avast malware warning on the forum pages

This topic is locked from further discussion.

#1 Posted by BLKR4330 (1698 posts) -

hi, i'd like to ask for further investigation of a malware warning which pops up every now and then with reference to: http://c4.static.nrcdn.com/common_js/0.52.1/nr_loader.min.js. the issue has been described here and is apparently not wide-spread among users. as far as i can tell no follow-up steps have been undertaken by the tc so i decided to post it here as suggested by a ranger. i've posted in linked thread and have no reason to believe that it is malware related but i'd appreciate it if a more knowledgeable person as myself can have a look at what's causing this since it keeps coming back.

thanks.

#2 Posted by Temesra (135 posts) -

I have been getting malware pop ups too coming from this site .

No idea what is going on.

#3 Posted by JodyR (16412 posts) -
We'd need the username with the profile image and we can remove it that way.
#4 Posted by JodyR (16412 posts) -

Hey there, I have a quick update about this problem.

The nRelate group has assured us that there is no malware from scans they have done and major antivirus programs (Symantec/Mcafee) have not reported issues. They are actively working with Avast! to address the false positive. In case you're wondering, nRelate is the third party widget that's at the bottom of most GameSpot pages ("More from GameSpot / From Around the Web").

Thanks for your patience in the meantime.

#5 Posted by Smokescreened84 (2513 posts) -

A malware warning keeps appearing when I try to go to the forums, it says it's from a KHMANIACS and then my browser blocks the page and prevents it from being accessed. Looks like some pathetic losers are hacking the site.

I'm using the Google Chrome browser since that loads the site unlike Internet Explorer which can barely load an icon without going loopy.

#6 Posted by Jonwh18 (9350 posts) -

now it is finding it on the forum index

I took a screenshot for you 530518_511335292224869_1067089600_n.jpg

#7 Posted by Smokescreened84 (2513 posts) -
That's the warning I keep getting, the forums are inaccessible due to it.
#8 Posted by Shadowchronicle (26039 posts) -
Yes. I got the same warning message probably because some image on the website is linking to khmaniacs.com. Not a huge deal but I think it should be taken care of. khmaniacs seems to appear often when there is a malware warning, not just in kingdom hearts unions. Kind of weird.
#9 Posted by gmax (6862 posts) -
Technically, if this is just a Chrome "safe browsing" alert it is a different issue from the one that initially motivated this thread. If the Chrome alert appeared on the forum index it was probably some user's avatar (most likely in the Latest Returning Users section). The only problem with that is that the users listed change often, so there's no way to check it now and know which user it was. The other problem with Chrome "safe browsing" alerts around here is that they are almost always false alarms in the sense that no real risk to users ever really existed. That said, if you can provide a link to a page that *always* triggers the alert, it can be investigated, and any appropriate action can be taken. Otherwise, we can let this thread go back to giving Avast some skunk eye.

#10 Posted by Temesra (135 posts) -

Yes I got many pop ups by Malwarebytes blocking !! This on main page not even reading any threads!!

#13 Posted by BLKR4330 (1698 posts) -

i haven't seen the malware alert for a couple of days now and can only conclude that it has been fixed. so to all those involved, i appreciate your time to explain and look into this issue.

#14 Posted by super600 (30819 posts) -

I got that chrome alert to.

warning_zpsb7a6fa2a.png

#15 Posted by RobotOpBuddy (65151 posts) -

I got that chrome alert to.

[spoiler] warning_zpsb7a6fa2a.png [/spoiler]

super600
1st: occurrence is a post by freedomfreak in reply to mitu123, freedomfreak posts the image via BBCode; 2nd occurrence is that same posted quoted by charizard1605; 3rd is that 2nd post (by charizard1605) quoted again by freedomfreak; 4th is mitu123 quoting the 1st occurrence; 5th is freedom freak quoting the 4th occurrence; 6th/final occurrence (so far/in the 1st up to 50posts, anyway) is Michael0134567 quoting the 2nd occurrence (the one posted by charizard1605). Thread/topic ID in case picture is removed: 29329143 Basically - freedomfreak posted an image from that domain (bothteamsplayedhard.net) and it got quoted a bunch. Seems like another generic google safebrowsing warning where google marks the entire domain as having malware, but this particular image is very unlikely to actually be infected at any point in time as the domain itself doesn't appear to be inherently malicious. Turning off user images entirely may allow page access and avoid the warning completely by preventing the image from being loaded..but it's literally just one image (URL: http://www.bothteamsplayedhard.net/wp-content/uploads/2008/05/no-country-for-old-men-tommylee.jpg) that has been posted and quoted several times by users in the thread. The posts could be removed or the image edited out of all of them to remove the issue via a moderator/GS staff, but looks to be yet another false positive, much like the fairly regular khmaniacs safebrowsing alerts. The original post about the js file from static.nrcdn.com is unrelated to the google safebrowsing issue that we can't really do much about (google chrome is just paranoid in general, and users can freely post content from any website via images/links, within the ToU anyway). The nrcdn issue appears to have been dealt with already, and was a false positive from an actual AV program rather than the google safebrowsing feature of chrome, false positives do pop up quite often in general, but are normally fixed quite quickly once they're known for AV programs, google safebrowsing on the other hand can take as much as 3months to be removed from the listing if the domain owner doesn't contact google directly after appropriate measures have been taken.
#16 Posted by PetJel (3724 posts) -
So since this week, whenever I enter the forums Avast pops up with a warning that the page is infected. The box displays these details: URL: http://js.nrcdn.com/custom-script/1.0/www-gamespot-com.js process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe infection: URL:Mal I'm guessing it's a false positive but I thought I'd share to make GS aware because Avast hasn't been mentioned in this thread yet.