HELP- Registry Virus?

Discussion in 'macOS' started by brittnae1986, May 9, 2008.

  1. brittnae1986 macrumors newbie

    Joined:
    Apr 23, 2008
    #1
    :confused:

    Okay, first of all I'm a novice to any sort of virus on a mac. I know pc's have to reformat quite a bit...

    This is what happened

    For the last couple of weeks while using Safari web browser I would occasionally get this weird message that looked official from my OS system about safari needing to have an anti-virus program installed..because they detected a threat. I couuld click "go to" or "close" or quit or whatever.

    When the message would pop up...it looks identical to ANY macintosh OS system message...and it minimizes your current safari browser window to a half inch in the upper left corner.

    The first two times it happened i force quit Safari....the third time i examined it all over and figured.."Okay it must be a mac message" and clicked "CLOSE", however, when i did it sent me to this site and the browswer window showed me a blue and red very jouvenile looking site with a bar "Scanning" or "Downloading" something in the middle with a percent of time left and wanted me to wait till it was finished (*keep in mind my download manager window never popped up!! this was all contained in the browser*) I immediately clicked the window closed, quit safari and disconnected my net connection...than shut off my airport. :/ :(

    What i was told by someone who had something similar happen is that it is a registry virus that downloads something to your computer and.......thats all i know.

    Is this easy/possible to happen on a mac? If so how do i know? What *IS* a registry virus?

    Can anyone give me any information?! I don't even know what to watch for...if they want my bank account lol...have fun with my $50 :p

    Oy :( People need to put their brains towards something far more useful than virus making...
     
  2. netnothing macrumors 68040

    netnothing

    Joined:
    Mar 13, 2007
    Location:
    NH
    #2
    Sounds like just a bad site using Javascript to try to get you to install something.

    First off, Mac's don't have a Registry like Windows does. So no worries there.

    Does this happen when you go to a particular site?

    -Kevin
     
  3. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #3
    Oh thank heavens...at least i know it's not wiping out my hard drive as we speak :/ The girl who owns the pc had me completely freaked out. She's got this person running around with my bank account in my brain.

    Yup, it happens when i'm using evil myspace the most...also i think when i'm on my guilty pleasure (neopets--please don't judge me lol) the weird part is..since that happened and i clicked "close" and that weird site popped up...i haven't had it happen since. I have always had Block pop-up windows marked on safari (which sometimes doesn't seem to help lol) and i'm trying to switch over to firefox, but i do prefer the visual look of safari more :/

    But like i said i checked my download manager which doesnt show any record of anything downloading and the name of whatever site it brought me to i tried to find in my finder search tool and didnt come up with anything....i'm just hoping its not underneath my os system lurking in the dos corners or what-have-you.

    what i'm really hoping is...that mac's are smart enough to block whatever this was that happened from entering into my system. Though it was odd to see a mac os x looking message box pop up and it be completely fake. :/ that's disconcerting...but you think that was a sneaky javascript? to create a window that looks like a mac os message?
     
  4. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #4
    Social engineering is only as effective as the delivery.

    Don't click or believe everything you see on the internet. This is regardless of the operating system.
     
  5. netnothing macrumors 68040

    netnothing

    Joined:
    Mar 13, 2007
    Location:
    NH
    #5
    Good news is the upcoming Firefox 3, has a more OS X/Safari look to it.

    Popup blocking doesn't always work....even I get some Macbook Air Ads from time to time (maybe it's Steve Jobs trying to tell me something :p)

    You can make any window look like any OS....and they can tell you are on a Mac by the User Agent string that's sent from the browser.

    The best ones for me are the ones that aren't smart enough to check to see if I'm on a Mac or not, and they popup a Vista looking box that says my Registry is corrupt and I need to scan now. Those are the lazy spammers! At least check to see which OS I'm running.

    No matter what, never ever enter your Admin password if any webpage asks for it.

    -Kevin
     
  6. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #6
    OS X has NO registry. OS X has NO viruses at this time.

    The scammers would do anything to get you to click on something, for example, a web site can pop up OS specific windows as part of their code, message such as:

    "your computer is infected with virus, click here for anti-virus" or what not. Typically they make it so that whatever you choose, you will click on their link. It's certainly a virus or something malicious, but IT DOES NOT WORK ON A MAC.

    Solution: do not go on sites that have those type of pop ups. If it's myspace, you might want to report the user.
     
  7. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #7
    Thanks for the advice. Unfortunately i thought it was a direct safari message coming from my OS system. :p Evil evil gits. I should've known though when it minimized my browser window into the corner....mac just overlays the message..it doesnt close your opened windows up. :/ :( what i'm most annoyed with is that i didn't trust it the first two times...why did i try to click it the third?

    Oh good news indeed about firefox 3. Any word on when it will be out? I wouldn't mind using firefox since it has more options, but the look does hold me back as silly as that sounds.

    So when it looked at my "User agent String" it identified my browser and sent me a message according to that browser? It even had the pic of the safari compass thing in the left corner of the message. :/ No i wouldn't ever enter my admin on annnnything on the net.
     
  8. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #8
    FireFox 3 Beta 5 is out and I haven't had a single problem with it.

    You are correct with the user agent string identification.

    http://forums.macrumors.com/showthread.php?t=475478
     
  9. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #9

    Yes, that's exactly what happened. It said Safari has detected something and may be running poorly due to a virus detected. (which my safari *has* been running poorly...though that could be from only having 1GB of space left on my laptop :p) Okay, so good to know...good to know. I have no idea how to report it since i was so freaked out it sent me to a site when i clicked the message window "closed" that i didn't take long to read the link...i just noticed the poorly designed website and the vibrant color choices with a bar smack dab in the middle of the page giving me a percent of somethin it was doing. :/ didn't want to stick around to see that bar fill up.

    So mac's have something desgined to block this virus? Good. so there is no known virus for mac os x? Impressive.
     
  10. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #10
    There's nothing special. Keep in mind you're running as an administrator as your default account after setup. Safari is also set to open "safe" files after downloading the by default. ;)

    Try doing some damage as a limited user an any operating system.
     
  11. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #11
    Don't worry macs don't have a "registry". It's sort of like "Yes termites are bad but you live in a brick house." Don't worry to much about registry virus or termites.
     
  12. MacAficionado macrumors 6502

    Joined:
    Oct 5, 2002
    Location:
    An awesome place
    #12
    Are you sure it wasn't a pop-up? Are you blocking those? Maybe the Pop-up re-sized your window.

    It sure does not sound like an "official" Mac OS message. Can you post a screenshot?
     
  13. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #13
    Oooo.....I like it so much better already!!! Love it so much more. It looks more like the other programs in Mac like iTunes and what not. Very nice. Only thing is with the beta test it doesn't have my "Quick Zoom" application yet, but thats okie. Thanks, Eldorian and Kevin and...Consultant person.
     
  14. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #14
    If I see the message pop-up again (*fingers crossed it wont happen*) than I'll take a screen capture of it to post here for everyone to see. Honestly the message box was impressive. It really did look like a mac message box...honest-to-goodness..and i've been a mac user for generations and been on os x since the start of it...--i've just never seen one of these trick site things targeted on mac software before (usually it's a pc attack which obviously is a fake).....but it had the right font, the safari logo on the left, even the pulsating blue gel look to the button it felt was dominant for you to choose... (you know what i mean), but like i said the fact that the browser window minimized should've been my clue. No program gets minimized in a mac to show you the message window :/ Just that it kept happening.....and i figured clicking "close" should make it go away :p

    But if it happens i'll be sure to screen capture it for you all.
     
  15. brittnae1986 thread starter macrumors newbie

    Joined:
    Apr 23, 2008
    #15
    p.s. yup, i do have my 'block pop-up windows' checked on in safari
     

Share This Page