Unwanted popups

Are you using Windows? Because if you are, you can look in “Programs and Features” (located in the Control Panel) to see if any programs installed without your approval.

Malware (including ones that trigger popups) often are installed when you download an installer .exe and choose quick installation instead of custom installation (to uncheck unwanted add-ons). Happens a lot with sites like CNET that bundle malware with programs.

I’m using OSX El Capitan, it’s really confusing me. I’ve tried resetting my wp password but still showing up. Strangely the popups stop taking effect after refreshing the page, but if I clear browsing data then they are still active.

Thanks for your reply.

OS X rarely has malware issues. (edit: I correct myself, that’s no longer the case. See this article.)

It’s possible your issue is related to cookies. I checked and your site generates cookies, but I didn’t see a popup. It sounds like the cookies are being cleared every time you clear browsing data, and the popups come back because the cookies need to be set again. See if your browser cookies have been set to “always accept”, and don’t clear them unless you need to for one reason or another.

Might help to know details on those popups. What exactly are they showing?

It seems to be different every time, and they don’t always show on the homepage. If you click on one of the menu items, it will open the popup while the page loads. I will have a look at your cookies suggestion now and see if it fixes the issue.

Thanks

Rhys

If the popups are not something you want others seeing on your site, then cookies aren’t the real problem.

Again, what do these popups show exactly? Content or notices you want others seeing on your site? Or unrelated advertising / naughty stuff? The former might be a plugin issue, the latter might be a malware issue.

This time it brought up something called vosmangas.com so basically unrelated advertising. How can I remove malware from the site?

Sounds like malware, since popups from vosmangas.com is known adware.

Try using this on OS X to detect and remove it:
https://www.adwaremedic.com/index.php

I use Malwarebytes Anti-Malware on Windows and it’s one of the best out there. It’s also free. On OS X too. ??

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

I overlooked that it was just your website (in addition to overlooking the “unwanted popups” in the title). I think I’ll go catch some sleep. The others can help you for now. Good luck getting it resolved!

Thanks for your help, wanderer! will try adwaremedic shortly!

Staartmees, I tried the steps from the FAQ site and can’t fix the issue.

I have tried countless malware scanning plugins and none seem to locate the issue. How can I find the files and remove the popups?

Focus less on removing the popups and more on the hacked issue. You need to start working your way through these resources:

• https://codex.www.ads-software.com/FAQ_My_site_was_hacked
• https://www.ads-software.com/support/topic/268083#post-1065779
• https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

• https://sitecheck.sucuri.net/scanner/
• https://www.unmaskparasites.com/
• https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Note that a consistent way to replicate the issue is to clear your cookies.

You’re welcome! One more suggestion before catching some shut eye (for real)!

With Adwaremedic (now combined with Malwarebytes Anti-Malware, a product by a well known company) — what you can do is this… if you have cPanel or something similar for your hosted website, go to cPanel > File Manager, compress a copy of all files into a .zip, download to your computer. Then extract the contents into a folder but do not double click or execute any of the contents. Use Adwaremedic to scan and clean up anything it finds in that folder (and your computer, just in case). If adware is found and removed from that folder, then you can put the remaining contents into a different .zip.

At that moment, put the hosted files (at the server your website is on) for oveya.com.au into a backup folder. Upload the .zip to the hosted directory it needs to be extracted at. Extract the contents. If the adware is now gone and everything on your site is fine, you can get rid of the backup folder. You still have its contents backed up in the first .zip on your hard drive in case things don’t turn out right. I hope that’ll solve your issue.

Others may have better suggestions. What Sucuri may have missed (especially if it’s better at anti-virus than anti-malware scanning), Adwaremedic may catch since it’s now merged with Malwarebytes which specializes in anti-malware. You can also take precautions (e.g. change WP login password and use Wordfence plugin) to secure your website against hackers and any further infection, in case that’s what happened.