Most common page to not be found.. www.bigpond.com and www.telstra.com
as we deal direct to telstra for such things as Mobile and ADSL connections, their online server will be unavailable for hours each day.. so we created a prepaid dialup account with their opposition (Optus), and the server didnt fault.. when asked by a "battry hen" as to how come we were able to use the server.. our reply.. WE HAVE SWITCHED OUR INTERNET ACCOUNT OVER TO OPTUS.... Yep they "fixed" the problem.... for a couple of days..
My next problem.. I have run out of UPS... We have had two major power outages in this area in the past 24hrs.. (any area in South East Queensland can now boast a 1hr plus black out per 200hrs, that is not including the 1 to 5min black outs, and the little brownies and surges) Prob was the UPS battery died during the second Blackout .. and the File recovery had failed.. Had to start again..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 21st, 2005, 09:19 AM
#8
Sounds like there will always be people who are being out smarted by their computers. Kind of of ironic really. We built the things, yet allow them to cause us so much greif.
off topic
Skiddies will always be the same nihil.
Undertaker, I see you are still alive and banging your head against the wall thanks to your customers : )
Tiger..Tiger..Tiger.... nuff said
/topic
Sorry no real help from me. Just wanted to say hello again
Good to be back guys, good to see you guys are still around
-
April 21st, 2005, 09:52 AM
#9
Hey look what the cat dragged in!!!
G'day Dopey... Your still alive.. Nice to see your return..
BTW: Customers always assure a fresh supply of problems..stories and grief..
ciao
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 21st, 2005, 10:16 AM
#10
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|