Javascript Inserted into the Footer of all Webpages

Recently I had an issue with my Windows XP machine where I noticed advertisements such as Google Adsense and Yahoo ads were being replaced with different types of ads.  I then noticed weird behavior with Firefox 3 and Internet Explorer 7 where pages were taking forever to load and then popups started to show up at random.  Curious as to what was going on, I took a look under the hood at the HTML and noticed a nasty, long javascript being inserted into every single page that I viewed.  It had numerous calls to an IP of 85.12.43.83 and it was then I knew I had a virus, spyware, malware, or some other unwanted junk on my machine.  I immediately searched the internet for what it could be and how to get rid of it.  This seems to be fairly new, and I tried all sorts of things to get rid of it.  I tried AVG, Ad-Aware, Hijack This, and more…nothing worked…until I found this post in which a guy figured it out himself.If you find unwanted javascript inserted into the footer (or injected into the footer) of all of the pages your viewing, then go to http://www.malwarebytes.org/ and download Anti_Malware.  It’s free and it’s the only thing that fixed it for me.  It also found a couple of other things on my system that I didn’t want.  I tracked the virus down to an email that a family member opened, which was thought to be a Hallmark ecard.  The problem was that the “Hallmark greeting” was an attachment called postcard.zip .  When that attachment was opened, it injected the virus.  So this gets back to the old rules of thumb when it comes to email.  If you don’t know who sent the email (or even if you have suspicions), don’t open the attachments!  If you get an ecard notification such as this, make sure it at least includes the name/email of someone you know.  All major ecard websites require that info.  If you don’t see a name you recognize…delete it.  Secret admirers can be a pain in the butt anyway.

0 Responses to “Javascript Inserted into the Footer of all Webpages”


  • No Comments

Leave a Reply