Have i got spyware either on pc or hosting?

hey all


got a little problem,

about 90% of the time i visit which is like 30 times a day on my groups i got, i get a what i think is adverts and spyware...

so i thought i check another browser, does the same, and then do another pc, and check the site on there...


so i thoughts i would run a spyware anyway... and melware


it goes away for 2 days and comes back

heres the screenshot

i have blanked out the websites and the titles



Help Please


thanks in advanced


  • It looks like your web browser (PC) is infected. Hosting and elgg is safe.

  • will i will run some scans and see what happens


  • Also check whether you are using any third party plugins which loads some files (javascripts, css etc.) fro some other third party websites. These can include some cut and past html codes for widgets etc..

  • That doesn't have to be PC infection. That could be bruteforced access to ftp server. If you use ftp and have password below 8 chars, I'd say it's very likely scenario.

    On the other had that could be javascript injection as well. Make sure that you've had htmlawed plugin enabled all the time and do output filtering properly for user-created data.

  • Alright, I confirmed, the computer(s) is(are) infected with some malware. It is not a third party, nor a javascript injection.

    You should also consider upgrading to elgg 1.8

  • i am trying to convince my business partner to upgrade to the latest anyway lol 


    ftp: i would agree with that but i am getting the same error on my other system aswell i had the hosting run thought a full system scan today while its online...

    the password for the hosting is like 16 chars long for security...

    i don't do third party plugins i only use like for opera, opera website plugins

    and call me thick but what do u mean by HEMLAWED plugin is that on the hosting, for browser.?



  • Htmlawed is a name of a bundled Elgg plugin that does input filtering to prevent ie. javascript injection. You should keep it enabled unless you have good replacement.