Unknown Virus // Avast does not show it

I am running Win XP Pro.

I can not run any .EXE files or applications. All of my Shortcuts now have a .INK extension.

Avast does not pick up any virus on my system.
I had to go into safe mode command prompt to run avast.

I thought it was the SirCam32 virus but cannot not find any instance of it on my registry.

I am at a deadend and dont know what else to do, Please help!!!

I am ready to format my C drive and start over BUT this is NOT preferred.

respectfully,

T-Rex

Welcome to the forum T-Rex. Sorry you’ve been waiting so long …

I don’t know of any malware that causes this kind of problem but the symptoms sound similar to some problems AdAware’s AdWatch (real time protection) is causing recently. Do you have this on your computer?

See if these sheds some light

http://www.lavasoftsupport.com/index.php?showtopic=1938

http://www.lavasoftsupport.com/lofiversion/index.php/t641.html

EDIT: That SirCam32 worm you mentioned arrives as an email attachment sometimes with a .lnk extension, but I don’t see mention of it changing file names. Here are some technical details

http://www.symantec.com/security_response/writeup.jsp?docid=2001-071720-1640-99&tabid=2

No I do not have anything like that on my hard drive.

It appears to have changed all of my shortcut names, removed a line in my registry, and made it impossible to create working shortcuts. I can go to the folder where my executables are and run the apps.

I finally decided the best way to get rid of this unknown is to delete the partition and start over. Luckily for me I have multiple hard drives on my computer and was able to save all of my most important stuff.(mainly pictures)

Thanks for the reply.

Avast is still the best anti-virus out there, keep up the great work!!

Rex

Thanks for the follow up. Sorry I couldn’t be more helpful.

Microsoft has several Knowledge Base articles about this so if it happens again you may want to check there. For example

http://support.microsoft.com/kb/172053

How about showing us a HACKTHIS log ?
That way we might spot something.

Al968