# Cox warning: computer infection, but no signs of virus



## 12FindersKeepers (Apr 27, 2012)

Yesterday (October 10th) we received an email from Cox Customer Safety, and I noticed a popup on my computer (from Cox) that one or more of my devices is infected with the "FakeSecSen" or "Spy Sheriff" Virus

I ran Adwcleaner on both my mothers and my computer. As well as Malwarebytes and Mcafee. However when this popup occured the only one online was me.

And I looked up what those viruses are and no computer on our system has been displaying behaviors that have that obvious "Fake Malware removal" popup running in the background.

I was about to post on the virus removal forum, but there's just too many computers to scan. And all three seem to be working fine (normal startup, fast load time, no popups from fake virus removal software).

I was searching around and it seems that others (Cox internet users) have been getting false alarm emails as well, but I decided to post on here just in case. Should I still be worried about my internet being hijacked? Or should I leave things be?

Edit: Also I wasn't sure where to post this on the network forum or on this thread but please do move it if needed be

Thanks a ton for the help!


----------



## Cookiegal (Aug 27, 2003)

These appear to be legitimate warnings from Cox based on traffic on your network where a device is connecting to a server known to deliver this type of malware. It's possible that it could be a false positive on their part. However, I would suggest that you contact Cox support and ask them to provide you with the domain that triggered the alert. They should be able to do so and then perhaps you can figure out which device might be involved (it could be a PC or any mobile device that uses the network).


----------



## 12FindersKeepers (Apr 27, 2012)

Just got home and decided to run a scan on my younger brother's computer and Adwcleaner picked up several items within files, folders, and registry!

His computer did seem to run a bit slower, but could that have been it? Although we advise him not to, he sometimes watches TV shows from unsafe sites and he admitted a rather vulgar popup appeared and froze his computer but was too afraid to tell us. He rarely uses it, aside from home work (and watching videos), which is why I didnt bother to look all that much on his end.

Should I have someone look through my log file of adwcleaner/should I still talk to cox? All computers appear clean as of far, but I'm just wondering if there's any extra steps I should take. Would changing passwords for everything be a good idea?

I can try calling Cox tomorrow if needed be, the reason I didn't get to it was because of my college classes taking up my whole day.

Thank you!


----------



## Cookiegal (Aug 27, 2003)

So it's likely that's the computer that triggered the alert but it's possible to spread to other ones on the same network. I would still suggest calling Cox to get the name of the domain as that can help with the malware removal process then you should start a new thread in the Virus & Other Malware Removal forum to clean that computer to start with. Please include the log from AdwCleaner showing what was cleaned in your initial post. Once that's done, the others can be checked as well, one by one.

Changing passwords is a good idea but only from a machine that is known to be clean. Changing passwords on an infected computer could result in the new passwords being compromised.


----------

