X
Tap here to go to the mobile version of the site.

Support Forum

Windows Security has found critical process activity

Posted

THIS IS A MACBOOK related question. I'M NOT ON WINDOWS.

When navigating to an image after an image search (of Marcia Cross) with Google. Search page suddenly shrinks to dialogue box with a black exclamation point in a yellow diamond followed by the message: "The page at http://sanprotectionxp.com says: Windows Security has found critical process activity on your system and willl perform fast scan of system files." There's an OK button to click. I do not. I can do nothing but force quit to avoid problems but when I open Firefox 3.6.16 again same thing sometimes happens again, this time without search, but as soon as the Firefox window opens again.

THIS IS A MACBOOK related question. I'M NOT ON WINDOWS. When navigating to an image after an image search (of Marcia Cross) with Google. Search page suddenly shrinks to dialogue box with a black exclamation point in a yellow diamond followed by the message: "The page at http://sanprotectionxp.com says: Windows Security has found critical process activity on your system and willl perform fast scan of system files." There's an OK button to click. I do not. I can do nothing but force quit to avoid problems but when I open Firefox 3.6.16 again same thing sometimes happens again, this time without search, but as soon as the Firefox window opens again.

Modified by BroderickPerk

Additional System Details

Sites Affected

http://???

Installed Plug-ins

  • Runs Java applets using the latest installed versions of Java. For more information: Java Embedding Plugin. Run version test: Java Information.
  • Gecko default plugin
  • npmnqmp 071701000001
  • iPhoto6
  • RealPlayer Plugin
  • The Flip4Mac WMV Plugin allows you to view Windows Media content using QuickTime.
  • 4.0.51204.0
  • Shockwave Flash 10.2 r152
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.

Application

  • User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16

More Information

I SAID: I'm on a Macbook running 10.4.7
Application Basics
Name
Firefox
Version
3.6.16
Profile Directory
Show in Finder
Installed Plugins
about:plugins
Build Configuration
about:buildconfig
Extensions
Name
Version
Enabled
ID
Modified Preferences
Name
Value
accessibility.typeaheadfind
true
accessibility.typeaheadfind.flashBar
0
browser.history_expire_days
10
browser.history_expire_days.mirror
10
browser.history_expire_days_min
30
browser.link.open_newwindow
2
browser.places.importBookmarksHTML
false
browser.places.importDefaults
false
browser.places.leftPaneFolderId
-1
browser.places.migratePostDataAnnotations
false
browser.places.smartBookmarksVersion
2
browser.places.updateRecentTagsUri
false
browser.startup.homepage
http://www.examiner.com/x-1303-Real-Estate-Examiner
browser.startup.homepage_override.mstone
rv:1.9.2.16
browser.tabs.opentabfor.searchdialog
false
browser.tabs.warnOnClose
false
extensions.lastAppVersion
3.6.16
font.default.x-western
sans-serif
font.minimum-size.x-western
11
font.name.monospace.x-western
Arial
font.name.sans-serif.x-western
Arial
font.name.serif.x-western
Arial
font.size.variable.x-western
13
network.cookie.prefsMigrated
true
network.http.pipelining
true
network.http.pipelining.maxrequests
16
network.http.proxy.pipelining
true
network.protocol-handler.warn-external.feed
false
network.protocol-handler.warn-external.itms
false
places.last_vacuum
1302187458
print.macosx.pagesetup
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUgQ29tcHV0ZXIvL0RURCBQTElT…
print.macosx.pagesetup-2
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUgQ29tcHV0ZXIvL0RURCBQTElT…
print.print_bgcolor
true
print.print_bgimages
true
print.print_command
print.print_downloadfonts
true
print.print_evenpages
true
print.print_footercenter
&U
print.print_footerleft
print.print_footerright
print.print_headercenter
&T
print.print_headerleft
print.print_headerright
print.print_in_color
true
print.print_margin_bottom
0.5
print.print_margin_left
0.5
print.print_margin_right
0.5
print.print_margin_top
0.5
print.print_oddpages
true
print.print_orientation
0
print.print_pagedelay
500
print.print_paper_data
0
print.print_paper_height
11.00
print.print_paper_size
3
print.print_paper_size_type
1
print.print_paper_size_unit
0
print.print_paper_width
8.50
print.print_printer
print.print_reversed
false
print.print_scaling
1.00
print.print_shrink_to_fit
true
print.print_to_file
false
print.print_unwriteable_margin_bottom
56
print.print_unwriteable_margin_left
25
print.print_unwriteable_margin_right
25
print.print_unwriteable_margin_top
25
privacy.clearOnShutdown.cookies
false
privacy.clearOnShutdown.formdata
false
privacy.clearOnShutdown.sessions
false
privacy.cpd.cookies
false
privacy.cpd.formdata
false
privacy.cpd.sessions
false
privacy.item.formdata
false
privacy.item.sessions
false
privacy.sanitize.migrateFx3Prefs
true
privacy.sanitize.timeSpan
2
security.warn_submit_insecure
true
security.warn_viewing_mixed
false

Xircal 334 solutions 3835 answers

Helpful Reply

Well, since you don't have a Windows operating system, it sounds like another rogue AV program which you may have inadvertently installed when you clicked on an image.

Are you sure you spelt that correctly? There doesn't appear to be a domain name called sanprotectionxp.com

But as a precaution, do the following please.

  1. In the location bar, type about:config and hit Enter.
  2. In the filter at the top, type: keyword.URL
  3. Double click it and remove whatever's in there. You'll see it revert to "Default" and "String".
  4. Go to File | Exit
  5. Restart Firefox, go to the site you want to set as your homepage.
  6. Go to Tools | Options | General.
  7. Make sure it says "Show My Homepage" in the first dropdown menu.
  8. Click the button called "Use Current Pages" to set the homepage to the one you have on the screen.

If you have a malware scanner already, run that. I'm not familiar with macs since I'm a Windows user, but there's one here you could download from the Mac store which is free: http://itunes.apple.com/us/app/virusbarrier-express/id411642093?mt=12

Just found this titbit which bears the name you mentioned in your opening post: Windows Security

Well, since you don't have a Windows operating system, it sounds like another rogue AV program which you may have inadvertently installed when you clicked on an image. Are you sure you spelt that correctly? There doesn't appear to be a domain name called '''sanprotectionxp.com''' But as a precaution, do the following please. #In the location bar, type '''about:config''' and hit Enter. #In the filter at the top, type: '''keyword.URL''' #Double click it and remove whatever's in there. You'll see it revert to "Default" and "String". #Go to File | Exit #Restart Firefox, go to the site you want to set as your homepage. #Go to '''Tools '''| '''Options '''| '''General'''. #Make sure it says "''Show My Homepage''" in the first dropdown menu. #Click the button called "'''Use Current Pages'''" to set the homepage to the one you have on the screen. If you have a malware scanner already, run that. I'm not familiar with macs since I'm a Windows user, but there's one here you could download from the Mac store which is free: http://itunes.apple.com/us/app/virusbarrier-express/id411642093?mt=12 Just found this titbit which bears the name you mentioned in your opening post: [http://news.loaris.com/rogue-windows-security-suite-how-to-remove-windowssecuritysuite-removal-instruction/ Windows Security]

Modified by Xircal

shusseina 5 solutions 57 answers

Have a read through this article.

Have a read through this [https://support.mozilla.com/en-US/questions/787952?s=Windows+Security+has+found+critical+process+activity&as=s article].
Xircal 334 solutions 3835 answers

Yes, I just edited my previous post with a link to the program you mentioned to begin with, but here it is again: Windows Security

Yes, I just edited my previous post with a link to the program you mentioned to begin with, but here it is again: [http://news.loaris.com/rogue-windows-security-suite-how-to-remove-windowssecuritysuite-removal-instruction/ Windows Security]

Question owner

See "System Details" to the right of my post. I'm on a Macbook.

I'm getting answers giving me instructions as if I'm running Windows.

I've attached a screen shot of the problem.

Again, I'm on a Macbook. Apple. NOT Windows.

See "System Details" to the right of my post. I'm on a Macbook. I'm getting answers giving me instructions as if I'm running Windows. I've attached a screen shot of the problem. Again, I'm on a Macbook. Apple. NOT Windows.
Xircal 334 solutions 3835 answers

I wonder if they've created a version which will run on MACs, but can't be bothered to amend the 'warning message'.

It's listed several times on the Malwaredomainlist and as you can see, they all have the same IP address regardless of what the rogue app is called. You have to laugh at the name of this one though: scansoftdrinkprotectionxp

I think the easiest thing to do is to simply block that IP with your firewall.

Could you give me the URL to the site that set it running?

I wonder if they've created a version which will run on MACs, but can't be bothered to amend the 'warning message'. It's listed several times on the [http://page2rss.com/f3a82a89e1edb195502a2f31a41e5ae5/5414614_5416701/mitissanservicegroup Malwaredomainlist] and as you can see, they all have the same IP address regardless of what the rogue app is called. You have to laugh at the name of this one though: '''scansoftdrinkprotectionxp''' I think the easiest thing to do is to simply block that IP with your firewall. Could you give me the URL to the site that set it running?

Modified by Xircal

Question owner

Xircal, other Window pains. Thanks for your efforts, but it's pretty useless if you assume everyone is on Windows. I went to the effort to include "Systems Detail" info so this wouldn't happen, to no avail.

Stop being impressed by your own intelligence if it's limited to Windows.

If you really want to help, when someone takes the time to include "Systems Detail" READ "Systems Detail" and don't over geek it and assume everyone is using the same system you are. Seriously. I find this 'tude NOT helpful.

Saves SO much time if you aren't so locked into a system you cant see the forest for the trees. If your answers don't apply to the question, well, they aren't answers.

Xircal, other Window pains. Thanks for your efforts, but it's pretty useless if you assume everyone is on Windows. I went to the effort to include "Systems Detail" info so this wouldn't happen, to no avail. Stop being impressed by your own intelligence if it's limited to Windows. If you really want to help, when someone takes the time to include "Systems Detail" READ "Systems Detail" and don't over geek it and assume everyone is using the same system you are. Seriously. I find this 'tude NOT helpful. Saves SO much time if you aren't so locked into a system you cant see the forest for the trees. If your answers don't apply to the question, well, they aren't answers.
the-edmeister
  • Top 25 Contributor
  • Moderator
5398 solutions 40147 answers

BroderickPerk:

Please see this:
https://support.mozilla.com/en-US/kb/Forum+and+chat+rules+and+guidelines

Do not harass, insult, taunt, provoke, demean, or personally attack other forum members. Be friendly even if others are not.

BroderickPerk: Please see this: <br /> https://support.mozilla.com/en-US/kb/Forum+and+chat+rules+and+guidelines '''Do not harass, insult, taunt, provoke, demean, or personally attack other forum members. Be friendly even if others are not. '''
tonie3 0 solutions 3 answers

I have the exact same problem - but through a different google image, hence it says a different web link. I'm also on a macbook pro, so thought it was really strange for it to say WINDOWS Security. It seems to me that this is a virus/malware intended to infect window users but recently has been adapted to Mac's halfway? I'm not sure if it actually affects a Mac though.

Also, after rebooting my macbook and opening Firefox the window no longer pops up. Not sure if it is still there, I can't tell! If you resolve the issue I would be very grateful if you could let me know :) Thanks

I have the exact same problem - but through a different google image, hence it says a different web link. I'm also on a macbook pro, so thought it was really strange for it to say WINDOWS Security. It seems to me that this is a virus/malware intended to infect window users but recently has been adapted to Mac's halfway? I'm not sure if it actually affects a Mac though. Also, after rebooting my macbook and opening Firefox the window no longer pops up. Not sure if it is still there, I can't tell! If you resolve the issue I would be very grateful if you could let me know :) Thanks
cor-el
  • Top 10 Contributor
  • Moderator
17473 solutions 157934 answers

Helpful Reply

What you see is only an animation that is loaded from a server and no real scan. So if you visit a website that is infected with such malware then you see that animation with any OS. Only Windows users will get the malware on their computers if they download and run that .exe file that a download link on such a page gives them.

What you see is only an animation that is loaded from a server and no real scan. So if you visit a website that is infected with such malware then you see that animation with any OS. Only Windows users will get the malware on their computers if they download and run that .exe file that a download link on such a page gives them.
grafica 0 solutions 1 answers

I too am on Macbook Pro, OS 10.6.7. Happened just a few times weeks ago, that clicking on an image (using Google image search, clicking on image to reach link), suddenly the window shrinks to stamp-size, with same "warning" message as discussed above. But now, even when I first open Firefox, the window is shrunken size to start out with. The previous post seems to say that as a Mac, my OS won't be hurt by this, however I'd like to fix the behavior anyway. I'm not highly technical, but I can follow instructions, so would hugely appreciate if someone could refer me to a step by step fix, or any info, other discussions, etc.

I too am on Macbook Pro, OS 10.6.7. Happened just a few times weeks ago, that clicking on an image (using Google image search, clicking on image to reach link), suddenly the window shrinks to stamp-size, with same "warning" message as discussed above. But now, even when I first open Firefox, the window is shrunken size to start out with. The previous post seems to say that as a Mac, my OS won't be hurt by this, however I'd like to fix the behavior anyway. I'm not highly technical, but I can follow instructions, so would hugely appreciate if someone could refer me to a step by step fix, or any info, other discussions, etc.
jbaldwin9182 0 solutions 2 answers

This is not a bug in Firefox. Firefox is doing everything its supposed to do, displaying a web site and running an embedded script, with the possible exception that maybe it should produce modeless (non-blocking) dialogs instead of modal (blocking) dialogs. Other browsers do the same thing.

The problem is with the web site, which displays misleading content trying to make you download and run a probably infected Windows Executable, so if you are on a platform which cannot run Windows .exe's, you probably have nothing to worry about. However this does seem to be some kind of web virus, which infects web sites as opposed to computers, injecting a script into pages causing this misleading animation to pop up.

A solution for you may be to disable JavaScript in your browser - these scam sites depend on it to load. Try a Firefox extension such as NoScript to disable JavaScript on sites you don't trust, and enable scripting on sites like YouTube that need it.

This is not a bug in Firefox. Firefox is doing everything its supposed to do, displaying a web site and running an embedded script, with the possible exception that maybe it should produce modeless (non-blocking) dialogs instead of modal (blocking) dialogs. Other browsers do the same thing. The problem is with the web site, which displays misleading content trying to make you download and run a probably infected Windows Executable, so if you are on a platform which cannot run Windows .exe's, you probably have nothing to worry about. However this does seem to be some kind of web virus, which infects web sites as opposed to computers, injecting a script into pages causing this misleading animation to pop up. A solution for you may be to disable JavaScript in your browser - these scam sites depend on it to load. Try a Firefox extension such as NoScript to disable JavaScript on sites you don't trust, and enable scripting on sites like YouTube that need it.