Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Non-stop Security alert popups


  • Please log in to reply
4 replies to this topic

#1 dotphil

dotphil

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 11 June 2017 - 04:28 PM

When I turn on my monitor each morning I'm blessed to wake up to 20-30 security alert pop-ups saying "The identity of this website or the integrity of this connection cannot be verified". And they pop up at random times throughout the day. I've looked up how to fix it throughout google and found all sorts of "solutions" but none have stopped them.

 

They all are from the same source.

Attached Files


Edited by hamluis, 11 June 2017 - 05:19 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dotphil

dotphil
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 11 June 2017 - 04:42 PM

just got a series of about 7 popping up, I want to say it's skype related but I can't verfity that

 

http://imgur.com/a/eHVxi


Edited by dotphil, 11 June 2017 - 04:43 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:01 PM

Posted 11 June 2017 - 05:19 PM

https://www.bleepingcomputer.com/forums/t/624560/btrllcom-malware/

 

Moving topic to Am I Infected, just in case you want a malware check.

 

Louis



#4 wing987

wing987

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Payette, ID
  • Local time:10:01 PM

Posted 15 June 2017 - 01:45 PM

Something to consider, if you are running through a web filter, such as the Sophos UTM or most proxies, it is possible that the traffic is being intercepted for filtering and then re-sent to your PC. This would result in a different identification certificate and you would see a pop up with exactly this error.  Installing the certificate will not stop the pop ups since the device sending it to you is not the device expected.

 

This can also happen if the network location installed their certificate improperly, or if your certificate store is out of date.

 

If this is your computer, you can fix it by updating your computer with Microsoft's windows update or installing the certificate as trusted.

 

If this is not your computer and there is no proxy or web management security appliance on the network then you may need to review your system for malware as it is likely you are being redirected.  There are many possible ways to do this, so it is best to use software such as malwarebytes to assist in cleaning and fixing your system, but doing so manually is possible even if "painful."

 

If there is a chance of a proxy or a web appliance being used than the administrator of that appliance would need to adjust their certificates to reflect their system properly, or change the filtering to transparent mode (which means they would not be able to decrypt SSL traffic of any sort and must rely on URL filtering for SSL traffic instead), or the proxy is incorrectly configured. 

 

In my opinion it is more likely that you have malware on your system redirecting your traffic, as administrators of large organizations would have a handle on certificate management.  But I notice that your displayed certificate is for *.btrll.com a documented site with this error.  Nortan/Symantic users report getting this error constantly on Weather Underground, which uses a different URL than the certificate is for. It is possible that the incorrect certificate was loaded by the administrator, but much more likely that people who visit the website they want are being redirected against their will...to which this pop up is notifying you of the change.  

 

Resolution: Run antivirus and malware scans on your computer, avoid using the website that is causing this problem (sometimes it is a program that accesses the network and not a website, keep that in mind) until the problem is resolved, and lastly...contact the administrator for the problem site or program and let them know of the problem. It is best to do it in that order.


-- Windows 7 Ultimate on custom built system, Windows 10 on under powered laptop. Sophos UTM 9, Ubuntu Server and Windows Server 2008 R2. HyperV Virtualization --

 

"The hottest places in hell are reserved for those who in a period of moral crisis maintain their neutrality," John F. Kennedy


#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 16 June 2017 - 12:19 AM

Looks like a certificate and/or an SSL issue on the website your visiting...

 

Use the Qualsys SSL Server Test site to enter the URL and scan it for security issues.

 

https://www.ssllabs.com/ssltest/index.html


Edited by jwoods301, 16 June 2017 - 12:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users