TK

UPDATED Chrome/random malware warnings & other site issues

Recommended Posts

ALL-

 

PSA time here.

 

We're already aware of these random issues & looking into it. No need to keep sending PMs.  :)

 

 

  • Like 1
  • Thanks 5

Share this post


Link to post
Share on other sites

From Invision:

Quote

I visited the site and checked the source of the page, and cannot find any reference to sso.anbtr.com in the page source code. I then searched for the thread in question and ended up at this page:

http://es.redskins.com/topic/425834-the-official-clean-house-thread-lay-out-your-plan-for-the-future-here/?tab=comments#comment-11403385

Which also does not reference the domain you mentioned.

 

In performing a quick google search, I believe you may have something installed on your computer which causes this. I would recommend using Google to look up "sso.anbtr.com" and then reading up. There are malware programs you can use to remove this program (which appears to be part of normal ad-supported bundling for other applications, but indeed can track you and can cause unwanted redirects in your browser).

https://www.2-spyware.com/remove-sso-anbtr-com-malware.html

 

Share this post


Link to post
Share on other sites

Invision is incorrect here in their findings that this is just a Chrome issue. I have tried it on Firefox and you get the message that the header is infected. Chrome won't load the header as you are aware. I have tried on multiple computers at home and even remote into a computer at my office and same thing. This is also true of the header not loading in Edge and in IE 11 it loads the secure contents only and gives you a warning below about the non-secure contents were not loaded. 

 

The Edge and Chrome was tried on a new PC that is not even being used by a user yet so you can eliminate that you have something on your computer. The various computers I tried on had different anti-virus software installed on it so that is not the issue as well. 

 

As a seasoned IT guy I try all relevant browsers that I have access to and take it a step further when trying to troubleshoot an issue. :)

 

 

 

Edited by zskins
  • Like 4

Share this post


Link to post
Share on other sites

You can load the header and footer in Firefox by disabling the blocked or non-secure contents. Not recommend though. This is what it looks like if you do disable. So the issue is in the header or an image in the header that is throwing up the non-secure message. 

 

es header.jpg

 

I thing I noticed is that when you click on MY ACCOUNT it takes you to https://oss.ticketmaster.com/html/home.htmI?team=redskins&l=EN&STAGE=1?icampaign=homepage_hotlink_clubseats

 

Not sure if that is normal or it should take me to My ES Account instead. 

 

HAIL!

 

 

 

 

Edited by zskins

Share this post


Link to post
Share on other sites
1 hour ago, zskins said:

Invision is incorrect here in their findings that this is just a Chrome issue. I have tried it on Firefox and you get the message that the header is infected. Chrome won't load the header as you are aware. I have tried on multiple computers at home and even remote into a computer at my office and same thing. This is also true of the header not loading in Edge and in IE 11 it loads the secure contents only and gives you a warning below about the non-secure contents were not loaded. 

 

The Edge and Chrome was tried on a new PC that is not even being used by a user yet so you can eliminate that you have something on your computer. The various computers I tried on had different anti-virus software installed on it so that is not the issue as well. 

 

As a seasoned IT guy I try all relevant browsers that I have access to and take it a step further when trying to troubleshoot an issue. :)

 

 

 

I have tried several browsers on several browsers and devices as well and am finding the same thing.  Even on Safari, the header is not loading correctly.  I have tried Chromebooks,Windows 10, Windows 8, and Windows 7 devices using Chrome, Firefox, Explorer, Edge, and opera.

Share this post


Link to post
Share on other sites

Yeah, it's not just a Chrome issue. That seems like a canned response. I also run Malwarebytes on both PCs I've seen this on. It always seems to catch and block any sort of weird browser redirections, and other nefarious stuff like that. It blocked outbound communication a couple of days ago when I did an image search, and I didn't even open the image, I just expanded the view of it on the page of images that Google spit out. I only mention that because I haven't seen MBAM block anything here. I just get that warning page when initially coming here, or maybe when bouncing between threads.  I'm not really a web guy, but I am curious as to why that particular lay out your plan thread, is "the thread in question", in that person's response. Maybe there's some sort of malicious attempted linking going on with an image in that thread? I know that doesn't really make sense though. I've been in that thread once, maybe twice. Seems like something at the root level of the site.

 

Oh, and just noticed the https up there in the URL. Nice.

 

Edited by SoulSkin

Share this post


Link to post
Share on other sites

Initial reaction was this might be XSS.  The malware scan might might need to be done on the server itself, not our clients.  If we're all seeing the same malware warning only when we go here versus other sites...

 

This looks like PUP, are we sure the VM es sits on isn't giving this to people that come here?  What has IT team for Redskins said about backend of the VM itself?  

Edited by Renegade7

Share this post


Link to post
Share on other sites

Same thing for me using FF or Chrome as mentioned by @zskins. If I want to get a normal page display I have to disable the blocked non-secure contents, problem is that everytime I go back to ES I have to re-disable it. My account leads me to https://am.ticketmaster.com/redskins/

Edited by FrFan

Share this post


Link to post
Share on other sites

I don't know if this helps but this is what my header looks like. Could the first "Loading..." message be where the problem is, because it never actually loads.  Also, the Redskins.com footer doesn't format correctly either.

 

 

Redskins.com Home Page
Redskins.com Home Page
 
My Account
 
 
News
Videos
Photos
Team
Schedule
Tickets
Cheer
FedExField
Shop
More
 
         Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Edited by London Kev
  • Like 4

Share this post


Link to post
Share on other sites

Same stuff as @London Kev for me. Happens on different browsers and comps.

 

I'll add also that forum is not centered on the page anymore and stuck to the left.

 

Weird thing is that it doesn't happen at all on my mobile. It is just working fine on it.

  • Like 1

Share this post


Link to post
Share on other sites
11 minutes ago, Rdskns2000 said:

Well, since Snyder owns the site; I blame him.

You're not helping, so kindly sit there & shut up. :) 

 

@zskins @Renegade7

 

Agreed that Invision is wrong here. It's not a browser issue. I've even downloaded & installed REIMAGE from the page they mentioned. 1) it didn't find any malware. Neither did Malwarebytes. 2) it also wants you to buy the damn program in order to do any "cleaning" of junk files. I'm starting to think it's something (maybe a link or attachment) in that thread...

  • Like 1
  • Thanks 1
  • Haha 1

Share this post


Link to post
Share on other sites

I'm glad you guys chimed in---I saw TK's post with the invisions guy's take a coupe hours after he made it, but upon reading it, it didn't even make sense per the "facts on the ground."  Plus when you follow the invisons guy's suggestion you wonder if he has a clue---you do the search he suggests and you get the same warning screen that's part of the original complaint on non-infected systems, plus when you follow the guy's removal tool link, the instructions there seemed ridiculous and you risk turning your system over to yet another unknown quantity and it's a headache just reading the process for using the "tool", let along how it might work. But I'm the one always pointing out I'm not an IT guy so I just avoided the site for a bit and waited to see if it became evident that other more IT savvy folks checked in on that response. Typically, I'd ask some sources I have on this stuff @ UW or other places, but my sources are on vacation. :ols:

 

I'm not going for being an ass, but that response from the invision guy seemed pretty sad--he basically "googled" as his main troubleshoot it seems---and his contribution was about as low in 'helpful" as I'd rank such if it were xfifntiy asking me for feedback on a customer support issue.  TK already does a bunch of "IT" stuff for routine operation of the site but he can't do it all, especially this kind of heavy lifting.

 

(added, and i just see tk posted again right before this, but i'll leave this anyway---thanks again to our members for helping)

  • Like 4
  • Thanks 1

Share this post


Link to post
Share on other sites

@Jumbo @ TK,

 

 thanks to both of you for doing what you can on this, there are many of us ESers who are not IT-savvy, and its good to know you guys care.

 

 It just sucks that there are people out there with nothing better to do than screw up other peoples' lives by way of computer viruses etc, I wish they would give the death penalty to anyone caught doing things like this.

  • Like 3

Share this post


Link to post
Share on other sites

There's clearly a javascript error when loading the pages so as someone who writes javascript all day as their full time job, I'd say that could possibly be the culprit.  When there is a javascript error that isn't correctly handled, it basically short circuits the rest of the code being executed afterwards.

 

And to be clear, I'm referring to the formatting being all jacked up, not necessarily anything to do with malware.

 

PKpgsHW.png

 

jDX7Mba.png

Edited by purbeast
  • Like 2

Share this post


Link to post
Share on other sites
39 minutes ago, purbeast said:

There's clearly a javascript error when loading the pages so as someone who writes javascript all day as their full time job, I'd say that could possibly be the culprit.  When there is a javascript error that isn't correctly handled, it basically short circuits the rest of the code being executed afterwards.

 

And to be clear, I'm referring to the formatting being all jacked up, not necessarily anything to do with malware.

 

PKpgsHW.png

Already know what's causing the formatting issue, just waiting on something to be approved.

  • Like 4

Share this post


Link to post
Share on other sites

Still getting malware screens that won't let me open half the threads on the site. Over a week now. I see this thread says updates, but it seems to be more about the menus at the top. Is no one else seeing the malware warnings anymore?

 

~Bang

  • Like 1

Share this post


Link to post
Share on other sites
17 minutes ago, Bang said:

Still getting malware screens that won't let me open half the threads on the site. Over a week now. I see this thread says updates, but it seems to be more about the menus at the top. Is no one else seeing the malware warnings anymore?

 

~Bang

 

Yeah, my "big scary red screen" warnings are getting more numerous. Also my Norton Security software has started to warn me that it is preventing malicious attack attempts.

It's only happening on this site and for some reason it's only happening on certain pages in a thread, the rest of the thread appears unaffected.

  • Like 2

Share this post


Link to post
Share on other sites
38 minutes ago, London Kev said:

 

Yeah, my "big scary red screen" warnings are getting more numerous. Also my Norton Security software has started to warn me that it is preventing malicious attack attempts.

It's only happening on this site and for some reason it's only happening on certain pages in a thread, the rest of the thread appears unaffected.

the "rooskies' thread in Tailgate will not allow me to open the final page anymore. today the 'owned thread" did the same thing,, and the rest seem spotty. It shows another domain as the root.

 

I am sure the mods know, but it's odd it is still going and no mentions.

 

~Bang

  • Like 2

Share this post


Link to post
Share on other sites

You guys are all correct---obviously TK is doing what he can and then it's up to what support we can get from team/invision after that (there's a punch line waiting to be delivered there), but I think it's a good idea to leave this open for members if only to process anxiety and maybe even receive a useful tip/solution or just become more informed via our members.

 

fwiw--I have several machines in play regarding this: one has extensive security and shows no infections----very high confidence----though it's seen dozens of those warning screens by now---and one older desktop I tried deliberately here since it has only avira free and superantispyware free which are pretty basic but it shows no infections yet either even after a similar or greater number of  warning screens. Again, just fwiw. In the meantime, I always advise paranoia with your internet security. 

 

 

It seemed rather fitting to me that the team's official site should become malware infected as the franchise continues on its course as a perpetual cesspool of fail while finding ever lower bottoms to reach.

 

 

  • Like 2
  • Haha 4

Share this post


Link to post
Share on other sites

I think renegade is on the right track with XSS. Maybe a XSS vulnerability scan will reveal something. 

  • Like 1

Share this post


Link to post
Share on other sites

I was PM'd a link to this page

 

& a screen shot of the warning screen. However I'm getting nothing when I open that one. 

Share this post


Link to post
Share on other sites
1 hour ago, TK said:

I was PM'd a link to this page

 

& a screen shot of the warning screen. However I'm getting nothing when I open that one. 

 

I clicked on the link to check. Didn't get the red screen malware warning but Norton did warn of an attempted attack.

 

When I clicked on it a second time, I did get the red screen malware warning (and the Norton warning).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.