New Member - Have we been hacked, or have i missed something?

Hello all,

This is very strange, hope someone can help.

[background]
A member of staff has just pointed something out regarding our homepage, and i couldn't figure out what it could be. then using web developer tools in firefox, i saw something strange.

[the problem]
Our homepage homepage is split down the middle, and the issue is with the three options on the right - the "new for members" section. When you click on one of these images you should be taken to a sample flip book, but unfortunately this doesn't happen. instead the entire page freezes, and you can't click on anything else.

Using the web developer tools in firefox, i found some sort of iframe that seems to be on our page, but i dont know where to start to get rid of it. It references something called "dealply.com". I've never heard of this thing, but after searching the web some sites say it's an extension. However, when i try to remove it, it's nowhere to be found in the extensions section of firefox or chrome.

Any pointers are welcome.

Kind regards
MG

Hello all, just an update.

When you click the images, something appears at the very bottom of the page, on the left-hand side.

Regards
MG

dealply is a browser adware plugin. Get rid of it.
http://forums.spybot.info/showthread.php?t=65995

Hi, thanks for the reply.

but nothing works on any persons' pc here at work. I've also ask a friend in a different part of the country to test the page, and still nothing.

Regards
MG

Hello all,

I followed the instructions on the link you sent through. no joy.

Also, I have tried to uninstall it directly form all browsers - as many sites recommend - and no joy.

Regards
MG

Install and run both of these programs, one of them should kill it.
Spybot 2
MalwareBytes

Hello, thanks for the pointers.

I ran the scans as you suggested, and nothing. It didnt show up.

I'll keep searching.

Regards
MG

Can you post some screenshots please?

There are a few more options that I know of but they tend to be extremely aggressive programs which can damage systems if they are not used carefully.

I'm going to move this to the Anti Virus forums to see if people with more expertise can offer some advise.

Hi thanks for your post.

I've been searching online for clues and came upon this post over on stackoverflow:

http://stackoverflow.com/questions/...working-in-html

It's essentially the same thing we experience. The links towards the bottom of the page suggest it could be some sort of hacked malware that has been put on our servers - im still reading.

Let me know if you still want screen shots, but this question is essentially the issue we have. The only thing to add, is what i mentioned before, in that, when i click on certain images everything freezes. If you go to our homepage and click on the images - below "NEW! for members" - you will see something appear at the bottom of the screen - bottom left.


Regards
MG

I'm not sure this is virus/malware related.
I notice there are 3 "onclick" items for the "NEW! for Members" section: samples('practice'), samples('primary'), and samples('design').
And when any of these sections are clicked, you get the image in lower left...which is actually a jQuery popup alert from jquery.alerts.js and jquery.alerts.css.

I believe this is being triggered because of a missing "samples()" function..either thru file corruption or misplacement.
If you can find your "samples()" function in your JS files somewhere and locate why that isn't functioning, you'll probably solve your problem.

EDIT:

OK, I found the area that references the samples function


the first 2 commands for that function are ALERTS for clicking a "Join" button or a "Not Now" button. My guess would be that something in that ALERT is conflicting in the jQuery alert system.

Maybe, removing that opening <p> tag from in front of the opening <Script> tag there [~ line746] may help [not for sure if that is interfering or not].

Morning,

Thanks for the reply.

Arh, yes, you've just reminded me of the pop up - i can't believe i forgot about it.

Yes, something did indeed pop up and ask the user if they wanted to join or not, and then, depending on their response, a sample was presented to them or the full version - but I never touched the alert script.

The site is created in Joomla, and the script you've presented above is referenced to, from within the article that has the front page source code, using a plugin called jumi. So i'm not sure where the <p> tag is coming from, but there does appear to be a closing </p> farther down - line 917. Again I don't know where that is coming from either, but i'll look into it as per your suggestion.

Any ideas what could be conflicting from within the Alert script? Javascript and jQuery are not my strong points - i dont know what im looknig for.

thanks for your pointers

[EDIT]
I looked into the tags, and it appears that Joomla automatically includes them. I tried to remove the lines and then save the article, but when I went back in, the tags were added again.

Here is the line copied from the joomla article which contains the homepage source code:

<p>{jumi [*13]}{loadposition user1}</p>

Also, I still don't understand why im seeing a "dealply-toast-344623" iFrame when using web developer tools in firefox?

Kind regards
MG

Hello all,

this may be a strange question, so apologies if it is, but can anyone suggest what i need to do to hunt down the problem as i'm really struggling.

any suggestion, such as where to look / what for etc. would be great.

Kind regards
MG

Hi all, problem has been fixed.

It was because of the link to the latest version of jquery:

This:

<script src="http://code.jquery.com/jquery-latest.min.js" language="javascript" type="text/javascript"></script>

was changed to this:

<script src="http://code.jquery.com/jquery-1.8.3.min.js" type="text/javascript"></script>

Thank you to everyone that helped.

Regards,
MG.

Glad you got it figured out.
That is amazing how a different version of jquery can affect things.