Skip navigation
This discussion is archived

macsweeper

14629 Views 32 Replies Latest reply: Feb 10, 2008 10:53 AM by RacerX RSS
1 2 3 Previous Next
xxxzombie Calculating status...
Currently Being Moderated
Dec 22, 2007 11:06 AM
i checked my history today after someone used my computer and MacSweeper was found in the history pane. it supposedly scans macs for viruses and it looks quite suspicious.

anyone know what this is?
macbook, Mac OS X (10.5.1), n/a
  • Apple Angel Calculating status...
    Currently Being Moderated
    Dec 25, 2007 12:29 PM (in response to xxxzombie)
    Yes, I used it. Its cleaning tool for Mac, it cleans Universal Binaries, Language files, and some other trash. It also found some strange cookies. I saved more then 5Gb of disk space with it. They promised to release some "Most Wanted" features soon, i hope they will be useful
    MacBook Pro, Mac OS X (10.4.8)
  • ec84 Calculating status...
    Currently Being Moderated
    Dec 25, 2007 7:31 PM (in response to Apple Angel)
    the same thing has been happening to me. i don't know where it came from either but it started today, not too long ago. what happens to me is while i'm browsing whatever webpage i'm on gets automatically directed to this one:

    http://scanner.macsweeper.com/scan.php?landid=2&os=macos&depid=maxc%5Fclr07&cid= 2271&parid=mc%5F346586211

    it "scans" my machine and says its found bad cookies, that my privacy is at stake and what not. then a window pops up and asks me if i want to clear them. if i click on anything it'll try downloading the software.

    how do i get rid of this? it's really annoying. i don't want it and i'd wish it would leave me alone.
    Black MacBook, Mac OS X (10.4.10)
  • Apple Angel Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 25, 2007 7:43 PM (in response to xxxzombie)
    Check what is your home page, strange reaction, this cannot be happening on MacOS. Check your history, perhaps you'll find something interesting there? I downloaded mine by searching some cleaning tool in Google.
    MacBook Pro, Mac OS X (10.4.8)
  • ec84 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 25, 2007 9:28 PM (in response to Apple Angel)
    i didn't find anything in my history. my home page is google but i doubt that has anything to do with anything. i've discovered that these page redirections only occur when i visit a website i frequent. its a message board so i'm constantly clicking to read different threads. it hasn't happened in any other website i've visited. for now, i'm going to assume it's just that website.
    Black MacBook, Mac OS X (10.4.10)
  • Apple Angel Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 26, 2007 5:25 AM (in response to xxxzombie)
    What site was that?
    MacBook Pro, Mac OS X (10.4.8)
  • First Magus Level 6 Level 6 (15,850 points)
    Currently Being Moderated
    Dec 26, 2007 5:30 AM (in response to Apple Angel)
    Apple Angel wrote:
    Check what is your home page, strange reaction, this cannot be happening on MacOS. Check your history, perhaps you'll find something interesting there? I downloaded mine by searching some cleaning tool in Google.


    Yes it can, this is a web page redirect. It has nothing to do with the OS. This is common among the software companies like macsweeper that want you to think you have to have their software to protect you. Usually the software is more obtrusive and meaningless than the redirects.

    Mort
    ✠ BlackBook Core Duo, 2 GB RAM, Wireless Mighty Mouse, Mac OS X (10.5.1), iPod 5G Video, iPod color, iPod 1G Shuffle ✠
  • Anton Rang Level 1 Level 1 (70 points)
    Currently Being Moderated
    Dec 26, 2007 9:50 PM (in response to ec84)
    It's an advertisement ... the web page is loading a JavaScript which is telling the browser to go to the advertising page. You can turn off JavaScript, but that will cause a lot of other web sites not to work. Or you can stop browsing to the web page with the malicious advertising code on it. (Friendster is one that's serving these up this week, but they're coming through some ad network.)

    To turn off JavaScript, go to Safari preferences, click on the Advanced tab, and turn it off. (You'll want to turn it back on eventually.)

    Message was edited by: Anton Rang
    MacBook Pro C2D, iMac C2D, Mac OS X (10.5.1)
  • Jetreader Calculating status...
    Currently Being Moderated
    Dec 27, 2007 5:03 AM (in response to Apple Angel)
    Would you say then that this is a good utility? The same thing happened to me as to "ec84" (and I don't even remember what site). I went ahead and downloaded the DMG, but I wanted to check around before I installed it.

    Jetreader



    "Yes, I used it. Its cleaning tool for Mac, it cleans Universal Binaries, Language files, and some other trash. It also found some strange cookies. I saved more then 5Gb of disk space with it. They promised to release some "Most Wanted" features soon, i hope they will be useful "
    PowerBook G4, Mac OS X (10.4.11), Processor: 1.67 GHz PowerPC G4; Memory: 1 GB SDRAM
  • JoeyR Level 6 Level 6 (8,275 points)
    Currently Being Moderated
    Dec 27, 2007 5:33 AM (in response to xxxzombie)
    Quite frankly, I would NEVER use a utility from a company that uses these tactics. Anyone that goes to the site linked will get the same results. It's basically just playing a video... it's not an actual scan (a thorough scan would take much more than a few seconds). If you feel you need an antivirus program (most of us using Macs are comfortable without one), you should make sure it is from a reputable vendor. About the only way to get a virus or malware on your Mac is to install an application from a source you're not familiar with. I am not familiar with this product... but the simple fact that they try to trick people into thinking they have a problem is enough for me to have concern and to stay far away from it.
    Core Duo BlackBook - SR MBP - 8GB Gen 2 & 3 Nanos, Mac OS X (10.5.1)
  • RacerX Level 2 Level 2 (170 points)
    Currently Being Moderated
    Jan 15, 2008 3:09 PM (in response to xxxzombie)
    According to the latest news on this, you want to avoid this "software" like the plague. It appears that this may be a malicious app that is being unleashed using scare tactics. The scans are a joke as are the results as it is flagging language files as being suspect of privacy concerns!?!?
    MacBook 2.0Ghz, 2GB RAM, 160GB HD., Mac OS X (10.5.1), LG GSA-H22L LightScribe 18x Ext
  • gaberdine mac Level 1 Level 1 (30 points)
    Currently Being Moderated
    Jan 16, 2008 3:23 AM (in response to xxxzombie)
    This sounds like a Mac version of the infamous MalwareAlarm rogue software which uses clever web pages to trick you into downloading it. Though the rogue software is real, the online scan is not.

    http://discussions.apple.com/thread.jspa?messageID=6212617

    http://forums.macrumors.com/showthread.php?t=406930

    The MalwareAlarm scam works by browser redirection, starting with a legitimate site that has been hacked - as happened to 123greetings.com over Christmas and New Year. In that instance the web page runs a flash animation that only looks like a virus scan in operation - and claims to find malicious .exe files and Windows Trojans. If you don't run Windows XP you are unlikely to be fooled for long, though the browser alert that demands a response from the user is a bit alarming.

    http://forums.macrumors.com//showthread.php?p=4714181#post4714181 (scroll down for picture)

    Reports that even Windows users see the MacSweeper scan finding Mac files on their system pretty much confirm that this web page only appears to be running a scan. Personally, I don't believe the reports of drive-by downloads with no user intervention. The main thing is to click CANCEL when the alert window pops up and not hit RETURN which actually OKs the download.

    However, even when you click CANCEL, the *fake scanner webpage* may run an animation that looks like it is scanning you or downloading software or something. Don't be fooled by this - just close the page or quit your browser and make a cup of tea.

    Chances are, this is merely a combination of website hacking and social engineering. Once again: though the rogue software may be real, the online scan is not. If you never downloaded the software but keep getting redirected to the scanner page when visiting certain web page it almost certainly means those pages have been compromised, *not your Mac*...

    This is no biggie for alert Mac users; just pay attention to what you are doing online and warn webmasters when their page has been hacked to redirect you to the fake scanner page.

    Unless some dunderhead OK's the download I would say Mac users still have very little to worry about - Chillax!

    Message was edited by: gaberdine mac
    12" iBook G4 1.33 80GB, 1gig RAM (upgrade from my 12" Powerbook G4 1.5GHz!), Mac OS X (10.4.9), ... and half a bottle of Laphroaig.
  • Joe Co Level 1 Level 1 (130 points)
    Currently Being Moderated
    Jan 16, 2008 10:36 AM (in response to gaberdine mac)
    You're pretty much right, but it DOES force the download, as there's no "cancel" button on the JavaScript alert (just an OK button).

    So the DMG file does download regardless, though Safari does give the "this download is an application, are you sure" warning/confirmation dialogue when it's downloaded.

    It still requires user interaction to install, and there is a warning about doing so, but it is still a worrying development that this sort of thing is now being seen targetting Macs.
    Power Mac G4 1.5Ghz (OWC Upgrade), Mac OS X (10.4.6), 1gb RAM
  • SharonF Calculating status...
    Currently Being Moderated
    Jan 16, 2008 7:12 PM (in response to Joe Co)
    I'm a new-ish Mac user and was a long time Windows user. Based on that experience, I want to add something to this thread.

    Do not click on anything on that page except the red "close window" buttons.

    Clicking on anything else will cause a forced download (that's how the page author has programmed the clickable buttons within the page).

    Thankfully and due to the Mac OS X platform, the download shouldn't be able to install without the user initiating it. As an extra precaution, may want to turn off the Safari option to open downloaded files. Executable programs should fall outside the scope of the default setting (automatically open safe files) but it sure wouldn't hurt to change that setting.
    15" MacBook Pro, Mac OS X (10.4.10), 2GB RAM/90GB Free Space
1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.