I don't think it's a virus or trojan, perhaps unwanted adware in which case try scanning with Malwarebytes Free or AdwRemover, see the links in the last link in my signature below.
You can if you wish submit samples to McAfee if there is something physical you can send to them: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
If it's a web page that's bad and should be marked dangerous then report it using SiteAdvisor assuming you have it installed.
Thanks for info
Will see what I can do about reporting to McAfee.
Very concerned that a link from my website to another can be changed on its way as it were. This could be happening a lot and people effectively loosing commission because the link has been changed. It was lucky I was testing the website because bookings had been down. An ordinary user would not know if the link had been changed.
PalTip is a WordPress plug-in, a way for blog owners to make money from any links they put in their blogs. It works by directing traffic to an "affiliate network" to generate money from ad-clicks. I would be surprised if there were any trace of PalTip on a client computer, it all seems to be server-side. Only about 2000 people are using the plug-in, and given the number of WordPress blogs there are around you'd have to be pretty unlucky to run across one that uses it.
All the info is at http://wordpress.org/plugins/paltip-plug-in/
If I may add to Ex_Brit, and Hayton vast knowledge. PalTip has been obtained from individual downloads from Cnet-Downloads.com as well, most notedly from a relative " Newcomer" app called (CD Tray Pal) by being bundled within the install itself.
In addition, is obtained by links on "Bookface" or as some call "FaceBook", which by my snarky comment one can assume I steer away from.
As for McAfee knowing about it, Trusted source marks it as a "Unverified Risk" The Web classification is Marketing/Merchandising. As Hayton stated it is basically on the server-side of the spectrum. Google Analytics-Adsense-AddChoices play a part in the distribution as well. ( I have these obtrusive Tracking cookies "Blocked" in my "Parental Control Feature" of McAfee Total Protection.
From the "Mail-Server side, Trusted Source has the following Hosts listed as follows"
As I did with the Tracking Cookies, You can BLOCK these IP Addresses using your "Parental Control Feature" I might add in addition to what Ex_Brit suggested, run Both of those tools. When running Malwarebytes (Free) make sure it is (Updated) and you may benefit better by running it in "SafeMode/w Networking.
Although you seemingly have removed it from your "Google Chrome", it may have infiltrated Internet Explorer as well, or any other Browser on your system.
Just my (2) cents....
1 of 1 people found this helpful
Yes on my search I read about wordpress but still dont understand.
I dont understand how or who was doing it but as said before there was definitely something - by adding another user to google chrome on my computer and deleting the original user stopped this from happening.
Also as said above if it happened to me it can be happening to any number of people - I was fortunate enough to notice that the link from my website was changed after clicking - correct one displayed first and then the code, which identified the link was from my website, changed whilst I was looking at it.
Another google chrome browser on my network was fine and Internet Explorer on the corrupt computer was also fine.
Thanks thats brilliant
Will have a look at your suggestions.
I have tested internet explorer and Chrome on the same computer and others and there was only my computer which was corrupt - for want of a better term.