Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rating: Thread Rating: 2 votes, 5.00 average. Display Modes
Old 11-11-2007, 05:35 AM   #1
AuntEmma
Prospect
 
Join Date: May 2007
Posts: 6
"Performance Optimizer" malware?

It has happened to me three times on a mac g5,
all firefox windows disappear and the box appears with this:

This page @ http://performanceoptimizer. com says:
Notice errors in your PC can cause data loss, hardware
or software failure and perfomance fall
Istall performance optimizer to fix errors, monitor
changes and maintain pc stability!

There is a firefox logo in the box, and the scan
starts regardless of what I do. Last night I had
to force quit. Just now I was able to turn off the
internet, quit firefox and I am using safari now.

After a search, I read that this is a PC target problem.
Do I need to address this if I am not using a pc?
and if so how? I am using safari now and it hasn't
happened again, can it be firefox only?
(ps I have just recently gone to scrabulous game site,
but downloaded nothing just played a few games, and
have not added anything or downloaded anything recently.)

Thank you for any advice. I am not advanced or experienced
in the deep parts of my mac.
Thank you.
AuntEmma is offline   Reply With Quote
Old 11-11-2007, 09:38 AM   #2
JDV
Hall of Famer
 
Join Date: Sep 2004
Location: Chicago, Illinois
Posts: 3,191
I expect it was doing nothing at all except perhaps running a simulation, so no real scan was taking place. You should be able to close that window by clicking the red button. I visited that site using a PC running FireFox, and while it wishes to sell me their product, no simulation began, so it is likely just a pop-up ad associated with some site that you visited related to the product. Clearly, it can't do anything for your Mac, but I think it is an annoyance, not malware, though sometimes that difference is fuzzy.

Joe VanZandt
JDV is offline   Reply With Quote
Old 11-11-2007, 09:44 AM   #3
appleman_design
Hall of Famer
 
Join Date: Apr 2004
Posts: 2,550
unless you have directX under PPC, it was a ad banner.
appleman_design is offline   Reply With Quote
Old 11-11-2007, 10:22 AM   #4
AuntEmma
Prospect
 
Join Date: May 2007
Posts: 6
Thank you. I don't know what directX or PPC mean so I will assume I don't have them.
Again, Thanks!
AuntEmma is offline   Reply With Quote
Old 11-11-2007, 12:03 PM   #5
ThreeDee
Hall of Famer
 
Join Date: Aug 2005
Location: USA
Posts: 3,418
By the way, I think you would benefit from using AdBlock Plus, a multi-purpose ad and script blocker for Firefox.

After installing the add-on, just select the "EasyList" subscription, a automatically updated list of known internet ads, and browse the web 99.9% ad free!
__________________
15" MacBook Pro (Mid 2010), 2.4 GHz Core i5, 10.6.5, 4GB RAM
PowerMac G4 "Quicksilver", 733 MHz, 10.4.11, 1.5GB RAM

iPod Touch 5G, 32GB, iOS 6.1.3

Last edited by ThreeDee; 11-11-2007 at 01:40 PM.
ThreeDee is offline   Reply With Quote
Old 11-11-2007, 12:04 PM   #6
trevor
Moderator
 
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,841
Quote:
Thank you. I don't know what directX or PPC mean so I will assume I don't have them.

AuntEmma,

PPC is a family of computer processor chips. You mentioned that you have a G5. The G5 is a processor in the PPC family, as is the G4, G3, etc. Newer Macs use Intel chips, which are not part of the PPC family.

Since you have a G5, you have a PPC.

DirectX is a set of application programming interfaces (APIs) that Microsoft wrote. They are used for games and for multimedia.

However, I suspect that the Microsoft technology that appleman_design was thinking of was not DirectX, but ActiveX.

ActiveX is a buggy, poorly implemented, and extremely insecure technology for developing reusable software components. That may be a bit hard to understand, so I'll try to explain further. The part of ActiveX that we are worried about here are something called ActiveX Controls. ActiveX Controls are little programs that anyone can write that are downloaded as you use Microsoft Internet Explorer that can take full control over your computer and do anything that the writer wants.

Does this sound scary and insecure? That's because it is. Microsoft's typical way of implementing programs is to make something horribly insecure, then try to put band-aids over the security holes. So they did, with a badly-implemented 'registration and signing' protocol.

The good news? ActiveX has an old outdated version that is present in Internet Explorer for Mac, but other than that does not run on Macs at all. As you were using Firefox, not Internet Explorer for Mac, you don't have to worry about ActiveX Controls from malicious people taking over your computer.

Trevor
trevor is offline   Reply With Quote
Old 11-11-2007, 12:22 PM   #7
JDV
Hall of Famer
 
Join Date: Sep 2004
Location: Chicago, Illinois
Posts: 3,191
PPC is the acronym for PowerPC, the sort of chip Apple was using prior to the introduction of the Intel-based Macs. DirectX is a protocol used primarily by Windows machines for video manipulation but is generally not implemented on non-Intel Mac at all. The consensus is: you're not being attacked, only annoyed.

Joe VanZandt
JDV is offline   Reply With Quote
Old 11-11-2007, 12:51 PM   #8
rusto
MVP
 
Join Date: Jan 2002
Location: Boston, MA
Posts: 1,487
Using Safari, I just got redirected from a (until now) friendly website to the Performance Optimizer page. I think it's using Java to shrink your existing browser window down very small and then puts up this dialog box:



in the hopes that you get scared and click "Ok". If you hit "Cancel", this page opens up:



With an animated progress bar simulating a scan. The whole lower left portion of the page is a link to download and install (on a PC, I presume) some kind of application.

It seems to be a known quantity among the usual security experts:

Sophos

Computer Associates

Symantec
__________________
:: 3.4GHz Core i7 iMac 4GB RAM :: Black MacBook SR :: 10.7.2 :: iPhone 4 / iOS 5 ::

Last edited by rusto; 11-11-2007 at 01:31 PM. Reason: added text indicating which browser I was using
rusto is offline   Reply With Quote
Old 11-11-2007, 01:29 PM   #9
rusto
MVP
 
Join Date: Jan 2002
Location: Boston, MA
Posts: 1,487
Note that although the application this hijack page attempts to install does not affect Macs, it does set a bunch of cookies.
__________________
:: 3.4GHz Core i7 iMac 4GB RAM :: Black MacBook SR :: 10.7.2 :: iPhone 4 / iOS 5 ::
rusto is offline   Reply With Quote
Old 11-11-2007, 02:06 PM   #10
Las_Vegas
League Commissioner
 
Join Date: Sep 2004
Location: Las Vegas
Posts: 5,875
The whole thing's fake. It's a ad to try to convince you that you need their software. Turn on whatever pop-up blocker you have available to avoid the intrusion in the future.
__________________
Las_Vegas

-- Ts'i mahnu uterna ot twan ot geifur hingts uto.
-- Sometimes I wonder… Why is that Frisbee getting Larger? …and then it hits me.
-- Disposable thumbs make me specialer than most animals…
Las_Vegas is offline   Reply With Quote
Old 11-11-2007, 02:17 PM   #11
rusto
MVP
 
Join Date: Jan 2002
Location: Boston, MA
Posts: 1,487
Sarari's pop-up blocker failed to keep this one at bay.
__________________
:: 3.4GHz Core i7 iMac 4GB RAM :: Black MacBook SR :: 10.7.2 :: iPhone 4 / iOS 5 ::
rusto is offline   Reply With Quote
Old 11-11-2007, 04:41 PM   #12
trevor
Moderator
 
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,841
Quote:
Originally Posted by rusto
Using Safari, I just got redirected from a (until now) friendly website to the Performance Optimizer page. I think it's using Java to shrink your existing browser window down very small and then puts up this dialog box:

Hi rusto,

What page was this on? I'd like to check the mechanism that it uses.

Going to the http://performanceoptimizer.com site doesn't result in any of this, just a lame ad for the product.

Trevor
trevor is offline   Reply With Quote
Old 12-14-2007, 09:45 AM   #13
4wheelz
Registered User
 
Join Date: Dec 2007
Posts: 1
Quote:
Originally Posted by trevor
Hi rusto,

What page was this on? I'd like to check the mechanism that it uses.

Going to the http://performanceoptimizer.com site doesn't result in any of this, just a lame ad for the product.

Trevor

Drawn in to this thread trying to solve the same "problem" on my mother's computer. She had excite.com as her homepage, was getting this regularly but not consistently, guess they rotate their ads.

I've sold her on google as a homepage as a quasi-fix. Still working on convincing her that with ads like this, Excite seems to be going the way of the Edsel. If anyone finds a way of blocking this nonsense, I'm interested. She's using firefox on a PC, by the way, so the absurd ad style works across the board.
4wheelz is offline   Reply With Quote
Old 01-10-2008, 07:16 PM   #14
sewrite
Registered User
 
Join Date: Jan 2008
Posts: 1
I'm getting it too

Mine looks almost exactly like the screen capture posted by Rusto on 11/11/07, the one with the Safari logo. Only mine takes me to http://scanner2.malware-scan.com (regardless of whether I click Cancel or OK).
The pop-up message reads: NOTICE: If your computer has been running slower than normal, it may be infected with Viruses, Adware or Spyware. MalwareAlarm will perform a quick and completely FREE scan of your system for malicious programs. Dowload MalwareAlarm for FREE now!

Notice that this is not your usual pop-up window with a red button that you can close. Rather it looks like the window that you get with an error message from the system, i.e. "Safari has unexpectedly quit...". There's no way to get rid of it without clicking it somehow, or force quitting Safari. When it comes up, all the other Safari windows completely disappear -- they are not made smaller or hidden as was suggested above.

Trevor, the 3 or 4 times I've gotten it, I was on a game site (playing online), either crystalsquid.com or games.com or gamehouse.com. It's really annoying to have your game killed by this thing!

Does anyone know a way to prevent this (as the usual pop-up blocker is not working), other than staying off those sites?
sewrite is offline   Reply With Quote
Old 01-27-2008, 01:21 PM   #15
Kuroyume
Prospect
 
Join Date: Feb 2006
Posts: 14
Just a quip or two: Firefox does not use ActiveX (only Internet Explorer, which I never use). This little ad popup bugger appears to be more than a 'Windoze' exploit considering that people are getting it in Firefox both on Mac and Windows and even using Safari (far away from Windows and ActiveX).

Sorry, but: Welcome to the rest of the world, Mac users! The internet and Mac's growing popularity invite you to the fun we Windoze users have had for years. (Yes, I use both.)

I'm thinking of going to the site again and offering my lawyer their services for a lawsuit. Hijacking a browser is illegal.
Kuroyume is offline   Reply With Quote
Old 01-27-2008, 01:39 PM   #16
cwtnospam
League Commissioner
 
Join Date: Jan 2005
Posts: 8,475
Quote:
Originally Posted by Kuroyume
This little ad popup bugger appears to be more than a 'Windoze' exploit considering that people are getting it in Firefox both on Mac and Windows and even using Safari (far away from Windows and ActiveX).

Huh? I can't find anything in it that doesn't scream Windows. There's no reason to think it can do anything to a Mac just because the Mac can see the page!
cwtnospam is offline   Reply With Quote
Old 01-27-2008, 04:25 PM   #17
ThreeDee
Hall of Famer
 
Join Date: Aug 2005
Location: USA
Posts: 3,418
All the site does is uses some Javascript to close some windows, and then display an alert message. Nothing there is harmful (unless you are on a PC and actually download the program), although it may interrupt whatever page you are currently viewing.

It's not a security hole, ActiveX, virus, or anything else!
__________________
15" MacBook Pro (Mid 2010), 2.4 GHz Core i5, 10.6.5, 4GB RAM
PowerMac G4 "Quicksilver", 733 MHz, 10.4.11, 1.5GB RAM

iPod Touch 5G, 32GB, iOS 6.1.3
ThreeDee is offline   Reply With Quote
Old 01-28-2008, 12:29 AM   #18
Hal Itosis
Hall of Famer
 
Join Date: Apr 2002
Posts: 3,315
Sometimes such things are "harmless" (money-making) scams:
Anyone heard of MacSweeper.com
...and sometimes they're more than that:
Funny Goings On!!

Analysis of virus distribution

The Russian Business Network
-HI-
Hal Itosis is offline   Reply With Quote
Old 05-11-2008, 05:50 AM   #19
gthing
Triple-A Player
 
Join Date: Oct 2006
Posts: 66
I just got this on (I think) a college humor page - although it may have sat dormant on some other tab I had opened and just sprung to action. It was very bizarre - I've never seen anything quite like it.

It also broke my browser window. Now my tabs are all cut off at the top and I can't see what they say anymore.

Here's the page that I think did it to me, although I can't reproduce it: http://www.collegehumor.com/picture:1811969

and nobody else on this page seems to have reported it: http://digg.com/comedy/If_you_look_o...see_a_That_Guy

Which makes it even weirder.
gthing is offline   Reply With Quote
Old 05-11-2008, 01:36 PM   #20
ThreeDee
Hall of Famer
 
Join Date: Aug 2005
Location: USA
Posts: 3,418
If you are using Firefox, simply install AdBlock Plus and choose to subscribe to the "EasyList" blocklist. Then 99.9% of all these dumb ads will be blocked.

You can use PithHelmet or AdSubtract CSS or SafariBlock if you use Safari.

Camino has it's own built-in blocklist in the prefs.

For everything else, there's Bfilter.
__________________
15" MacBook Pro (Mid 2010), 2.4 GHz Core i5, 10.6.5, 4GB RAM
PowerMac G4 "Quicksilver", 733 MHz, 10.4.11, 1.5GB RAM

iPod Touch 5G, 32GB, iOS 6.1.3
ThreeDee is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 06:56 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.