25 replies to this topic

[Micah_6:8]

(remember you instructed me that I had to disable the antivirus and Spybot tea-timer...resident in order to do the clean up you were helping with?)

If you'll read back a few posts, you'll find that you are slightly in error.

The ONLY thing I asked you to disable was Teatimer.

Disabling your antivirus or firewall while you are connected to the Internet is NEVER advisable.

Your "Security Manager" was still active as of your last post.

C:\Program Files\Cox\Applications\app\Prism.exe

In my opinion, it would be best to keep your PC offline (as much as possible) until you "get a handle" on all the garbage loose on your machine.

That would mean using another PC to download malware removal programs to, then transferring them to your PC.

I don't know if that's possible in your situation.

[daniela98]

yes. You are right. but I do have those two programs on my laptop. The trick is getting it to run again. the Cox guy said they would "take over" my laptop when they call. Probably I will get back to you after that. I feel so embarrasse about this! I hope you have run into worse situations!

[Micah_6:8]

I would like to see you download/run this ASAP:

Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Close Ewido and reboot in "Safe mode"
• Run Ewido, click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Reboot in "normal mode".

Copy/paste the Ewido report, and a new HijackThis! log file into this thread.

I think you should also investigate getting a different antivirus program, and firewall.

There are free ones available here:

Post Infection Items To Ponder

Frankly, to your ISP, your security is secondary.

As long as you pay your bill, they're happy. Whether you get a million redirects, pop-ups, and viruses, or none at all.

I can't answer many questions about those programs because I've never used them. All I've had for 5 years is Norton Internet Security and Antivirus. They've pretty much just "run themselves", and I've done very little "tweaking" and had very few problems with either of them.

I'll be awaiting your next post.

[daniela98]

thanks! As I was wating for Cox's call, I switched my laptop and it opened to a white dest top and they gave me options to get back to normal desktop. I chose to bypass that and just do a system restore. I went back to 6/12 and it worked. The only problem is that the antivirus doesnt work. for the past 10 mins, it says that it is preparing to search for viruses. So yr idea of another program makes lots of sense. I am going to get AVG Free Antivirus and the Firewall. I was using Windows Firewall (it seemed to work against Cox! Two months ago, Cox tech people could not see my laptop bse of the firewall and I felt good about it bse they were telling me almost every thing i had online...the modem, wireless router and when i disabled Windows Firewall, they could tell which pagers i was browsing!). Anyway, i am now downloading the antirus and i will send you the reports soon. thanks again.

[Micah_6:8]

The reason Windows firewall in inadequate is that it only works in "one direction". It can stop some things from "getting in", but it does nothing about preventing things from "getting out". So, if you were infected with a "keylogger" for instance, it would do nothing to stop it from sending out the recorded keystrokes. Whereas an alternate firewall, such as Zonealarm, alerts you when a program attempts to access the Internet for the first time. Then you are given the opportunity to allow it, or block it. I think between Ewido, HijackThis!, and maybe a program called Killbox (a free downloadable program we might need to use later), we can still get the upper hand in the fight for your machine.

[daniela98]

New Prob: I tried to instal AVG and it told me to first remove Cox bse Cox "would interfere with the instalation". I did so but I cant get to the desktop! I have tried rebooting but nothing changes. As soon as it gets to where I am suppoesed to click to log on, it pretends to do so but then reverses and starts the process of logging off!

[Micah_6:8]

Two questions.

1. Can you boot in "safe" mode?

2. Do you have Windows installation CD's, or a "recovery" CD? These would have been supplied when you bought the PC.

[daniela98]

I do have them but I contacted HP last night and the problem got worse. They told me to take out battery and disconnect then press "on" buton for 20 seconds. then take out ram. then try to boot to bios (f10) but nothing worked. Now the screen stays blank. So they are taking it back. They will sent me a box to pack it in and it will be back in 3-4 days. I think one of those serious viruses that affect booting might have invaded it. We'll see. I'll get back to you again when I get it back. Right now, I gave it to the school tech guys to back up the hard drive in case HP erases anything (HP told me first back up anything I might need). The Sch tech guys told me they'd first scan it for viruses before backing it up. DS

[Micah_6:8]

I'll leave this thread open. When you get it back, post a new log file please.

[daniela98]

thanks!

[Micah_6:8]

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.