Is this a Virus ?

I have had an experience that I have never seen before. Can anybody give their opinion on what exactly it is and if they have come across it.

On posting in another Forum (not a computer Forum), random words become highlighted in blue. If you click them, an ad pop-up about cigarettes comes up and if you go to the site it is about tobacco and cigarettes.

This occurred even in one of my posts. A screen-shot is :-



Two of the sites are :-
-vapour-exposed.co.uk-
-skycig.co.uk/special-offer1/lp/-

Is it a virus ? I am not trying to solve another Forum`s problems via Wilder`s, I am simply trying to satisfy my own curiosity as to what this strange behaviour is. No need to be precise, just say whether it is a virus infection I have come across for my own education.

I have already told them it is a virus and to get it sorted out. I will not be going back on the issue.

 

I don't get that when I visit that site, John...

 

Avira isnt flagging them.

 

I am not an expert by any stretch of the imagination, but my opinion is that, no, these ads are not indicative of an infection.

Essentially, I believe what you're looking at is a fairly refined javascript operation, which tags supposed 'keywords' to ads elsewhere. I've encountered this behavior before - Both on Windows 7 and OS X - in Opera. When I took the appropriate steps to block the domains associated with the ad networks in question, the behavior stopped.

So, short opinion: Virus? No. Intrusive, annoying, pointless and irritating ad? Yes. Yes indeed.

 

Are those "links" with the pop-ups related to intellitext (intellitxt)?

 

Okay and thanks! I didn't visit the links provided by JB but the pic reminded me of intellitxt.

from the ever-"reliable" Wikipedia

Interesting bit about the context!!!

 

Very slim chance it could be, much more likely to be part of the website. I think NoScript should block it unless you whitelisted kontera.com and/or those two sites.

 

What wonderful replies from wonderful people.

I thought I would have been hit by the 4th Amendment on this one, but I was wrong.

I have never seen this behaviour before, where innocent posts are hijacked by scam ad sites and I just cannot believe that a reputable Forum would tolerate such a despicable practice to become part of their monetary support.

J_L mentioned Kontera.com. YES ! This pox on the web is probably the answer to this problem, ABP does show this site as a potential threat.

Quite frankly, any site that condones such a vile practice is not worth bothering with. I will look at NoScript and ABP to see if I can block this pox on society. If not, then Good-bye Forum. This Forum has already had ads floating all over the pages, which I have blocked with ABP and then I kept getting logged out - a matter that seemed to go away. My patience is running out and with JB that is a very short fuse.

I sincerely thank my wonderful colleagues at Wilder`s for replying so precisely. One thing about Wilder`s is that I always get an answer and when I deserve it, a kick up the butt. Nevertheless I love you all.

When will we ever be free of these web pests ? Hopefully never, because if that happened I would lose my valued friendship with all you lovely people on this Forum - we would have nothing to moan and argue about.

Thank you all.
John

PS - Kontera.com was on the NoScript Whitelist - I have deleted it. I have also blocked this site on ABP. I just visited the Forum and so far could not see any of these hijacked words. Not too optimistic, but perhaps the blocks have worked.

 

Very, very interesting. I wonder what the "deal" is.

 

It is definitely not on my NS whitelist. Wonder how it got there ?

 

Simple. He put it there.

 

Just installed NoScript purely to look at the whitelist:
addons.mozilla.org
flashgot.net
google.com
googleapis.com
gstatic.com
hotmail.com
informaction.com
js.wlxrs.com
live.com
maone.net
mozilla.net
msn.com
noscript.net
passport.com
passport.net
passportimages.com
paypal.com
paypalobjects.com
securecode.com
yahoo.com
yahooapis.com
yimg.com
about:blank
about:credits
http://flashgot.net
http://google.com
http://googleapis.com
http://gstatic.com
http://hotmail.com
http://informaction.com
http://live.com
http://maone.net
http://mozilla.net
http://msn.com
http://noscript.net
http://passport.com
http://passport.net
http://passportimages.com
http://paypal.com
http://paypalobjects.com
http://securecode.com
http://yahoo.com
http://yahooapis.com
http://yimg.com
https://flashgot.net
https://google.com
https://googleapis.com
https://gstatic.com
https://hotmail.com
https://informaction.com
https://live.com
https://maone.net
https://mozilla.net
https://msn.com
https://noscript.net
https://passport.com
https://passport.net
https://passportimages.com
https://paypal.com
https://paypalobjects.com
https://securecode.com
https://yahoo.com
https://yahooapis.com
https://yimg.com
[UNTRUSTED]

 

No I did not. I deleted Kontera.com from the NS Whitelist and when I looked later it was back again !
Something keeps putting it back and I do not know what.

It could be that when I log onto that Forum where Kontera rides over everything, THAT puts it on the NS Whitelist, but I find it hard to believe that.

I have blocked everything Kontera on ABP, but it is making no difference.

PS - having deleted Kontera from the NS Whitelist yet again - it is back on there and I never put it there. Clue ? The Forum i-love-dogs.com is on the Whitelist. It may be THAT is the cause of Kontera being added.

 

See for yourself.

I would like somebody else to witness this first hand, so here is the URL - http://www.i-love-dogs.com/forums/, you can visit as a guest. Then go :-
General Dog Stuff >Dog Questions and Answers>What breed is this pupp>Post No.3 and see "dog" and "puppies" in blue. Put the cursor over each word and a pop-up appears from Kontera loading something. The loading does not finish.

If you click "puppies" or "dog"a site comes up called Groupon http://www.groupon.co.uk/.

This happens all over the Forum but not always the same ad.

Try General Dog Stuff > Dog Questions and Answers>Please help me identify my dog Clover>Post No.5 and see "lol". This is http://www.prolash8.com/ and so it goes on throughout the Forum.

Just random words selected, mostly animal, but not always, "work" is another.

I do hope you find this paranormal behaviour on YOUR screens, because if you don`t, I`ll SCREAM and do a bit of head banging.

John

 

Run Firefox outside of Sandboxie. It may be preventing the changes from applying.

 

Definitely 3rd party advertising. And I hate those stupid little links. Adblock Plus takes care of them fine for me.

 

From all the useful posts received, it looks like the following is the case. Without this thread I probably would not have got far in understanding what is going on with this Forum. It is a feature I have never seen before and I hope other readers will benefit.

When I joined this animal Forum, like all other Forum`s, I trusted it. So when the NS Options button first came up at the bottom right, I fully allowed the site. This in effect disabled NS for the site.

Firstly, ads kept coming up on every page, floating all over the place and covering the data. After much hacking about, I blocked all these with ABP. Then I kept getting logged out, this disappeared on it`s own or perhaps ABP stopped it, I don`t know.

THEN I started getting the problem described in this thread. ABP never stopped that although I have blocked all Kontera items listed under the ABP blockable items.

Kontera.com was on my NS Whitelist - I never put it there myself, but so is i-love-dogs.com. Deleting Kontera made no difference, it kept coming back.

So, I concluded that if i-love-dogs.com had total clearance on NS, then all the ad garbage for that site including Kontera automatically received clearance and were being added to the NS Whitelist as a package.

This looks correct. I deleted i-love-dogs.com and of course Kontera from the NS Whitelist, then visited the Forum. NS was active again and the Options box showing. I went to the example posts I gave and the blue words were no longer there ! So, NS had nuked Kontera.

All this is a pity really. Animal Forums run on a very low budget and serve lots of lovely people only interested in animals. They have to let ad sites in to provide much of their income. It looks like this Forum has vastly over-done it and ad sites are running wild to the point of being aggravating.

Do you think this matter is now settled and agree with the above assumptions ? If so, I can only again thank all of you for posting and providing yet another Wilder`s solution.

John

PS - If you did test out this site as per my post 17, you must either disable NS or give the page/site "temporary allowance". May be as well to disable ABP for the check also.