1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pop Up Problem

Discussion in 'Website Help, Feedback & Suggestions' started by Technical Coach, Jun 19, 2014.

  1. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    @Dan not sure if you are aware of a pop up occurring straight after log in about some recommended update, the website seems to vary also in the address bar.(i just close and ignore it)

    I did take a screen shot if it is necessary.
     
  2. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    Yeah i know just thought it was a security issue or keylogger that members should be aware of only been happening recently.(Using Firefox)

    I'm pretty cautious with my surfing habits so doubt i have a virus but it might be on my end for all i know.
     
  3. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    hmm not happening for me, but that is the second report

    - What computer are you using (Pc, mac, windows version)
    - Browser and version?
    - Does it happen everytime?

    I have run through all the code and there is nothing in HTML, JS or the PHP scripts that should be triggering this. I will have another check and see if there is any other layer.

    I also run malware scanners on the backend and these havent picked anything up yet.

    I will keep trying to reproduce it
     
  4. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    Also are you using the quick login at the top or the full login?
     
  5. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    Using a PC running Windows 7 Pro.

    Firefox version 30.0 but had issues with the previous version also.

    From the few times it has happened it has only occurred during each first log in session.

    I never log in from the front end always from the forums section.

    Happened again today first time logging in after i had entered my password, it creates a second viewing tab away from Silvertails so easy enough just to close it.

    This time around it is a user survey offering a chance to win a $1000 Coles Woolworths or IGA shopping voucher, the address bar is an ".eu" extension
    y5lzz.exclusiverewards.mediamother.eu/?sov=(long stretch of letters and numbers afterwards)

    Different pop up and address from yesterday.

    Could it be advertising related for non premium members if this is the case i have no issues whatsoever.
     
  6. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    Nope none of the advertising generates popups I made sure of that before signing the agreements.

    I went over every part of code yesterday around the login screens and do_login functionality.
    There is nothing there that should trigger a pop up. I will have to use one if the windows pc's at work today to see if I can reproduce it but it sounds like this may be browser based malware on your local computer. If you fire up ie or chrome I'd say you won't see this issue which shoes there is likely a rogue extension in chrome.

    I'll do some more research though
     
  7. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    @"Technical Coach" it sounds very much like you may have http://guides.yoosecurity.com/remove-alert-mycontestwinnerzs-eu-popup/

    Or this
    http://blog.teesupport.com/how-to-remove-na4zz-promorewards-updatedlunch-eu-popup/

    There have been no code edits on our side for weeks so this can only likely be a local infection

    Actually this looks like the exact one
    http://malwaretips.com/blogs/exclusiverewards-superreward-prizes-eu-removal/
     
  8. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    Only occurs on silvertails log in nowhere else, i was thinking the same thing as yourself that it was on my end but would have thought it would be happening all the time.

    Will look into it further on my end.

    Thanks anyway.
     
  9. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    Yup even though it only occurs on Silvertails, it may be that the triggering even may occur only on this site.

    That triggering event may be a redirect in the browser, the do_login process or a specific AJAX call.

    I have pulled apart the code from front to back and the last edits to the actual HTML were about 3 months ago, for that code to be inserted it has to come from one of my scripts and there are no new or edited scripts and none that have any unusual calls in them.

    I ran maldet on the code and the server and specifically scanned the forums with no luck.
     
  10. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    On the front page without doing anything firefox pop up blocker already appears saying "firefox prevented this page from automatically redirecting to another page" before hitting anything.

    If I hit the "forums" tab I have to allow the pop up blocker before the next page is loaded up(but still no pop ups show up at this stage)

    About to try again as it only happens on the first log in session after I have turned the computer on and never again afterwards, I would have thought a hijack would happen all the time.

    Sorry for chatting within this thread and hijacking not sure how to send a private message but know how to reply to one lol. Do I just type "Dan" in the too field otherwise will just reply to one of your older messages to get my comments out of this thread.
     
  11. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    You can just reply to me via PM on the matter, type in Dan and I should come up in the drop down liost.

    As for hijacking, again this is all part of the virus and not the website. If it were the website again it would happen constantly for everyone and not random people. Two reports from over 200,000 hits in the last two months is not enough to point to an issue with the site. I have looked over every bit of code that could and would effect this (everything that is called during login or loading the index pages) and there is absolutely nothing in there. It can only be malware on your end.

    I am not trying to be deliberately obtuse here, its just that I have exhausted every possibility on my end as well as found specific reference to the exact malware you have on your end.
     
  12. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    Just restarted my computer and logged in fine without the pop up but firefox pop up blocker still has the banner telling me it blocked a redirect that i just close.

    Not sure if this helps but i only surf the web on an installation of Windows 7 Pro under guest privileges, not administrator for safety reasons to reduce the risk of any harmful registry changes.

    Using your links i found no entries in the registry that indicate i have a browser hijack.

    Might be best i start surfing under a sandbox environment again as i'm sure you know a lot more about this than myself and do a reinstall if i get a chance.

    Malware bytes found nothing same with a virus scan but that really does not mean much as they probably don't even pick up the issue.

    I agree it is more than likely on my end just thought i would make sure and see if others are having the same issues.

    Obviously i can't reply as i'm on your ignore list so all is good lol---- my pride alone was not going to send you my initial concerns but the greater good of the site i think comes first.

    Will stop bothering you now as two issues in 200,000 is not worth worrying about so i will look into it from my end further.

    Thanks again.
     
  13. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    Browsing under a guest isn't really going to help. Most of these get installed as extensions or parts of extensions and often get in from other ways.

    I ran Maldet on the server and it scanned every single file, there was nothing in there. The redirect should be the hint there, a redirect would need to be hardcoded in either HTML, JS or the PHP, and it isn't.

    This sort of malware will monitor your activity and tie itself to specific routines that are likely to yield it better results. A login being an example of this.

    If you login using a fresh install of chrome, I would wager you won't see this popup/new tab
     
  14. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    I scanned with several programs, Malwarebytes, Hitman Pro, Adwcleaner and junkware removal tool and found nothing.

    Uninstalled Mozilla Firefox all folders I could find and registry entries I could locate in admin mode and guest mode.(I'm no TC in this department but better than the average user I guess)

    Reinstalled and found that I don't have to log in to get the pop ups, well not technically a pop up but a second window opens that is easily closed.

    Unable to replicate the issue anywhere else---- I did notice before the pop up is fully loaded the link/address name initially shows up as reduxmedia.com so will look into that further from my side.

    At the moment it appears limited to firefox, I don't use Chrome and Internet Explorer seems fine.
     
  15. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    The thing with AV apps is that they only do part of the job.

    If its redux you are seeing that is absolutely a virus

    http://forums.anvisoft.com/viewtopic-45-4629-0.html
    and
    http://guides.yoosecurity.com/ad-reduxmedia-com-redirect-removal/

    I hate these sorts of viruses, malware and adware. My wifes browser continues to get infected with one, despite me doing all sorts of funky changes and protection on that machine.

    Have a look at the Firefox Addons, there may be one sitting in there that is causing this

    Additionally an uninstall and removing folders won't help, the scripts that cause these will have evolving names with in the %APPDATA% or %USERDATA% folders, so it may start with a name like yz55 then you try to remove it and you will get a new folder named something random. You can remove FF but the "virus" lives outside of the Firefox file system and as such can attach itself post install
     
  16. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    Just deleted everything in the AppData/Local/Temp folder other than a debug log file it won't allow me to delete---i'm guessing a system entry that is required. I have no pop ups in Silvertails at the moment but i doubt it could be as easy as that to rectify so will monitor it for the next few days.

    Weird thing is in the guest temp folder a debug file remains unable to delete as above "FXSAPIDebugLogFile" but in the administrator Temp folder which is basically the same folder but for a different user no such file exists.
     
  17. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    RE: Depression Issues for Players - warning, heavy content

    That's ok is just your sapi debug.

    These malware things are a pain they hide themselves so well it can be a nightmare to fix permanently.
     
  18. Technical Coach

    Technical Coach Well-Known Member

    1,902
    500
    Ratings:
    +863 / 45
    RE: Depression Issues for Players - warning, heavy content

    After a system restore and deleting basically most if not all Mozilla FireFox references in the system registry, deleting Mozilla folders on top of a new Mozilla installation this morning i have not had any issues today.

    My first "serious" infection after all these years i feel somewhat normal now.

    I still do want to do a complete format to be sure to be sure as these types of Malware can just lurk around and hide like you mentioned in your post.

    Time to go back to a sandboxed surfing environment i think.

    I would of assumed your wifes browser after all the issues you alluded to would be sandboxed or has malware escaped this type of protection also?

    Thanks again for your time sorry if i created a false alarm on your side.
     
  19. Jethro

    Jethro This space is for rent Staff Member Premium Member 2016 Tipping Competitor

    7,127
    1,492
    Ratings:
    +1,897 / 7
    All previous posts to this post have been transferred from the "Depression Issues for Players - warning, heavy content" thread:

    http://www.silvertails.net/forum/Thread-Depression-Issues-for-Players-warning-heavy-content
     
  20. Dan

    Dan Administrator Staff Member Administrator 2016 Tipping Competitor

    32,370
    3,610
    Amsterdam, The Netherlands
    Ratings:
    +5,462 / 74
    No point sand boxing it, malware is just so easy to pick up. It's just a fact of life on the net
     

Share This Page