This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

AVG Warns Randomly Warns of Exploit Blackhole Exploit kit

more options

Starting a couple of weeks ago, and coincident with no update or addon change in Firefox, AVG started giving intermittent, identical threat detection alerts.

All alerts say the same thing: file: www.laseroffers.com/feed/ infection: Exploit Blackhole Exploit Kit (type 2170)

If I have firefox open, I get one of these every 15 minutes or so.

I have scanned for viruses and malware, cleared cache, restarted, disabled all add-ons and reinstalled firefox. Interestingly, after I reinstalled, there was a short break, perhaps an hour, before the warnings started coming again. The warnings happen when I'm visiting sites I know are clean. Yahoo, Amazon, simple html sites, etc.

Would really like to find a way to resolve this issue. I want my Firefox back!

Starting a couple of weeks ago, and coincident with no update or addon change in Firefox, AVG started giving intermittent, identical threat detection alerts. All alerts say the same thing: file: www.laseroffers.com/feed/ infection: Exploit Blackhole Exploit Kit (type 2170) If I have firefox open, I get one of these every 15 minutes or so. I have scanned for viruses and malware, cleared cache, restarted, disabled all add-ons and reinstalled firefox. Interestingly, after I reinstalled, there was a short break, perhaps an hour, before the warnings started coming again. The warnings happen when I'm visiting sites I know are clean. Yahoo, Amazon, simple html sites, etc. Would really like to find a way to resolve this issue. I want my Firefox back!

Chosen solution

That is an RSS live feed item.

Did you check the bookmarks to see if you do not have a bookmark with the URL?


Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

Read this answer in context 👍 2

All Replies (7)

more options

Chosen Solution

That is an RSS live feed item.

Did you check the bookmarks to see if you do not have a bookmark with the URL?


Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

more options

Did you happen to do a update for AVG recently? as often times these are false positives and corrected in a new definition update.

Modified by James

more options

I never subscribe to feeds, so I was shocked to look in my bookmarks and see an entire section of "Aesthetic Laser" bookmarks. Thanks for that tip. As to how they got there, I'm with you that I need to scan. I've already used malwarebytes and spybot s&d with nothing found, but will try some of the others you suggested as well.

Thanks very much!

more options

Thanks James, I have. As it turned out, I somehow downloaded a set up bookmarks, including the feed that AVG was warning about. I've deleted these and the problem seems to be resolved.

more options

I got a threat warning today for the rss feed of a blog of a friend of mine. I was not searching for anything--I had just opened the lid of my Macbook Pro. I deleted the rss feed for her blog and will try reloading it. What is strange to me is that I am using an Apple computer with its operating system, not windows. My computer is partitioned with boot camp so that I can use Windows but I don't have any rss feeds there. I can either be using apple or windows but not at the same time. I am very concerned that this Black Hole thing has gotten into my macbook. I haven't taken the computer anywhere for weeks and I am too far away from anyone for our network to be used and it has a password anyway. Any thoughts?

more options

In my case at least, the warning turned out to be completely harmless. It did alert me to the fact I had an rss feed in my browser that I didn't know about.

more options

I realize the answer is a couple months late but I came upon this when I was researching something related to black hole malware. For LaineA2... it's good to be concerned that your laptop may have been infected and there is an easy and free way to be sure you are clean. Check out this free tool that will scan your PC or Mac and alert you if you've been compromised.

Free PC Scan for blackhole exploit kit.

Because you received the threat warning you were probably protected. Many malware victims don't have proper security protection on their computer and don't even know they've been infected until damage is done. If you are a website owner and have been infected this site offers free information to help remove Blackhole Exploit Kit.