6 Replies Latest reply on Mar 16, 2014 2:36 PM by maxellis

    Paltip.com

    maxellis

      Not much information on the internet about paltip.com and I am surprised McAfee does not know about it.

       

      Just wandering if anybody else has had trouble with it or knows of a simple way to remove.

       

      It redirects your pages to somewhere else even changing information on the address bar eg if it was your code being sent in the link, so the page being redirected to knew it was you, the code had changed.

       

      This was happening in google chrome only on my computer with no sign of it as an extension. Even after deleting all cookies, extensions and browsing history etc it carried on. No program on the computer to remove.

       

      I removed it in the end by adding another user to Google Chrome and then deleting the initial user.

       

      Anyone know how to pass this information on to McAfee

        • 1. Re: Paltip.com
          Peter M

          I don't think it's a virus or trojan, perhaps unwanted adware in which case try scanning with Malwarebytes Free or AdwRemover, see the links in the last link in my signature below.

           

          You can if you wish submit samples to McAfee if there is something physical you can send to them:  http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

           

          If it's a web page that's bad and should be marked dangerous then report it using SiteAdvisor assuming you have it installed.

          • 2. Re: Paltip.com
            maxellis

            Thanks for info

             

            Will see what I can do about reporting to McAfee.

             

            Very concerned that a link from my website to another can be changed on its way as it were. This could be happening a lot and people effectively loosing commission because the link has been changed. It was lucky I was testing the website because bookings had been down. An ordinary user would not know if the link had been changed.

            • 3. Re: Paltip.com
              Hayton

              PalTip is a WordPress plug-in, a way for blog owners to make money from any links they put in their blogs. It works by directing traffic to an "affiliate network" to generate money from ad-clicks. I would be surprised if there were any trace of PalTip on a client computer, it all seems to be server-side. Only about 2000 people are using the plug-in, and given the number of WordPress blogs there are around you'd have to be pretty unlucky to run across one that uses it.

               

              All the info is at http://wordpress.org/plugins/paltip-plug-in/

              • 4. Re: Paltip.com
                catdaddy

                If I may add to Ex_Brit, and Hayton vast knowledge. PalTip has been obtained from individual downloads from Cnet-Downloads.com as well, most notedly from a relative " Newcomer" app called (CD Tray Pal) by being bundled within the install itself.

                 

                In addition, is obtained by links on "Bookface" or as some call "FaceBook", which by my snarky comment one can assume I steer away from.

                 

                As for McAfee knowing about it, Trusted source marks it as a "Unverified Risk" The Web classification is Marketing/Merchandising. As Hayton stated it is basically on the server-side of the spectrum. Google Analytics-Adsense-AddChoices play a part in the distribution as well. ( I have these obtrusive Tracking cookies "Blocked" in my "Parental Control Feature" of McAfee Total Protection.

                 

                From the "Mail-Server side, Trusted Source has the following Hosts listed as follows"

                 

                74.125.137.26-Aspmx.1.google.com

                74.125.137.26-alt1.aspmx1.google.com

                173.194.66.26-alt2.googlemail.com

                74.125.131.27-aspmx2.googlemail.com

                173.194.66.27-aspmx3.gogglemail.com

                 

                As I did with the Tracking Cookies, You can BLOCK these IP Addresses using your "Parental Control Feature" I might add in addition to what Ex_Brit suggested, run Both of those tools. When running Malwarebytes (Free) make sure it is (Updated) and you may benefit better by running it in "SafeMode/w Networking.

                 

                Although you seemingly have removed it from your "Google Chrome", it may have infiltrated Internet Explorer as well, or any other Browser on your system.

                 

                Just my (2) cents....

                 

                Regards,

                CD-CatDaddy

                • 5. Re: Paltip.com
                  maxellis

                  Yes on my search I read about wordpress but still dont understand.

                   

                  I dont understand how or who was doing it but as said before there was definitely something - by adding another user to google chrome on my computer and deleting the original user stopped this from happening.

                   

                  Also as said above if it happened to me it can be happening to any number of people - I was fortunate enough to notice that the link from my website was changed after clicking - correct one displayed first and then the code, which identified the link was from my website, changed whilst I was looking at it.

                   

                  Another google chrome browser on my network was fine and Internet Explorer on the corrupt computer was also fine.

                  1 of 1 people found this helpful
                  • 6. Re: Paltip.com
                    maxellis

                    Thanks thats  brilliant

                     

                    Will have a look at your suggestions.

                     

                    I have tested internet explorer and Chrome on the same computer and others and there was only my computer which was corrupt - for want of a better term.