slopes Posted March 14, 2017 Report Share Posted March 14, 2017 I am getting this alert on more than one site.Is this a pop up of somekind? geo-um.btrll.com is a known phishing host and was blocked I am using chrome Thanks Link to comment Share on other sites More sharing options...
Ken1943 Posted March 14, 2017 Report Share Posted March 14, 2017 I am getting a 404 error with Firefox. Means that site is not active. You should say what alert you are getting. Link to comment Share on other sites More sharing options...
slopes Posted March 14, 2017 Author Report Share Posted March 14, 2017 It pops up while visiting 2 different sites so far unrelated to that url. Surfprotection blocks it and notifies. I am pretty sure this is adware but am wondering why surfprotection is calling it a phishing site Thanks Link to comment Share on other sites More sharing options...
GT500 Posted March 15, 2017 Report Share Posted March 15, 2017 It looks like this isn't in our Host Rules. You can see that we don't detect it on VirusTotal: https://www.virustotal.com/en/url/bf48b1e56c3e6600af6f0c8d1461d9d596d69bd44d0118066f9e8e7e25a433c2/analysis/1489558089/ It's more than likely a custom rule that was created at some point (this can happen when you click on an option in an alert), or perhaps a false positive that has since been fixed. Here's how to check if there is a rule for it: Open Emsisoft Internet Security. Click on Protection. Click on Surf Protection in the menu at the top. Make sure that the option Hide built in list is not selected. Search for geo-um.btrll.com (or whatever website address the alert showed). If you find it and it's a custom rule, then you can click on it once to select it, and then click the Remove rule button in the lower-right. If you want to edit the rule to change whether or not it is blocked, then just double-click on the website address in the list you want to edit, change the Implemented action to Don't block, and click OK to save it. 1 Link to comment Share on other sites More sharing options...
slopes Posted March 18, 2017 Author Report Share Posted March 18, 2017 I have no custom rules in surfprotection so not sure what was happening. Not in the built in list and no more alerts on it. Thanks GT Link to comment Share on other sites More sharing options...
Ken1943 Posted March 18, 2017 Report Share Posted March 18, 2017 DO NOT FORGET Web protection starts "behind the eyes and between the ears" Link to comment Share on other sites More sharing options...
GT500 Posted March 21, 2017 Report Share Posted March 21, 2017 On 3/18/2017 at 8:04 AM, slopes said: I have no custom rules in surfprotection so not sure what was happening. Not in the built in list and no more alerts on it. Could have been a false positive that was fixed before I checked it. Our malware analysts are pretty quick. Link to comment Share on other sites More sharing options...
Recommended Posts