1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Missing files and folders, AXEL.DAV files everywhere

Discussion in 'Virus & Other Malware Removal' started by DBoe, Feb 17, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. DBoe

    DBoe Thread Starter

    Joined:
    Jan 15, 2008
    Messages:
    17
    A friend of mine asked me to take a look at his PC, it's a HP Pavilion a1510n, running XP Media Center Edition. He has lost hundreds of files and in the folders where the files were is this small file called AXEL.DAV, there are over 2000 of the files in just about every folder on the pc. I have run Ad-Aware but it didn't seem to find anything. I have attached a HJT log. Any help would be appreciated.
     

    Attached Files:

  2. DBoe

    DBoe Thread Starter

    Joined:
    Jan 15, 2008
    Messages:
    17
    Bump
     
  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,447
    Run HJT again and put a check in the following:

    O4 - S-1-5-18 Startup: AXEL.DAV (User 'SYSTEM')
    O4 - .DEFAULT Startup: AXEL.DAV (User 'Default user')
    O4 - .DEFAULT User Startup: AXEL.DAV (User 'Default user')
    O4 - Startup: AXEL.DAV
    O4 - Global Startup: AXEL.DAV

    Close all applications and browser windows before you click "fix checked".


    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
     
  4. DBoe

    DBoe Thread Starter

    Joined:
    Jan 15, 2008
    Messages:
    17
    Thanks for replying,
    I ran HJT again and checked the five lines containing the AXEL.DAV files.
    Then I DL'd the Dr.Web CureIt, and ran the scan.
    I was unable to upload the .csv file so I copied the contents to a text file, which I attached.
    I noticed when I ran HJT again, that some of the AXEL.DAV lines were back.
     

    Attached Files:

  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,447
    What is going on with Norton? Have you tried removing it?

    If you need an anti-virus software load AVG it's free.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/684236