Jump to content

False positive report


Zoraster

Recommended Posts

Thanks for your response, Porthos! The user has provided the attached screenshot.

If I understand what I'm seeing correctly, she made it to Jigsaw Explorer's home page ok. The the URL shown in the lower left corner indicates she clicked on one of the  links to a puzzle description page. Specifically, she clicked on one of the puzzle pieces displayed in the page mast, which link to the URL shown, and then the pop-up appeared. The pop-up seems to be claiming that particular URL made a call out to a subdomain of parrable dot com. I don't recognize that domain. I used Chrome's DevTools panel to load the URL in question, and no call was made to parrable dot com or its subdomains. Of course, one of the ads could make a call out to parrable, but the ads don't start loading until the requested page has fully loaded. Since the user appears to have been blocked before the new page started loading, I don't think an ad could have been the cause.

Another possibility is the user was simply hovering over the link, but just before she clicked the link, an ad on Jigsaw Explorer's home page could have made a call to parrable. Would that explain the pop-up? Thanks for any insights you can provide.

malwarebytes-pop-up.png

Link to post
Share on other sites

1 hour ago, Zoraster said:

Another possibility is the user was simply hovering over the link, but just before she clicked the link, an ad on Jigsaw Explorer's home page could have made a call to parrable. Would that explain the pop-up? Thanks for any insights you can provide.

I personally leaning towards an installed extension enabled in Chrome. I am doing a couple of easy puzzles in Chrome and I have no extensions on and I see the AD's but not the block.

I am watching a couple of cases in the malware removal section and see how they they progress.

As for your client, You might have them register here and do the following.

Please follow the instructions in this topic then create a new topic in our malware removal area by clicking here and a malware removal specialist will guide you in checking and cleaning your system of any threats. 

Link to post
Share on other sites

I now see that Parrable is part of the online ad ecosystem, and I also see that the company that manages ads for my website is one of Parrable's clients. I have contacted my account manager at the ad management company to inform him of the issue. My guess is that someone may have hacked Parrable and infected a JQuery file they distribute when ads are displayed or tracked. But it seems only certain ads are affected, or else, only certain people are affected. I have asked the user who reported the problem for more info about how often she is blocked due to the parrable domain and whether she is blocked at other sites. This appears to have the potential to be a widespread problem. I will continue to provide updates here as I learn more.

Link to post
Share on other sites

The user has a single extension on her preferred browser, Chrome. But she reports that Malwarebytes is also blocking Jigsaw Explorer in both Firefox and Edge even though those browsers do not have the extension she uses in Chrome. So, that would seem to eliminate a browser extension as the source of the problem.

Porthos, I gave the user the link to the instructions you provided so she can use the malware removal tool to try to find and remove any malware on her PC, and then use the Malwarebytes forums to request further help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.