# Odd link appearing in posts



## pacanis (Sep 11, 2013)

I mentioned this yesterday and am apparently the only one getting this, then it disappeared, but I was on a different computer. Well this time I took a screenshot of it.
It's a word that is in red font and underlined. When you put your mouse over it an advertisement appears.

Is this a DC thing or has some weird advertising program invaded my computer that is only affecting DC and not my other frequented forums?

And if DC has suddenly allowed these advertising links to appear randomly in posts, I am wondering if that has been the root of all the recent glitches nobody can seem to put a finger on.


----------



## pacanis (Sep 11, 2013)

Geez, I am seeing TWO of these in my post here!


----------



## Zhizara (Sep 11, 2013)

Did you try using a right click to add a filter to Adblock Plus?


----------



## FrankZ (Sep 11, 2013)

So if you aren't logged in we run adwords to gain extra advertising from anonymous users.  

You likely have one of those infections that does this.  Good luck getting rid of it if you do, they can be persistent.


----------



## pacanis (Sep 11, 2013)

FrankZ said:


> So if you aren't logged in we run adwords to gain extra advertising from anonymous users.
> 
> You likely have one of those infections that does this. Good luck getting rid of it if you do, they can be persistent.


 
Acckk!
Off to run a series of malware programs. I wonder where I got this one 

Z, that program does not work with my browser. I looked before when Steve mentioned it. Thanks.


----------



## PrincessFiona60 (Sep 11, 2013)

Firefox...best thing I ever did.  

Of course if I want to work from home I have to use IE, but there I don't have to futz with ads.


----------



## GotGarlic (Sep 11, 2013)

I've been using Firefox for so long, I forget IE is out there.


----------



## taxlady (Sep 11, 2013)

GotGarlic said:


> I've been using Firefox for so long, I forget IE is out there.


Same here, except sometimes I use Chrome.


----------



## pacanis (Sep 11, 2013)

FrankZ said:


> So if you aren't logged in we run adwords to gain extra advertising from anonymous users.
> 
> You likely have one of those infections that does this. Good luck getting rid of it if you do, they can be persistent.


 
I guess so.
I've run the usual programs and did find a bug or two, but it's still there.
Looks like I'll have to dig deeper. What exactly is this ad program called you are running? It should help me to disable it if I can do a direct search.


----------



## GotGarlic (Sep 11, 2013)

I use Ad-Aware - Ad-Aware Free Antivirus and Free Antispyware software download. - Lavasoft

And AdBlock Plus is the browser add-in: https://adblockplus.org/


----------



## CarolPa (Sep 11, 2013)

pacanis said:


> I guess so.
> I've run the usual programs and did find a bug or two, but it's still there.
> Looks like I'll have to dig deeper. What exactly is this ad program called you are running? It should help me to disable it if I can do a direct search.




I have that too.  I didn't notice it until you mentioned it.  I will keep watching the thread to see if someone comes up with a fix.


----------



## pacanis (Sep 11, 2013)

It seems the fix is getting rid of the ad malware our PCs picked up. It's not on my laptop, just my tower, so Frank was right, it's on our end. DC isn't recognizing we are logged in because of that malware.


----------



## Janet H (Sep 11, 2013)

try running malware bytes.  It's a free download and a good place to start.

Malwarebytes : Free anti-malware download


----------



## pacanis (Sep 11, 2013)

Janet H said:


> try running malware bytes. It's a free download and a good place to start.
> 
> Malwarebytes : Free anti-malware download


 
Been there done that. It was one of three things I ran, including adaware and avg.
That's why I was hoping you could disclose the type of ad it's called, so it would be easier for me to do a direct search on disabling it or finding the bug that is allowing it to run.


----------



## Hoot (Sep 11, 2013)

What browser are you using?


----------



## pacanis (Sep 11, 2013)

I use IE, Hoot.
If you want to know why do a search on the past threads I've posted in where there's been a problem. It gets redundant for us IE users to have to explain ourselves whenever there's a glitch with this forum ;^)


----------



## Hoot (Sep 11, 2013)

Gotcha!
It might be related to a browser add on. Can't hurt to take a look.
Take a read here 
How To Remove Text Enhance Malware


----------



## pacanis (Sep 11, 2013)

Hoot said:


> Gotcha!
> It might be related to a browser add on. Can't hurt to take a look.
> Take a read here
> How To Remove Text Enhance Malware


 
You rock, Hoot! 
You should be an admin. You are definitely on top of your game.


----------



## CarolPa (Sep 14, 2013)

GotGarlic said:


> I use Ad-Aware - Ad-Aware Free Antivirus and Free Antispyware software download. - Lavasoft
> 
> And AdBlock Plus is the browser add-in: https://adblockplus.org/




I downloaded Ad-Aware and ran a full scan.  It's been going for over an hour, almost 2.  Hope it does something.

I was not able to download AdBlock Plus for some reason.


----------



## CarolPa (Sep 14, 2013)

The scan is finished and found 78 infected files and it now fixing them.  I hope.  If this does not fix my ad problem I will look into the link posted by Hoot for removing Text Enhanced Malware.  This is a pain, especially since I have no idea what I'm doing.  LOL

It says everything is fixed, and there are 12 items in quarrantine, most of them adware and 1 trojan.  What should I do with them?  It says I can delete them.  Will that mean they are no longer on my pc?


----------



## GotGarlic (Sep 14, 2013)

Yes. I would delete them.


----------



## pacanis (Sep 14, 2013)

Delete or quarantine. Whatever your option is.
But that did not fix it on my end. I needed Hoot's link. Although it's always a good idea to run adaware and malware bytes now and then. What one doesn't find the other usually does.


----------



## Greg Who Cooks (Sep 15, 2013)

I too recommend Ad-Aware...

I've been running Firefox since it started as Mosaic, then Mozilla ... And eventually became FF. that's about 18 years...

I remember I had to compile Mosaic on my Sun workstation. That was 1995.


----------



## CarolPa (Sep 15, 2013)

pacanis said:


> Delete or quarantine. Whatever your option is.
> But that did not fix it on my end. I needed Hoot's link. Although it's always a good idea to run adaware and malware bytes now and then. What one doesn't find the other usually does.




It didn't fix it here either, so I too will have to use Hoot's link.  I really don't understand it all, but if I follow along step by step I should be OK.  I am also getting a warning from Cisco, my WIFI network every time I  click into a post on the forum and also on another forum I belong to.  I just click out of it and continue, but eventually I have to address that.  I had that once before but I can't remember how I got rid of it.  

Computers are such fun.


----------



## Greg Who Cooks (Sep 17, 2013)

CarolPa said:


> It didn't fix it here either, so I too will have to use Hoot's link.  I really don't understand it all, but if I follow along step by step I should be OK.  I am also getting a warning from Cisco, my WIFI network every time I  click into a post on the forum and also on another forum I belong to.  I just click out of it and continue, but eventually I have to address that.  I had that once before but I can't remember how I got rid of it.
> 
> Computers are such fun.



What warning is that?


----------



## CarolPa (Sep 17, 2013)

Here is the warning I get.  I just got it when I clicked on "quote" to reply to a post. It's not just here that I get it, but also on most other sites.  I think it has something to do with the issue we are discussing in this thread.   Notice that it also has the items in red underlined, the same as the ones I am getting in the posts here.  It comes up with the Cisco logo which is my router.  I had this warning before but I can't remember how I got rid of it.  I am waiting to see if Hoot's link was any help to Pacanis, and also the time to go through the steps.  

*Possible web threat*

[content redacted by DC moderator - malicious links.]


----------



## Andy M. (Sep 17, 2013)

I got a similar warning on another site.  The warning window gave me a link to a Google site that tests websites for containing viruses, malware, etc and that site gave them a clean bill.  I still got the warning.  I notified their tech support and it has subsequently been cleared up.


----------



## CarolPa (Sep 17, 2013)

Hallelujah!  I saw this fix online.  I went into the program for my  Cisco router and disabled "safe web surfing."  I have tried and tried,  and I am no longer getting the warning of Possible Web Threat.  I  restarted my PC and now I am no longer getting the words in red in the  posts with the pop-up ads attached.  Since a few people were posting  online that they were having this problem with their Cisco router I  believe that it might be a glitch in the router.  For months we didn't  have the router connected because my lap top was crashed.  After we got  the lap top fixed, we re-connected the router, a month or so ago.  So I  think with Ad-Aware installed and running I should be OK from now on.  I  don't think I need Hoot's link, but I saved it for future reference.


----------



## pacanis (Sep 17, 2013)

Holy crapiola batman 

I read through a few threads, clicked on this one and saw this! 


Then after I had saved it and went to post about it I got it again when the computer opened the advanced reply window.

What the heck is going on here lately?
Hoot, are you on this? Nobody else appears to be. Along with the numerous times (sometimes) that it takes to upload a picture here


----------



## pacanis (Sep 17, 2013)

I wonder if it has something to do with me only seeing a black X on Carol's last post where a picture should be? I can't move around in this thread at all without getting that password window.


----------



## Hoot (Sep 17, 2013)

The image shows an IP address 192.168.1.1 which is a default IP address for a Linksys E1000 router. Is that your router?


----------



## pacanis (Sep 17, 2013)

What image? The one in Carol's post that I can't see?
I don't know my router's # offhand.
On the positive side, I'm in this thread and it did not appear this time.


----------



## Hoot (Sep 17, 2013)

pacanis said:


> What image? The one in Carol's post that I can't see?
> I don't know my router's # offhand.
> On the positive side, I'm in this thread and it did not appear this time.


I was referring to the screenshot you posted of the window asking for a username and password.


----------



## Hoot (Sep 17, 2013)

For what it's worth, I don't see any image or place holder in Carol's last post. Strange.


----------



## Janet H (Sep 17, 2013)

CarolPa said:


> Here is the warning I get.  I just got it when I clicked on "quote" to reply to a post. It's not just here that I get it, but also on most other sites.  I think it has something to do with the issue we are discussing in this thread.   Notice that it also has the items in red underlined, the same as the ones I am getting in the posts here.  It comes up with the Cisco logo which is my router.  I had this warning before but I can't remember how I got rid of it.  I am waiting to see if Hoot's link was any help to Pacanis, and also the time to go through the steps.
> 
> *Possible web threat*
> 
> [content redacted by DC moderator - malicious links.]



Carol I removed the text you had pasted into this post.  It had multiple links to sites that download crap to your computer.



pacanis said:


> Holy crapiola batman
> 
> I read through a few threads, clicked on this one and saw this!
> 
> ...



That popup did not come from DC - my guess is that you clicked on a link to someones internet providers, security portal or similar or possibly one of the links we've just removed.



pacanis said:


> I wonder if it has something to do with me only seeing a black X on Carol's last post where a picture should be? I can't move around in this thread at all without getting that password window.



The little black x's are just images that are slow to load.  Our server loads the text to posts first and then then images last.  Sometimes the images can be slow - especially if your connection is bogged down.  Often refreshing the page solves this issue. They aren't harmful.

Folks, after carefully reading this thread I think the issue is malware or tracking cookies on personal computers - plain and simple.  Please be careful about where you surf and what you click on. Make sure your are running good, undated antivirus protection and have a secure firewall. Be careful!


----------



## Cooking Goddess (Sep 17, 2013)

Janet H said:


> ...Folks, after carefully reading this thread I think the issue is malware or tracking cookies on personal computers - plain and simple.  *Please be careful about where you surf and what you click on.* Make sure your are running good, undated antivirus protection and have a secure firewall. Be careful!



And it's not necessarily clicking that will do it.  A long time back I was skimming through threads and saw what looked like an interesting site link as a new member's signature.  Rather than click on it, I did the "open a new frame/type in the address/click" and saw a nice cooking site, peeked around, then closed the frame.  No problem, right?  Um, no.  Turns out the site was evil, gummed up the computer like crazy, and took Himself (my in-house tech support with a bazillion years of computer expertise) quite a while to hunt down and kill off any demons.  I now do not go to any suggested websites from new users unless I actually recognize the site's name. 

Sometimes it's like catching chicken pox - you don't know you've been exposed because the person (computer) with the virus doesn't look sick until after you've picked up the bug.


----------



## CarolPa (Sep 17, 2013)

Thank you Janet, for removing the problem in my post.  I did not realize that it would cause a problem.  For what it's worth, I am no longer having any of the problems I was having before and I hope they don't come back.  If I caused a problem for anyone else, I am really sorry.


----------



## CarolPa (Oct 4, 2013)

After I got my computer back to normal I have been checking regularly to be sure there have not been any malware or other site on my computer.  This morning there were about 10 of them that were put on yesterday, 10/3.  I cleared them off and all is well, but can anyone tell me why I am getting these all of a sudden and what I can do to stop them?


----------



## PrincessFiona60 (Oct 4, 2013)

You need good antivirus software...Avast has a free edition. AVAST 2013 | Download Free Antivirus Software for Virus Protection


----------



## CarolPa (Oct 4, 2013)

I have Ad-Aware and also Microsoft Security Essentials.  I get messages from both of them that they are catching things, but when I look in uninstall programs I see these things listed and I can tell by the date it says they were installed that they are not something I installed.  I guess I will have to keep installing Antivirus programs until I find one that will work for me.


----------



## PrincessFiona60 (Oct 4, 2013)

We started using Avast 7 years ago,  finally started purchasing it.  The Free edition let nothing in.


----------



## Hoot (Oct 4, 2013)

Having more than one AV may not be a good idea.
PC World - One Anti-Virus is Better Than Two


----------



## CarolPa (Oct 4, 2013)

Hoot said:


> Having more than one AV may not be a good idea.
> PC World - One Anti-Virus is Better Than Two




I have heard that too, Hoot, but when Ad-Aware did not seem to be stopping the malware I tried to uninstall it, but it will not let me.  I get the option to repair but not to uninstall.  I don't really want to use a program that isn't doing what I need it to do.


----------



## GotGarlic (Oct 4, 2013)

CarolPa said:


> I have Ad-Aware and also Microsoft Security Essentials.  I get messages from both of them that they are catching things, but when I look in uninstall programs I see these things listed and I can tell by the date it says they were installed that they are not something I installed.  I guess I will have to keep installing Antivirus programs until I find one that will work for me.



Computer viruses do all kinds of sneaky things. The date shown may not be the true install date.


----------



## Hoot (Oct 4, 2013)

I, personally, scan my system with Malwarebytes periodically. It is not AV but is very good at removing malware. I use MSE for real time protection. Never had an issue.
Is your firewall turned on?


----------



## PrincessFiona60 (Oct 4, 2013)

Hoot said:


> I, personally, scan my system with Malwarebytes periodically. It is not AV but is very good at removing malware. I use MSE for real time protection. Never had an issue.
> Is your firewall turned on?



Same question I was just going to ask!  I have three firewalls, Internet provider, e-mail provider and the MS firewall that came with the computer.  Took a bit to get them to work together, but worth it.


----------



## FrankZ (Oct 4, 2013)

PrincessFiona60 said:


> Same question I was just going to ask!  I have three firewalls, Internet provider, e-mail provider and the MS firewall that came with the computer.  Took a bit to get them to work together, but worth it.



You ISP provides firewalling?  Blech.

Your PC firewall is a feel good thing but should not relied upon.  You should have an air gap firewall.  A dedicated device for this.  You want an additional layer here.


----------



## Hoot (Oct 4, 2013)

FrankZ said:


> You ISP provides firewalling?  Blech.
> 
> *Your PC firewall is a feel good thing *but should not relied upon.  You should have an air gap firewall.  A dedicated device for this.  You want an additional layer here.


True, but it's better than no firewall, IMHO.


----------



## PrincessFiona60 (Oct 4, 2013)

FrankZ said:


> You ISP provides firewalling?  Blech.
> 
> Your PC firewall is a feel good thing but should not relied upon. * You should have an air gap firewall.*  A dedicated device for this.  You want an additional layer here.



Explain further please...not sure what this is.  I haven't had any problems, so far.


----------



## taxlady (Oct 4, 2013)

FrankZ said:


> You ISP provides firewalling?  Blech.
> 
> Your PC firewall is a feel good thing but should not relied upon.  You should have an air gap firewall.  A dedicated device for this.  You want an additional layer here.


I don't know what all I have of firewalls. I know Stirling uses a Linux firewall running on an old computer for the house network. The network is both wired and wireless.


----------



## PrincessFiona60 (Oct 4, 2013)

My laptop and the printer are both wireless, Shrek's desktop is wired.  Now that I think about it, there is another firewall with the wireless.


----------



## CarolPa (Oct 4, 2013)

I know I have at least one firewall running.  I did check for that.  

PF if you are not having any problems I would feel assured that what you have is good.


----------



## GotGarlic (Oct 4, 2013)

I just updated Ad-Aware (new version; virus signatures were already up to date) and changed the settings to have it scan daily starting at midnight. I also double-checked what it is that informs me every time a program tries to install, whether I initiated it or not (almost all the time, it's me). Windows has User Account Control in User Account Settings that you can set to tell you when something tries to install and interrupts the process, allowing you to approve or deny it. This is an excellent way to prevent stuff from installing itself.


----------



## PrincessFiona60 (Oct 4, 2013)

CarolPa said:


> I know I have at least one firewall running.  I did check for that.
> 
> PF if you are not having any problems I would feel assured that what you have is good.



The only reason we started paying for Avast, out of gratitude for the excellent service we received from the free edition, decided to pay the programmers for their hard and dedicated work.  Give it a try, Carol.  I stand by my recommendation.


----------



## CarolPa (Oct 4, 2013)

As always, some very good recommendations received from my friends at DC.  I will check into them all.


----------



## taxlady (Oct 4, 2013)

FrankZ said:


> You ISP provides firewalling?  Blech.
> 
> Your PC firewall is a feel good thing but should not relied upon.  You should have an air gap firewall.  A dedicated device for this.  You want an additional layer here.


Yeah, I figure it might be an extra layer of protection, but I wouldn't count on it.

I recently came across the term "air gap" in an article by a security expert. He puts data he doesn't want anyone to be able to access by hacking from the web on a computer that has never been connected to the internet. It isn't on his home network. To get data to and from this computer he uses a USB thumb drive.

I imagine the term is old enough that all networks were wired. Nowadays, with wireless networks, air isn't a good enough "insulator".


----------



## CarolPa (Oct 4, 2013)

My computer is used for forums, email and surfing.  The most important thing I have on here is my recipe file.  LOL  And I back that up on a jump drive at least once a month.  I just don't like anyone coming in here and telling me what programs I should use, what ads I should read, etc.  Stay out of my stuff!


----------



## GotGarlic (Oct 4, 2013)

CarolPa said:


> My computer is used for forums, email and surfing.  The most important thing I have on here is my recipe file.  LOL  And I back that up on a jump drive at least once a month.  I just don't like anyone coming in here and telling me what programs I should use, what ads I should read, etc.  Stay out of my stuff!



Any magnetic media is subject to failure. It would be a good idea to use more than one.


----------



## FrankZ (Oct 4, 2013)

PrincessFiona60 said:


> Explain further please...not sure what this is.  I haven't had any problems, so far.



Basically you want a dedicated device, prefereably running a harded purpose built OS.  I run Cisco PIX.  It has no other function that to act as a firewall.  If needed to stop an attack on my network I pull one cable and I have an air gap.




taxlady said:


> I don't know what all I have of firewalls. I know Stirling uses a Linux firewall running on an old computer for the house network. The network is both wired and wireless.



If the PC is used for nothing else this is what I am describing.


A software based firewall on your PC is vulnerable to attack like any other piece of software.  If it is compromised then the entire system is is running on is also compromised.  With a dedicated device they might compromise the device, but the devices behind that are not, immediately, compromise.  They could get that way, but it isn't a given.

If someone were to compromise the PIX they aren't really doing a lot from there.  It can not connect to other systems directly, they could change rules to allow a further compromise to be possible.


----------



## Greg Who Cooks (Oct 5, 2013)

One stealth feature of malware is that they get you to install them without realizing it. For example, Microsoft has a setting to hide file extensions for commonly known programs (including .EXE). I often download programs and sometimes I expect to download a ZIP or RAR (similar to ZIP) and discover the site wants to download a ...ZIP.EXE program or ...RAR.EXE program. If you haven't changed your settings off of the usual Microsoft default you won't see the .EXE and when you click your download it will install rather than extract (and probably then extract so you don't realize you just installed malware.)

The moral: Change your settings to not hide common file extensions. Microsoft should change their default so as not to hide .EXE file extensions.


----------



## taxlady (Oct 5, 2013)

Greg Who Cooks said:


> One stealth feature of malware is that they get you to install them without realizing it. For example, Microsoft has a setting to hide file extensions for commonly known programs (including .EXE). I often download programs and sometimes I expect to download a ZIP or RAR (similar to ZIP) and discover the site wants to download a ...ZIP.EXE program or ...RAR.EXE program. If you haven't changed your settings off of the usual Microsoft default you won't see the .EXE and when you click your download it will install rather than extract (and probably then extract so you don't realize you just installed malware.)
> 
> The moral: Change your settings to not hide common file extensions. Microsoft should change their default so as not to hide .EXE file extensions.


It's one of the first things I do when I get a new computer. Maybe the computer knows what the extension means, but I want to see it.


----------



## FrankZ (Oct 6, 2013)

Some years ago Microsoft stopped going strictly by extension for file associations and the OS will try to read the metadata on a file to determine how to open it.  Thus you can have executables that are not .exe, .bat, .com, .cmd, .ovr... etc.

I unhide extension and hidden files because I like to see everything.


----------



## Greg Who Cooks (Oct 6, 2013)

It may not save everybody all the time but it is a good idea to unhide file extensions, and to understand which of them execute programs. A good anti-virus program will warn you, but it's better to have an extra level of being aware of what's happening.

The last year I have noticed an increasing attack where you download a file, let's ust some-file-name.rar and you get your downloader daying you're going to download some-file-name.rar.exe! They are trying to download and have you install some kind of download file manager, and who knows what their motivation is? I see no way it is benevolent.

Oddly, I sometimes try a second shot at the download and they give me the plain file without the EXE file downloader included.

By the way, iLivid is the worst offender, and many of the download sites have adopted it. Cnet provides this rather benign review (not good enough for us to host it but not bad enough to warn you off): http://download.cnet.com/iLivid-Download-Manager/3000-2071_4-75739415.html

However, the way they attempt to insidiously install themselves makes me want nothing to do with them.

It's a scary Internet world and as far as I can see there are more people (or at least they have a greater presence) who want to harm you than to help you.


----------

