Virus Axel.Dav
- Thread starter kirk007
- Start date
NYJimbo
Well-Known Member
- Reaction score
- 2,010
- Location
- Long Island
Google "Axel.dav". Tons of answers out there.
Methical
Active Member
- Reaction score
- 6
- Location
- Christchurch, New Zealand
You've been doin' tech work for 13 years and haven't learnt how to use Google ?
More Information
I have done some research on google at it appears that no one knows how to effectively get rid of the virus expect from reformatting the hard drive. I found the virus in 3 process when I ran Highjackthis. I have also attempted to remove the virus manually in dos. That did not work either.
I have done some research on google at it appears that no one knows how to effectively get rid of the virus expect from reformatting the hard drive. I found the virus in 3 process when I ran Highjackthis. I have also attempted to remove the virus manually in dos. That did not work either.
geekhelp4u
Member
- Reaction score
- 3
- Location
- Cypress, Texas
What have you tried/run so far?
NYJimbo
Well-Known Member
- Reaction score
- 2,010
- Location
- Long Island
Hint: Look into "combofix". I am not going to explain how, sorry. Use at your own risk.
You can also google "combofix axel.dav" results don't give you step-by-step but its a good lead.
You can also google "combofix axel.dav" results don't give you step-by-step but its a good lead.
PcTek9
Well-Known Member
- Reaction score
- 85
- Location
- Mobile, AL
Kirk007,
I posted a gigantic list of all KNOWN anti-virus/trojan/rootkit programs as the very first post in the antivirus forum. Do you see it? It lists every single one and what they are good for.
axel.dav is part of vbs_redlof.A , according to MartinM it litters a pc with axel.dav files which are 24 bytes in size, it attacks files with a selection of extensions - so the pattern of dispersion depends on what you have stored in different locations.
TrendMicro knows this puppy and can get rid of it. It is a visual basic script virus. You might use noscript.exe from norton (yes norton) it's just a free tool that turns off all scripting on your pc so you can stop the spread while you are trying to remove it.
This bug travels via email, infected files, and software exploits, and it is encrypted. It infects vbs, html, htm, asp, php, jsp, and htt files.
That means it can infect webservers. To spread copies of itself, it infects the stationery file, blank.htm of microsoft outlook express. This way every email you send is an infected email. It also uses vm activeX component to move across networks.
Microsoft made a patch for this in october of 2000. vm activeX is a part of microsoft virtual machine.
This bug hooks the Onload event and runs the KJ_start() function in IE when you open an infected webpage. It decrypts itself on your pc, it then initializes it's variables to get ready for the attack. If it finds wscript.exe in the windows folder it creates a copy of itself in there called kernel.dll. If it does not find it there, then it writes a copy of kernel.dll to windows/system which on reboot completely disables the pc.
You really really need to update your pc, these patches have been around since 2000. Good luck and let me know if I can help you further.
I posted a gigantic list of all KNOWN anti-virus/trojan/rootkit programs as the very first post in the antivirus forum. Do you see it? It lists every single one and what they are good for.
axel.dav is part of vbs_redlof.A , according to MartinM it litters a pc with axel.dav files which are 24 bytes in size, it attacks files with a selection of extensions - so the pattern of dispersion depends on what you have stored in different locations.
TrendMicro knows this puppy and can get rid of it. It is a visual basic script virus. You might use noscript.exe from norton (yes norton) it's just a free tool that turns off all scripting on your pc so you can stop the spread while you are trying to remove it.
This bug travels via email, infected files, and software exploits, and it is encrypted. It infects vbs, html, htm, asp, php, jsp, and htt files.
That means it can infect webservers. To spread copies of itself, it infects the stationery file, blank.htm of microsoft outlook express. This way every email you send is an infected email. It also uses vm activeX component to move across networks.
Microsoft made a patch for this in october of 2000. vm activeX is a part of microsoft virtual machine.
This bug hooks the Onload event and runs the KJ_start() function in IE when you open an infected webpage. It decrypts itself on your pc, it then initializes it's variables to get ready for the attack. If it finds wscript.exe in the windows folder it creates a copy of itself in there called kernel.dll. If it does not find it there, then it writes a copy of kernel.dll to windows/system which on reboot completely disables the pc.
You really really need to update your pc, these patches have been around since 2000. Good luck and let me know if I can help you further.
Last edited:
Similar threads
