You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Shylock1966
Shylock1966 Author
User level: Level 2
405 points

Trojan.Blackhole-488

Can anybody help with this virus problem. I use the free Clamxav virus checker now and again just to check if everything is ok with my mac. I run a website and google Chrome is showing a warning message saying my website could have been hacked. I have submitted a message to my web host company, and in the meantime done a scan of my hard drive. Clamxav is showing the machine infected with the Trogan.Blackhole-488, it looks like its come from the firefox cache folder. I cannot find anything about this trogan so i dont know if its a hoax, machine is running fine. Can somebody please advise..

Imac 24inch 3.0ghz 4Gbram 500Gb HD iPhone 3g, Mac OS X (10.7.2), Nvidia 8800Gs

Posted on Jun 21, 2012 3:21 PM

Reply
Question marked as Top-ranking reply
User profile for user: Carolyn Samit
Carolyn Samit
User level: Level 10
165,673 points

Posted on Jun 21, 2012 3:52 PM

Mac OS X (10.7.2)


I couldn't locate any information for that malware but keeping your Mac OS X software update to date is the best way to prevent security problems.


If you are running v10.7.2, click your Apple menu icon top left corner of your screen. From the drop down menu click Software Update...


That will bring your Mac OS X up to v10.7.4.


You could try the ClamXav support forums here for help with: Trogan.Blackhole-488

View in context
9 replies
Question marked as Top-ranking reply
User profile for user: Carolyn Samit
Carolyn Samit
User level: Level 10
165,673 points

Jun 21, 2012 3:52 PM in response to Shylock1966

Mac OS X (10.7.2)


I couldn't locate any information for that malware but keeping your Mac OS X software update to date is the best way to prevent security problems.


If you are running v10.7.2, click your Apple menu icon top left corner of your screen. From the drop down menu click Software Update...


That will bring your Mac OS X up to v10.7.4.


You could try the ClamXav support forums here for help with: Trogan.Blackhole-488

Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,854 points

Jun 21, 2012 5:11 PM in response to Shylock1966

You may have any number of trojans in your Firefox cache. They aren't anything to worry about. You also may have an infected website that is something to worry about. However, they are not related. If your website was hacked it was probably just some WordPress or PHP exploit. Check all of your HTML and Javascript files for obfuscated Javascript code. Remove the code and change all your passwords.

Reply
User profile for user: Shylock1966
Shylock1966 Author
User level: Level 2
405 points

Jun 21, 2012 11:06 PM in response to etresoft

Yes the site has a lot of wordpress content, i have had trouble with this before. Checking the site for the code may be a right pain am i correct in saying that the website stored on my machine in the form of my Rapidweaver files are ok. Can i delete the website and upload again ? i will of course check the code this end and change all passwords. Many thanks for the help Etresoft

Reply
User profile for user: Shylock1966
Shylock1966 Author
User level: Level 2
405 points

Jun 24, 2012 1:19 AM in response to thomas_r.

Thany you Thomas for the helpfull advice, i have looked into the problem now with more detail. My host company have been in touch and asked me to goto http://www.google.com/safebrowsing/diagnostic?site=uk-cheapest.co.uk and put my domain at the end of the URL, this i done and it checked out ok with no problems (please see screenshot).. However when i go to my site using Google Chrome it comes up sometimes with the warning message its infected. I have checked the site looking at every page for Java script files that have been uplaoded, again nothing. All passwords changed and a few updates to Wordpress as you recomended, so i am totally baffled why chrome sometimes reports this problem ?

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,001 points

Jun 24, 2012 4:43 AM in response to Shylock1966

It's important to understand that that "diagnostic testing" site is nothing more than Google telling you what it has found on your site when its bots examined it, and note that that has not happened within the last 90 days. So that's not performing a live test, and the results are fairly outdated.


You really ought to go through all the steps on that link I sent you!

Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,854 points

Jun 24, 2012 7:14 AM in response to Shylock1966

Shylock1966 wrote:


I have checked the site looking at every page for Java script files that have been uplaoded, again nothing.

That is not adequate. There will be no new files on your site. You have to check every file Javascript you didn't add. It will be obfuscated so you have to look closely. Don't restrict yourself to WordPress. That is just the entry point. Once WordPress is hacked, they have full access to your site.

Reply

Trojan.Blackhole-488

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up