In testing my local code, the following appears in my DOM ~2 seconds after loading:

<div style="position: absolute; top: 0px; left: 0px; width: 1px; height: 1px; z-index: 2147483647;" id="_GPL_e6a00_parent_div">
  <object type="application/x-shockwave-flash" id="_GPL_e6a00_swf" data=".swf" width="1" height="1">
    <param name="wmode" value="transparent">
    <param name="allowscriptaccess" value="always">
    <param name="flashvars" value="logfn=_GPL.items.e6a00.log&amp;onload=_GPL.items.e6a00.onload&amp;onerror=_GPL.items.e6a00.onerror&amp;LSOName=gpl">
  </object>
</div>

I've run global searches for all of the keywords in the HTML but it's nowhere to be found in my project.

After that I tried disabling all of the external plugins I load, including Facebook's SDK, Mixpanel, Google Analytics, but it still shows up.

What else can I do to find the culprit?

In testing my local code, the following appears in my DOM ~2 seconds after loading:

<div style="position: absolute; top: 0px; left: 0px; width: 1px; height: 1px; z-index: 2147483647;" id="_GPL_e6a00_parent_div">
  <object type="application/x-shockwave-flash" id="_GPL_e6a00_swf" data="http://savingsslider-a.akamaihd/items/e6a00/storage.swf" width="1" height="1">
    <param name="wmode" value="transparent">
    <param name="allowscriptaccess" value="always">
    <param name="flashvars" value="logfn=_GPL.items.e6a00.log&amp;onload=_GPL.items.e6a00.onload&amp;onerror=_GPL.items.e6a00.onerror&amp;LSOName=gpl">
  </object>
</div>

I've run global searches for all of the keywords in the HTML but it's nowhere to be found in my project.

After that I tried disabling all of the external plugins I load, including Facebook's SDK, Mixpanel, Google Analytics, but it still shows up.

What else can I do to find the culprit?

• javascript
• malware

Share Improve this question Follow edited Jan 31, 2013 at 5:08 user166390 asked Jan 31, 2013 at 4:45 GarrettGarrett 11.7k2020 gold badges8686 silver badges129129 bronze badges 7

• this was interesting - savingsslider-a.akamaihd appears to be associated with malware – Kyle Commented Jan 31, 2013 at 4:50
• Weird — what is it then??? @Kyle thanks for the edit :) – Garrett Commented Jan 31, 2013 at 4:54
• 3 Related: forum.joomla/viewtopic.php?f=621&t=764701#p2932337 – user1585455 Commented Jan 31, 2013 at 4:57
• 2 @DonovanGlover That's the answer — it's a Chrome extension. I also had an Ebay and Amazon extension installed without my knowing... I swear I haven't watched porn in a while... but the answer to this is that it's the "Savings Slider" plugin for Chrome. Mind posting it? – Garrett Commented Jan 31, 2013 at 5:01
• 1 @Garrett I did not find an official version in the Chrome Web Store (or Firefox Add-ons), but they do have a homepage: hxtp://savings-slider./ – user1585455 Commented Jan 31, 2013 at 5:19

 |  Show 2 more ments

4 Answers 4

Sorted by: Reset to default 1

If you're using FTP to upload your files, use an FTP client that can pare the local and remote files (my preference is FileZilla). Using this, you can find any files on the server that have been modified, and hopefully find and remove the problem.

Alternatively you could just re-upload the whole thing from your local copy.

I encountered a similar thing on a client's puter. After some research, it looks like it is due to "vuze" installing add-ons or extensions to your browser (and probably not in your code).

We think this because all of the installed add-ons and extensions match those in vuze's uninstallation instructions: http://www.vuze./uninstall-vuze-mac-extensions.php

A plugin for Firefox called Flashblock made a hidden Flash file bee visible. I rolled over the Flash icon (displayed where the hidden Flash file is located -- top left corner of every browser page). I then saw the URL just like the one you encountered: savingsslider-a.akamaihd/items/e6a00/storage.swf I was upset about this but then I searched online for savingsslider and discovered it was another Firefox plugin (that I don't remember installing). But I removed it and re-started my Firefox and things went back to normal. I hope that helps.

It es from "unwanted" extensions being enabled on your browser and most likely es with software that you just keep clicking "next" on with out reading.

Check your extensions and disabled/remove the ones you don't know about.

How to edit browser extensions