Wordpress site hacked but only in Firefox
Several keywords on my site have suddenly developed "links" to affiliate ads. This only appears on Firefox browser though. No sign on it on Explorer or Chrome.
There is no visible script or coding that I can find.
Additional System Details
- Shockwave Flash 11.4 r402
- Google Update
- Next Generation Java Plug-in 1.6.0_35 for Mozilla browsers
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape 10.1.4
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- Adobe Shockwave for Director Netscape plug-in, version 22.214.171.1249
- Winamp Application Detector
- Coupons, Inc. Coupon Printer Plugin
- Coupons, Inc. Coupon Printer DLL
- The plug-in allows you to open and edit files using Microsoft Office applications
- Office Authorization plug-in for NPAPI browsers
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
There are some extensions that include TextEnhance ads. Try going to the following page and disabling ALL extensions. Only keep enabled the ones that you can't browse without.
orange Firefox button or classic Tools menu > Add-ons > Extensions category
After restarting Firefox, test again. Any luck?
Also do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
You can also do a check for a rootkit infection with TDSSKiller.
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
This did the trick. Thanks a lot.
wordpress being attacked by mozilla products