False positive?

[SeanO]

I have malicious 'warning' whenever I visit www.clubpenguin.co. uk or www.clubpenguin.com

'Infection detected 192.168.1.1'

Malwarebytes does not find any problem on full scan.

Suggestions please!!

SeanO

[prairie dog]

This does Not mean you have an infection. See this FAQ for further info. I believe the next release that is coming shortly, will have a different notification.

[SeanO]

Thanks - I had read this before posting and understood it as this...

I find that significant parts of the website appear blocked, suggesting that MW regards the site itself as infected.

I would be surprised if that site had an issue lasting about a week so wondered if there is sometihng else for me to explore....

Different IP lookup searches gave me 'contradictory' results - one said the IP address was 'blocked / private', the other said 'local'

I want to be fairly ceetain before telling my children to ignore any warning message.

[MysteryFCM]

The IP being blocked is actually 94.75.216.155. 192.168.*.* IP's are internal non-routable (NRIP) IP's (something a website should NEVER be calling).

The 94.75.216.155 IP is on a Leaseweb range that is known for malware, which is why it is blocked;

http://hosts-file.net/?s=94.75.216.155

Specifically, exploits;

http://hosts-file.net/?s=94.75.216.155&view=matches

Sadly, I couldn't track down which part of the site was loading the malicious content as the IP notitification only appeared once, suggesting it only loads the content once per IP (don't have access to proxies or test machines at present).