Malware alert

[Birdjaguar]

I started getting these a couple of days ago. The alerts seem to pop up while I'm at CFC, but I do have multiple tabs open.

Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/6/19
Protection Event Time: 9:25 PM
Log File: 745deac0-2a90-11e9-99f7-3497f6a08b78.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.9150
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: iplogger.org
IP Address: 88.99.66.31
Port: [49584]
Type: Outbound
File: C:\Users\Owner\AppData\Local\Vivaldi\Application\vivaldi.exe
(end)

 

[Aristos]

??? I have MBAM Premium running, never got any alert while browsing CFC...

EDIT: Using Chrome x64 here.

 

[Lemon Merchant]

I'm using MBAM Premium and I got several alerts last night over the same thing that BirdJaguar is referencing.

 

[Valka D'Ur]

This particular notification ended up in my spam folder and when I moved it back to the inbox and clicked to come here, I got a "this site is suspicious" message.

I'm using Firefox.

CFC is the only site for which I ever get messages like this.

 

[Petek]

I'm looking at this issue. So far, VirusTotal regards CFC as Clean (VirusTotal scans a site with multiple anti-malware engines) and there are no reports of false positives similar to this on the Malwarebytes website.

 

[Birdjaguar]

Thanks Petek. MB pops up telling me that it is blocking it; so I'm not too worried.

 

[Petek]

I installed MB Premium. I'll see if anything happens.

(@Birdjaguar Typo in your last message?)

 

[Petek]

Also, everyone (if necessary) should upgrade MB to the most recent version (3.7.1).

 

[Birdjaguar]

Also, everyone (if necessary) should upgrade MB to the most recent version (3.7.1).

yes I left the "not" out.

 

[Petek]

Malwarebytes has been installed on my system for three days. I've run multiple scans with it, as well as a full scan with Windows defender. No alerts of malware either on my system or CFC. Absent additional information, I believe that CFC is clean and the alerts received by others are due to other causes. Please report any future malware alerts, and include the report. Thanks!

 

[Aristos]

Thanks to this thread, I noticed that MBAM was updated to v 3.7... I don't know why it did not update itself as usual, but it's up to date now, so thanks!

 

[Birdjaguar]

I haven't seen any new alerts since last week.

 

[Lemon Merchant]

I haven't seen any new alerts since last week.

Same here in Lemon Land. All clear.

 

[Broken_Erika]

I haven't had any alerts, or redirects either. It's been all good for the past while.

 

[RickSL]

Could it be related to this pop up I have had on this site multiple times over the last couple of days? I only see it on this site.

I am using Safari on an iPad.

 

[Hygro]

On mobile I’m getting browser hijacks here if I leave safari app and come back. It’s happened twice, this one just now

 

[Hygro]

Looks like I screencapped the last one as well

 

[Petek]

I'll inform Thunderfall of the issue.

 

[Gazebo]

Just wanted to chime in and note that I get constant redirects and spam pop ups while browsing civfanatics if I come back to an already-open civfanatics tab and click on links or reply buttons. It makes the site almost unusable on mobile (iOS). It only happens to me on this site.

G

 

[Petek]

Just wanted to chime in and note that I get constant redirects and spam pop ups while browsing civfanatics if I come back to an already-open civfanatics tab and click on links or reply buttons. It makes the site almost unusable on mobile (iOS). It only happens to me on this site.

G

Please supply the URLs of the sites that furnish the redirects and pop ups. Also, if possible, post screenshots. Doing so will help Thunderfall to identify the source(s). Thanks.