Re: AXEL.DAV


I have a compaq (=HP) bought in by a customer not booting due to missing
DLLs, recovery using standard XPSP2 Home disc failed. Customer has
(had!) files (JPGs) on HDD he asked me save so booted using BartPE and
looked at C: using that explorer shell, all folders above C:\Windows
contain 1KB AXEL.DAT file and precious little else. C:\Windows appears
intact but is clearly corrupted, likewise the recovery partition.

Customer told me he attempted to use the recovery process after a
failed installation of a downloaded DVD app.

My (albeit technically untested and unproven) suspicion is that
AXEL.DAT infestation is a result of a malware infection specificly
targetting the HP (and/or Compaq) recovery partition processes; this
could lie dormant for months/years until the user encounters a problem
and attempts a recovery, whereupon the malware deletes all
docs/settings/program files and dumps itself in each folder.

If you are thinking "but surely HP would know about this and have some
information on it" please refer to comments elsewhere that they should
stick to printers.

As it could be a rootkit best tack would be delete all HDD partitions,
maybe use QTparted on live Linux distro such as Knoppix or Kubuntu to
be sure, merge them, format back to NTFS, recreate partitions as
desired, reinstall clean XP and use 2nd partition to hold Ghosted
backup of clean install. Best of luck.


--
etone
------------------------------------------------------------------------
etone's Profile: http://forums.techarena.in/member.php?userid=27958
View this thread: http://forums.techarena.in/showthread.php?t=16899

http://forums.techarena.in

.