Random words on web pages are being turned into hot links. When you hover your cursor over these words, an advertisement box pops up.
For instance, "cash" shows "prizealert.com-ni.net" as the link with an advertisement for prizes won.
- Just hovered over one of the words and find that, if I pause long enough, another box pops up that says, "click to continue > by Text-Entrance". **
Modified by vlnvlaplar
Additional System Details
Every time Firefox opened
This started when...
I downloaded some emoticon software which I've since uninstalled. The name of the software began with a "Q". I also have, still installed, Bandoo, another emoticon add-on.
- Shockwave Flash 11.4 r402
- Google Update
- iTunes Detector Plug-in
- Adobe PDF Plug-In For Firefox and Netscape 10.1.4
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Next Generation Java Plug-in 10.5.1 for Mozilla browsers
- Adobe Shockwave for Director Netscape plug-in, version 22.214.171.1245
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
As stated, I have de-installed one of the emoticon software add-ons. Am wondering if I might have some kind of virus although I do have Microsoft Essential Security installed and NEVER open anything I suspect as being a possible trojan horse or worm.
Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
You can also do a check for a rootkit infection with TDSSKiller.
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Okay, so here's what I've discovered. As I said above, I installed an emoticon add-on that started with a "Q". I also installed another emoticon add-on called "Bandoo". I had already de-installed "Q" but left Bandoo. There was another symptom that only seemed to apply to Facebook. That was ads popping up between items in my timeline. Now that I've de-installed Bandoo, I no longer get those ads and some, not all, of the "linked" words on other pages have gone away. I did not reboot after the de-install of Bandoo, only killed and restarted Firefox and IE. Hopefully, the next reboot will remove this issue entirely. Thanks for the help, cor-el. Apparently, it wasn't spy or malware but nefarious money making by the "free" add-on software.
Well, the reboot didn't accomplish what I had hoped. The ads are back in Facebook and the linked word(s) can be seen in the example. Hopefully, it will show up larger than I'm seeing or you will be able to enlarge it. The linked word(s) are in blue and underlined. If you hover over them, a box pops up with "Click to continue > By Text-Entrance".
What about if I'm using an apple?!
Check the Add-ons / Extensions in Firefox for the savesales 3 extension, if it is installed delete/remove it.
Modified by pioneer1407