AVG Warns Randomly Warns of Exploit Blackhole Exploit kit
Starting a couple of weeks ago, and coincident with no update or addon change in Firefox, AVG started giving intermittent, identical threat detection alerts.
All alerts say the same thing: file: www.laseroffers.com/feed/ infection: Exploit Blackhole Exploit Kit (type 2170)
If I have firefox open, I get one of these every 15 minutes or so.
I have scanned for viruses and malware, cleared cache, restarted, disabled all add-ons and reinstalled firefox. Interestingly, after I reinstalled, there was a short break, perhaps an hour, before the warnings started coming again. The warnings happen when I'm visiting sites I know are clean. Yahoo, Amazon, simple html sites, etc.
Would really like to find a way to resolve this issue. I want my Firefox back!
Chosen solution
That is an RSS live feed item.
Did you check the bookmarks to see if you do not have a bookmark with the URL?
Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
You can also do a check for a rootkit infection with TDSSKiller.
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
All Replies (7)
Chosen Solution
That is an RSS live feed item.
Did you check the bookmarks to see if you do not have a bookmark with the URL?
Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
You can also do a check for a rootkit infection with TDSSKiller.
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Did you happen to do a update for AVG recently? as often times these are false positives and corrected in a new definition update.
Modified
I never subscribe to feeds, so I was shocked to look in my bookmarks and see an entire section of "Aesthetic Laser" bookmarks. Thanks for that tip. As to how they got there, I'm with you that I need to scan. I've already used malwarebytes and spybot s&d with nothing found, but will try some of the others you suggested as well.
Thanks very much!
Thanks James, I have. As it turned out, I somehow downloaded a set up bookmarks, including the feed that AVG was warning about. I've deleted these and the problem seems to be resolved.
I got a threat warning today for the rss feed of a blog of a friend of mine. I was not searching for anything--I had just opened the lid of my Macbook Pro. I deleted the rss feed for her blog and will try reloading it. What is strange to me is that I am using an Apple computer with its operating system, not windows. My computer is partitioned with boot camp so that I can use Windows but I don't have any rss feeds there. I can either be using apple or windows but not at the same time. I am very concerned that this Black Hole thing has gotten into my macbook. I haven't taken the computer anywhere for weeks and I am too far away from anyone for our network to be used and it has a password anyway. Any thoughts?
In my case at least, the warning turned out to be completely harmless. It did alert me to the fact I had an rss feed in my browser that I didn't know about.
I realize the answer is a couple months late but I came upon this when I was researching something related to black hole malware. For LaineA2... it's good to be concerned that your laptop may have been infected and there is an easy and free way to be sure you are clean. Check out this free tool that will scan your PC or Mac and alert you if you've been compromised.
Free PC Scan for blackhole exploit kit.
Because you received the threat warning you were probably protected. Many malware victims don't have proper security protection on their computer and don't even know they've been infected until damage is done. If you are a website owner and have been infected this site offers free information to help remove Blackhole Exploit Kit.