Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Windows Security has found critical process activity

more options

THIS IS A MACBOOK related question. I'M NOT ON WINDOWS.

When navigating to an image after an image search (of Marcia Cross) with Google. Search page suddenly shrinks to dialogue box with a black exclamation point in a yellow diamond followed by the message: "The page at http://sanprotectionxp.com says: Windows Security has found critical process activity on your system and willl perform fast scan of system files." There's an OK button to click. I do not. I can do nothing but force quit to avoid problems but when I open Firefox 3.6.16 again same thing sometimes happens again, this time without search, but as soon as the Firefox window opens again.

Modified by BroderickPerk

All Replies (11)

more options

Well, since you don't have a Windows operating system, it sounds like another rogue AV program which you may have inadvertently installed when you clicked on an image.

Are you sure you spelt that correctly? There doesn't appear to be a domain name called sanprotectionxp.com

But as a precaution, do the following please.

  1. In the location bar, type about:config and hit Enter.
  2. In the filter at the top, type: keyword.URL
  3. Double click it and remove whatever's in there. You'll see it revert to "Default" and "String".
  4. Go to File | Exit
  5. Restart Firefox, go to the site you want to set as your homepage.
  6. Go to Tools | Options | General.
  7. Make sure it says "Show My Homepage" in the first dropdown menu.
  8. Click the button called "Use Current Pages" to set the homepage to the one you have on the screen.

If you have a malware scanner already, run that. I'm not familiar with macs since I'm a Windows user, but there's one here you could download from the Mac store which is free: http://itunes.apple.com/us/app/virusbarrier-express/id411642093?mt=12

Just found this titbit which bears the name you mentioned in your opening post: Windows Security

Modified by Xircal

more options

Have a read through this article.

more options

Yes, I just edited my previous post with a link to the program you mentioned to begin with, but here it is again: Windows Security

more options

See "System Details" to the right of my post. I'm on a Macbook.

I'm getting answers giving me instructions as if I'm running Windows.

I've attached a screen shot of the problem.

Again, I'm on a Macbook. Apple. NOT Windows.

more options

I wonder if they've created a version which will run on MACs, but can't be bothered to amend the 'warning message'.

It's listed several times on the Malwaredomainlist and as you can see, they all have the same IP address regardless of what the rogue app is called. You have to laugh at the name of this one though: scansoftdrinkprotectionxp

I think the easiest thing to do is to simply block that IP with your firewall.

Could you give me the URL to the site that set it running?

Modified by Xircal

more options

Xircal, other Window pains. Thanks for your efforts, but it's pretty useless if you assume everyone is on Windows. I went to the effort to include "Systems Detail" info so this wouldn't happen, to no avail.

Stop being impressed by your own intelligence if it's limited to Windows.

If you really want to help, when someone takes the time to include "Systems Detail" READ "Systems Detail" and don't over geek it and assume everyone is using the same system you are. Seriously. I find this 'tude NOT helpful.

Saves SO much time if you aren't so locked into a system you cant see the forest for the trees. If your answers don't apply to the question, well, they aren't answers.

more options

BroderickPerk:

Please see this:
https://support.mozilla.com/en-US/kb/Forum+and+chat+rules+and+guidelines

Do not harass, insult, taunt, provoke, demean, or personally attack other forum members. Be friendly even if others are not.

more options

I have the exact same problem - but through a different google image, hence it says a different web link. I'm also on a macbook pro, so thought it was really strange for it to say WINDOWS Security. It seems to me that this is a virus/malware intended to infect window users but recently has been adapted to Mac's halfway? I'm not sure if it actually affects a Mac though.

Also, after rebooting my macbook and opening Firefox the window no longer pops up. Not sure if it is still there, I can't tell! If you resolve the issue I would be very grateful if you could let me know :) Thanks

more options

What you see is only an animation that is loaded from a server and no real scan. So if you visit a website that is infected with such malware then you see that animation with any OS. Only Windows users will get the malware on their computers if they download and run that .exe file that a download link on such a page gives them.

more options

I too am on Macbook Pro, OS 10.6.7. Happened just a few times weeks ago, that clicking on an image (using Google image search, clicking on image to reach link), suddenly the window shrinks to stamp-size, with same "warning" message as discussed above. But now, even when I first open Firefox, the window is shrunken size to start out with. The previous post seems to say that as a Mac, my OS won't be hurt by this, however I'd like to fix the behavior anyway. I'm not highly technical, but I can follow instructions, so would hugely appreciate if someone could refer me to a step by step fix, or any info, other discussions, etc.

more options

This is not a bug in Firefox. Firefox is doing everything its supposed to do, displaying a web site and running an embedded script, with the possible exception that maybe it should produce modeless (non-blocking) dialogs instead of modal (blocking) dialogs. Other browsers do the same thing.

The problem is with the web site, which displays misleading content trying to make you download and run a probably infected Windows Executable, so if you are on a platform which cannot run Windows .exe's, you probably have nothing to worry about. However this does seem to be some kind of web virus, which infects web sites as opposed to computers, injecting a script into pages causing this misleading animation to pop up.

A solution for you may be to disable JavaScript in your browser - these scam sites depend on it to load. Try a Firefox extension such as NoScript to disable JavaScript on sites you don't trust, and enable scripting on sites like YouTube that need it.