Windows Security has found critical process activity
THIS IS A MACBOOK related question. I'M NOT ON WINDOWS.
When navigating to an image after an image search (of Marcia Cross) with Google. Search page suddenly shrinks to dialogue box with a black exclamation point in a yellow diamond followed by the message: "The page at http://sanprotectionxp.com says: Windows Security has found critical process activity on your system and willl perform fast scan of system files." There's an OK button to click. I do not. I can do nothing but force quit to avoid problems but when I open Firefox 3.6.16 again same thing sometimes happens again, this time without search, but as soon as the Firefox window opens again.
Modified by BroderickPerk
Additional System Details
- Runs Java applets using the latest installed versions of Java. For more information: Java Embedding Plugin. Run version test: Java Information.
- Gecko default plugin
- npmnqmp 071701000001
- RealPlayer Plugin
- The Flip4Mac WMV Plugin allows you to view Windows Media content using QuickTime.
- Shockwave Flash 10.2 r152
- The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
- User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:22.214.171.124) Gecko/20110319 Firefox/3.6.16
I SAID: I'm on a Macbook running 10.4.7
Show in Finder
Well, since you don't have a Windows operating system, it sounds like another rogue AV program which you may have inadvertently installed when you clicked on an image.
Are you sure you spelt that correctly? There doesn't appear to be a domain name called sanprotectionxp.com
But as a precaution, do the following please.
- In the location bar, type about:config and hit Enter.
- In the filter at the top, type: keyword.URL
- Double click it and remove whatever's in there. You'll see it revert to "Default" and "String".
- Go to File | Exit
- Restart Firefox, go to the site you want to set as your homepage.
- Go to Tools | Options | General.
- Make sure it says "Show My Homepage" in the first dropdown menu.
- Click the button called "Use Current Pages" to set the homepage to the one you have on the screen.
If you have a malware scanner already, run that. I'm not familiar with macs since I'm a Windows user, but there's one here you could download from the Mac store which is free: http://itunes.apple.com/us/app/virusbarrier-express/id411642093?mt=12
Just found this titbit which bears the name you mentioned in your opening post: Windows Security
Modified by Xircal
Have a read through this article.
Yes, I just edited my previous post with a link to the program you mentioned to begin with, but here it is again: Windows Security
See "System Details" to the right of my post. I'm on a Macbook.
I'm getting answers giving me instructions as if I'm running Windows.
I've attached a screen shot of the problem.
Again, I'm on a Macbook. Apple. NOT Windows.
I wonder if they've created a version which will run on MACs, but can't be bothered to amend the 'warning message'.
It's listed several times on the Malwaredomainlist and as you can see, they all have the same IP address regardless of what the rogue app is called. You have to laugh at the name of this one though: scansoftdrinkprotectionxp
I think the easiest thing to do is to simply block that IP with your firewall.
Could you give me the URL to the site that set it running?
Modified by Xircal
Xircal, other Window pains. Thanks for your efforts, but it's pretty useless if you assume everyone is on Windows. I went to the effort to include "Systems Detail" info so this wouldn't happen, to no avail.
Stop being impressed by your own intelligence if it's limited to Windows.
If you really want to help, when someone takes the time to include "Systems Detail" READ "Systems Detail" and don't over geek it and assume everyone is using the same system you are. Seriously. I find this 'tude NOT helpful.
Saves SO much time if you aren't so locked into a system you cant see the forest for the trees. If your answers don't apply to the question, well, they aren't answers.
Do not harass, insult, taunt, provoke, demean, or personally attack other forum members. Be friendly even if others are not.
I have the exact same problem - but through a different google image, hence it says a different web link. I'm also on a macbook pro, so thought it was really strange for it to say WINDOWS Security. It seems to me that this is a virus/malware intended to infect window users but recently has been adapted to Mac's halfway? I'm not sure if it actually affects a Mac though.
Also, after rebooting my macbook and opening Firefox the window no longer pops up. Not sure if it is still there, I can't tell! If you resolve the issue I would be very grateful if you could let me know :) Thanks
What you see is only an animation that is loaded from a server and no real scan. So if you visit a website that is infected with such malware then you see that animation with any OS. Only Windows users will get the malware on their computers if they download and run that .exe file that a download link on such a page gives them.
I too am on Macbook Pro, OS 10.6.7. Happened just a few times weeks ago, that clicking on an image (using Google image search, clicking on image to reach link), suddenly the window shrinks to stamp-size, with same "warning" message as discussed above. But now, even when I first open Firefox, the window is shrunken size to start out with. The previous post seems to say that as a Mac, my OS won't be hurt by this, however I'd like to fix the behavior anyway. I'm not highly technical, but I can follow instructions, so would hugely appreciate if someone could refer me to a step by step fix, or any info, other discussions, etc.
This is not a bug in Firefox. Firefox is doing everything its supposed to do, displaying a web site and running an embedded script, with the possible exception that maybe it should produce modeless (non-blocking) dialogs instead of modal (blocking) dialogs. Other browsers do the same thing.
The problem is with the web site, which displays misleading content trying to make you download and run a probably infected Windows Executable, so if you are on a platform which cannot run Windows .exe's, you probably have nothing to worry about. However this does seem to be some kind of web virus, which infects web sites as opposed to computers, injecting a script into pages causing this misleading animation to pop up.