LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-19-2014, 02:49 PM   #1
winger9
Member
 
Registered: Jan 2014
Posts: 64

Rep: Reputation: 1
How do I stop the "Green double-underlined links pop-up ads" adware?


Summary:

In Chromium (Debian), can you tell me how get rid of whatever is causing
the behaviour called "Green Double-Underlined Links pop-up ads". I'd
like to STOP the behaviour, not just block it with some kind of blocker.

How can I prevent my laptop from being affected by this problem in the
future?

The problem is awful, and is really getting on my wick. (Not your fault of
course). :-)

In the meantime, is is safe for me to continue to use my computer, and to use
the Internet? Thanks.

Full details:

1. About a week ago (starting about 12Aug14) I started getting green double-
underlined links appearing under numerous words and phrases in web page text.
Also, at the same time, intrusive adverts started appearing everywhere, on web
pages. These aren't the usual ads on web pages but are new and extremely
intrusive. The green double-underlined links are also very intrusive and
misleading.

I could tell that something new was going on.

2. The site
http://malwaretips.com/blogs/green-d...d-ads-removal/
says that on Windows, the above problem is caused by ADWARE, and tells you how
to remove it from Windows, but NOT from Linux. However, the site IS informative
about what the adware is, and how it gets onto Windows.

3. I don't know if the double-underline problem etc is caused in Linux in the
same way as Windows, but I followed 2 of the principles in the above removal
guide:
a) Checked for any new Chromium plugins that I don't think should be there. I
did this by opening a new tab and entering "chrome://plugins". I've got 9
plugins BUT NONE OF THEM SEEM TO BE NEW.
b) Looked at what packages I've recently installed, to see if they look as
though they might have secretly installed this adware.

The 4 lines from the output below are my recently installed packages. I used the
following command to list them:

cat /var/log/dpkg.log | grep "\ install\ "

014-08-03 21:17:12 install mencoder:i386 <none> 2:1.0~rc4.dfsg1+svn34540-1+b2
2014-08-05 20:01:42 install libgpac2:i386 <none> 0.5.0~dfsg0-1
2014-08-05 20:01:43 install gpac-modules-base:i386 <none> 0.5.0~dfsg0-1
2014-08-05 20:01:44 install gpac:i386 <none> 0.5.0~dfsg0-1

I DON'T ACTUALLY KNOW IF ANY OF THESE PACKAGES COULD HAVE INSTALLED THE ADWARE,
*IF* that's how the problem occurs in Linux.

4. I've got just one Chromium extension, which is Adblock Plus v1.7.4, which has
been there for some time.

5. Excuse my noddy wording, but I'm wondering if the double-underline etc
behaviour is being caused by a program on the Internet (remote from my laptop),
and not actually a program that's on my hard drive.

6. I would be very grateful if you could tell me how to stop this awful problem.
 
Old 08-19-2014, 03:13 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,225

Rep: Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873
Most likely it is not malware on your PC. These scripts were deliberately placed on the websites by their owners. Be sure to let them know how you feel.

http://en.wikipedia.org/wiki/IntelliTXT
 
Old 08-19-2014, 04:10 PM   #3
winger9
Member
 
Registered: Jan 2014
Posts: 64

Original Poster
Rep: Reputation: 1
To Smallpond #2:

Many thanks, but these double-underlined links AND the ads are appearing
WHOLESALE on most webpages. This STARTED happening SUDDENLY, since about
12Aug14 (for me), on MOST of the webpages that I visit.

I don't think it's to do with just certain websites that are doing it, as
you kindly suggest. Unless all the sites I visit have All suddenly started doing
it.

There's even an example of such an ad immediately below your post! It's shown in
MY browser window at any rate. The link address of the ad is

http://googleads.g.doubleclick.net/aclk?sa=l&a ... enormous URL.

And the ad title is "Tired of commitments?"

But if that's a legit LQ ad, another one appeared later which I keep getting on
many websites now, entitled "Cover ... costs". It's full link address is

http://googleads.g.doubleclick.net/aclk?sa=l&ai=
CkNpvKK_zU4adCovz7QacjoCAAuvZ0ZdBm4eClZIBv-EeEAEg-
U9Q68nOsPr_____AWC7rsGD0AqgAa3t0N0DyAEBqQJGCUtTPOK7PqgDAcgDwwSqBKUBT9DLOd47oDmrR
hVlPhQFCsS9LarYczK9QkvZZ3ZXFsgY-rE6J5qRX4_MY-
yobUnWRqe8gZFHLJg46kbCyNyKXgLjlKVx9eG884rrueuQN57k-
zP2oqgsGK6UyaIrJBtg4QlBjgwnY8r8C32hJ8d0uQl331b3fZZmcfg4WxzJgsum-
QX8fi5lAsh0xtuaFqiBeDfJLGU0Bw36eFnhsLjTRw96grzegAe7kq8i&num=1&sig=AOD64_0-
Poxul4hV1UORgMx5F_B_-p9J2g&client=ca-undefined&adurl=http://www.goldencharter.co
.uk/free-brochure%3Fsrc%3DWBPPC8&nm=2&mb=2&bg=!
A0QG_rODV_RXGAIAAAAmUgAAAB0qAOY_oalQBXkYsagDreSup9SxWcA7nv8GMJarQtEibEfPR3ZHho5m
kxhomh6xa70nTBtmVrvN-
E_qwqIj0IJtI7r1Afxe6863FmjYj4yFfcfquHH7BdaPk08wOknxQEk0mkgVWHp2ueYglg0yEiquWdKRh
N-443vp0Zh98GbNYvqaIfzjPDhAEmBCtn3eHecOUVoPfalt-9qnJgNRB8-
NXVKRyCwuFteaiLBZgHlvZtLX-
qXtCw6LmCP_0YECkHEX8znQhwQwL41PlmfC_QTZ4dvhsTwa4eiYwUuG3Uahu5ikmLVpOn_ayA

Last edited by winger9; 08-19-2014 at 04:21 PM.
 
Old 08-19-2014, 04:34 PM   #4
jkirchner
Member
 
Registered: Apr 2007
Location: West Virginia
Distribution: Manjaro
Posts: 822

Rep: Reputation: 232Reputation: 232Reputation: 232
Do you get this behavior on another browser at all? Do you have firefox installed or some other one to give this a go? I have a sneaking suspicion it could be tied to chrome.
 
Old 08-20-2014, 08:38 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Google stuffed its browsers down everybody's throats, and, guess what, they also rigged it to stuff their ads into everybody's websites.

Quote:
"Beware of earthmen bearing gifts."
 
Old 08-20-2014, 08:48 AM   #6
jkirchner
Member
 
Registered: Apr 2007
Location: West Virginia
Distribution: Manjaro
Posts: 822

Rep: Reputation: 232Reputation: 232Reputation: 232
Quote:
Originally Posted by sundialsvcs View Post
Google stuffed its browsers down everybody's throats, and, guess what, they also rigged it to stuff their ads into everybody's websites.
Yeah, that is why I asked if he had that with other browsers. I quit with Chrome and Chromium....
 
Old 08-21-2014, 08:40 AM   #7
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 89
Quote:
Originally Posted by winger9 View Post
these double-underlined links AND the ads are appearing
WHOLESALE on most webpages. This STARTED happening SUDDENLY, since about
12Aug14 (for me), on MOST of the webpages that I visit.
Does it also happen with a live DVD?

If yes - maybe your router got hacked. Does it also happen with https connections or through TOR? In both cases, your router cannot read or intercept the traffic.
 
Old 08-28-2014, 01:58 PM   #8
winger9
Member
 
Registered: Jan 2014
Posts: 64

Original Poster
Rep: Reputation: 1
Thanks everyone for your very insightful advice. I decided to try using a
different browser to Chromium, so I tried Iceweasel. THIS SEEMS TO HAVE SOLVED
THE PROBLEM.

I now don't get the green double-underlined links or the intrusive ads. Running
NoScript in Iceweasel stops the green double-underlined links.

Note that the new intrusive ads DON'T APPEAR whether NoScript is set to block
things or not. I HAVEN'T got Adblock Plus installed in Iceweasel. However, I
suspect that when I visit websites that have TYPICAL ads (not the new intrusive
ads seen with Chromium), that I WILL need Adblock Plus as usual, to block those.

The site http://www.tomshardware.com/news/goo...ins,24377.html
may (or may not?) explain the cause of the new intrusive ads in
Chrome/Chromium. It contains the article "Google Banning Most Plugins in Chrome
Starting Jan 2014". My crude understanding is that because Google owns
Chrome/Chromium, Google can DICTATE whether ads are shown on sites?

Therefore (if the above explanation is right) even using AdBlock Plus with
Chromium won't stop the ads.
 
Old 08-28-2014, 02:17 PM   #9
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 1,054

Rep: Reputation: 281Reputation: 281Reputation: 281
I recommend installing Ghostery. It will install in both iceweasel and chrome, and prevents most of this crap. I don't even bother to run Adblock, and won't, as it now allows ads from companies which pay it.

And the page linked above does not say that Google will ban all plugins, only specific ones based on obsolete standards, the ones causing crashes and hangs because they're outdated. You need to read past headlines.

Last edited by sgosnell; 08-28-2014 at 02:19 PM.
 
Old 08-28-2014, 02:56 PM   #10
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,525

Rep: Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821
Quote:
Originally Posted by winger9 View Post
It contains the article "Google Banning Most Plugins in Chrome
Starting Jan 2014".
This refers to plugins like Flash and Java, not extensions like AdBlock or NoScript (although I think NoScript can't be ported to Chrome/Chromium because of some other API deficiency).
 
Old 08-29-2014, 01:59 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
There's a nice fork of AdBlock that doesn't.
 
Old 08-30-2014, 01:16 PM   #12
winger9
Member
 
Registered: Jan 2014
Posts: 64

Original Poster
Rep: Reputation: 1
Significant additional comments to my previous post:

1. I forgot to mention that Iceweasel is effectively Firefox.

2. I think the following comment I made was wrong (sorry): "Note that the new
intrusive ads DON'T APPEAR whether NoScript is set to block things or not." I
discovered that when I disabled NoScript, the intrusive ads DO APPEAR. So
NoScript is evidently blocking them.

3. Overall thoughts re the green double-underlined links AND intrusive ads:

a) It seems that this problem does affect browsers OTHER THAN Chrome/Chromium.
b) It seems that this problem is not malware on my hard drive as I first feared.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Stop bash from replacing "~" with "/home/username" when TAB is pressed dedec0 Linux - Software 3 06-04-2015 02:24 PM
what is the meaning of "e" in "double freq = 914.0e6; // frequency" er.poojasahu@gmail.com Linux - Wireless Networking 3 12-17-2013 02:57 AM
Can't stop fast typing double letters from "skipping" one of the letters. Lola Kews Ubuntu 3 04-20-2013 04:21 PM
What i s this error pop-up: "On line 3: unknown type "evolution""?? kline Linux - Desktop 0 11-25-2011 05:12 PM
Firefox Linux spyware/adware? "dotster" timjowers Linux - Security 5 08-07-2006 04:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration