Has VH.com been Hacked?

[Noahtuck]

I must have missed all the fun

I was on here last night and then first thing this morning and I never got any warning or saw anything unusual.....

FF 12.0 with Avast.

I always miss all the fun

[lordsmurf]

These security gimmicks don't always work as advertised. I'm reminded of the time a while back when my retail AVG Antivirus suddenly decided to stop VirtualDub from running, and asking if I wanted to delete this "Trojan downloader". Instead, I deleted AVG. Just another of those glitches, folks.

At least AVG asked you. I removed AVG because it deleted Goldwave without even asking.
No warning, no notes, nothing.

Currently using MalwareBytes Pro. When it removes software, you get an immediate quarantine warning, and the file is simply moved not deleted. That's how protective software should work.

The Firefox/Chrome Google warnings are great.

[Seeker47]

I must have missed all the fun

I was on here last night and then first thing this morning and I never got any warning or saw anything unusual.....

FF 12.0 with Avast.

Entirely ditto here. Coincidentally, just ran an Avast scan, which was negative. (Tho' it was not a complete and very slow boot-time scan . . . . Should it have been ?)

Currently using MalwareBytes Pro.

ISTR some mention of this program itself being fishy ? Nothing to that ?

[sanlyn]

Sanlyn,
Did you read the posts in this thread(especially by Baldrick)?

Yes. Did you read mine? Note the phrase "don't always".

This was a virus not a glitch, MSE caught the virus on my PC.

An Exploit isn't a virus. Good work from Baldrick -- as usual -- but I don't believe the malware was specified. Your particular Blackhole exploit could have come from anywhere. MSE is suspicious anyway; it embarrassed itself recently, claiming that Google's main search page was a "virus". Problem with MSE isn't merely frequent false positives -- I worked on a PC where MSE tried to claim atapi.sys as a "virus", and rather than clean the file or even quarantine, it wanted to delete the thing. Doing so would have crippled the PC. Last time I saw MSE at work it claimed something or other as a backdoor trojan, but didn't identify the working files or any registry entries, so I shut MSE down and scanned with ESET's online scanner. Two hours later the latter cleaned a handfull of backdoor trojans and all the adware they loaded -- MSE never saw any of it. I had to run command-line utilities to replace and/or rebuild several system functions.

I see someone here claiming the virtues of a free AV job, I think Avast Free. The last time I saw Avast on a PC was about 18 months ago. I ran MBAM on that machine and came up with the still-current record count during my 8 years of PC repair: 2,441 infections in files, folders, and registry entries -- not counting the crippled Winsock layer, two desktop hijackers, and a TDSS rootkit nasty that Combofix cleaned up. After 5 hours of scanning and scouring, I convinced the owner to stay clear of "free" antivirus. That includes MSE, Defender (aka "Offender"), Avast, AVG, and whatnot.

In other words, "These security gimmicks don't always work as advertised."

[MOVIEGEEK]

After 5 hours of scanning and scouring, I convinced the owner to stay clear of "free" antivirus. That includes MSE, Defender (aka "Offender"), Avast, AVG, and whatnot.

In other words, "These security gimmicks don't always work as advertised."

You are entitled to your opinion but MSE and Avast are very good products that have high detection rates, I agree that Windows Defender and AVG are worthless. JS/Blacole is technically an exploit to allow other malware to infect a PC but I did catch it from this website and MSE quarantined it. It's always a good idea to have several anti-malware programs in your arsenal.

[jimdagys]

When will this problem of "reported attack page" be solved? It looks kind of unprofessional to see this warning related to this website.

[Hoser Rob]

After 5 hours of scanning and scouring, I convinced the owner to stay clear of "free" antivirus. That includes MSE, Defender (aka "Offender"), Avast, AVG, and whatnot.

In other words, "These security gimmicks don't always work as advertised."

You are entitled to your opinion but MSE and Avast are very good products that have high detection rates, I agree that Windows Defender and AVG are worthless. JS/Blacole is technically an exploit to allow other malware to infect a PC but I did catch it from this website and MSE quarantined it. It's always a good idea to have several anti-malware programs in your arsenal.

MSE is actually what the user tech support people at the local university (all the students are required to have their own laptop), for the following reasons:

- none of those antivirus programs really work anyway. When some magazine review says prog x blocks 93% and prog y blocks 95%, what they're actually saying is that they both will let some malware in.

- it's the only one that's never caused problems on their networks. You don't get those annoying false positives.

You should definitely use multiple on demand malware scanners.

They're a secret weapon for techs. If you take a machine with a virus to a shop, and it'll run at all, they'll install 4 or 5 of them on it. One will generally find it. If nothing does they'll yank the HDd and sandbox it into another machine, and then do the hard stuff.

About those "get me out of here" buttons on those screens ... I've never trusted them. Why the hell not just hit the back button on your browser?

[usually_quiet]

When will this problem of "reported attack page" be solved? It looks kind of unprofessional to see this warning related to this website.

It was solved yesterday. If you are still seeing them using a Chinese search engine, the problem lies with the search engine.

I saw the warnings from Google late Sunday evening when I tried to access VideoHelp, but were gone by the time I visited yesterday. The warnings from Google search are long gone too.

[Seeker47]

I see someone here claiming the virtues of a free AV job, I think Avast Free. The last time I saw Avast on a PC was about 18 months ago. I ran MBAM on that machine and came up with the still-current record count during my 8 years of PC repair: 2,441 infections in files, folders, and registry entries -- not counting the crippled Winsock layer, two desktop hijackers, and a TDSS rootkit nasty that Combofix cleaned up. After 5 hours of scanning and scouring, I convinced the owner to stay clear of "free" antivirus. That includes MSE, Defender (aka "Offender"), Avast, AVG, and whatnot.

In other words, "These security gimmicks don't always work as advertised."

I'm not enough of an Avast booster to go a few rounds on its behalf, but this assertion strikes me as rampant paranoia. And I have no idea where that machine that came into your shop may have been . . . but I'm well-traveled around the internet, including to some dubious side streets where it is not all that advisable to venture. If what you say held true, my systems should be more shot full of holes than most of the cast at the end of "The Wild Bunch." And yet, I keep right on rolling along as usual, with no signs at all of ill effect. And there just have to be some tell-tale signs. So I'm inclined to believe the program's reports that no serious threat has taken hold. I'd be willing to counter-check that with some other credible program(s) -- Eset, or whatever.

At the same time, Avast Free is picking up some things that are not really threats, such as flagging the sniffer in Coojah.

[usually_quiet]

I agree with Hoser Rob. No antivirus or anti-malware software is perfect. They are only as good as their database and analysis. New malware can get past them. When evaluated by someone who really knows how to do comprehensive testing, all the security software tested will generally miss a few real threats and some will report false positives.

MSE has not fared as well in recent tests as it did when it was initially released, but is still not bad. I stopped using AVG because it took too many system resources. Avast was not getting along with my ATI video card drivers and caused some BSODs, so I switched to MSE.

[wulf109]

Not solved. I'm still getting the google warning as of this moment.

[johns0]

Clear your browser cache.

[Baldrick]

http://www.google.com/safebrowsing/diagnostic?site=http://www.videohelp.com

[wulf109]

My cache was cleared and I'm still getting the google attack warning.

[HemLok]

ESET Smart Security 5.x worked when this situation was occurring. I received notification that java.ns02.us was blocked.

There is no AV solution at present that is 100%. The closest to 100% you'll get is when your system is completely disconnected from the internet or a network, you never install new software, and never use any form of removable media. Of course, you'll have to be sure what already is on the system is clean, as well.

MSE is not perfect. I'm not going to say it's garbage, either. It is what it is and a friend uses it and likes it. I prefer ESET for a number of reasons. To say MSE never causes false positives is... well... not true. It most certainly has.

At the end of the day the Google warning was valid and a good thing. Baldrick was also able to quickly resolve the situation and that, too, is a good thing. Bashing Google in this situation is really beyond silly.

[MOVIEGEEK]

http://www.google.com/safebrowsing/diagnostic?site=http://www.videohelp.com

Interesting, now the question is why would somebody do this intentionally?
Is it possible for the malware to be uploaded via the attachment feature?

[aedipuss]

the malware that was on this site is a loader for a ton of other bad stuff. when uploaded on a vulnerable system it sends your computer to a fake site that downloads a bunch of nasties onto your computer.

What is the current listing status for www.videohelp.com?

This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 45 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 25754 pages we tested on the site over the past 90 days, 8 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-06-05, and the last time suspicious content was found on this site was on 2012-06-05.Malicious software includes 85 trojan(s), 49 exploit(s), 25 adware(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

if you notice there were 8 pages that could upload, install, and run virus/trojan software here without you doing a thing. all you had to do is visit one of the pages.

[Seeker47]

the malware that was on this site is a loader for a ton of other bad stuff. when uploaded on a vulnerable system it sends your computer to a fake site that downloads a bunch of nasties onto your computer.

What is the current listing status for www.videohelp.com?

This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 45 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 25754 pages we tested on the site over the past 90 days, 8 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-06-05, and the last time suspicious content was found on this site was on 2012-06-05.Malicious software includes 85 trojan(s), 49 exploit(s), 25 adware(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

if you notice there were 8 pages that could upload, install, and run virus/trojan software here without you doing a thing. all you had to do is visit one of the pages.

I'd be curious to learn the specific how & where of this. What were they, where (to which pages) did they attach, and how did they do whatever they did ?

While I suppose it would not have mattered in this case, since I give full permissions to VH as a trusted site, I find that the NoScript Add-On to FF bars the door to a gigantic percentage of would-be attacks . . . whatever AV program you happen to be using.

[sanlyn]

After 5 hours of scanning and scouring, I convinced the owner to stay clear of "free" antivirus. That includes MSE, Defender (aka "Offender"), Avast, AVG, and whatnot.

In other words, "These security gimmicks don't always work as advertised."

You are entitled to your opinion but MSE and Avast are very good products that have high detection rates, I agree that Windows Defender and AVG are worthless. JS/Blacole is technically an exploit to allow other malware to infect a PC but I did catch it from this website and MSE quarantined it. It's always a good idea to have several anti-malware programs in your arsenal.

There are always alternate views and products, I'll agree to that, and I'm with you on multiple means of protection. I'm just reporting what I see in the field. On the other hand, I see some of those users have either visited every porn site on the planet or downloaded every free game offer they can click on, or have set up their 5-year-old with an Administrator i.d. -- so, much depends on how you use your 'puter. I'm sticking with Kaspersky and ESET (now mostly Kaspersky these days) and HOST file policemen like mvps. After 3 years of those methods, the only bad guys I see are infrequent reports about the ones my software is stopping. I'm also with those who've accurately stated this wise maxim: even the best protection can be ambushed sooner or later.

[davexnet]

I'm using MSE, but it does have it's quirks. For example, I have a folder with nothing but shortcuts (about a 100 of them).
Opening this folder causes MSE to go berserk. It seems it has to check every .exe file pointed to by the shortcuts
before it will properly open the folder. Similarly opening add/remove programs (Control panel in XP) takes forever with
real time protection active. Even Windows search (or third party program Agent Ransack) is crippled when MSE is
active. Searching for a file with an exe extension is almost impossible.

At least I can add Agent Ransack to the list of processes to ignore - then it works fine.

[Baldrick]

Finally completely clean.

Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate

[davexnet]

Good work Baldrick.

[wulf109]

Not on my computer. It's still displaying google attack site warning.

[lordsmurf]

VideoHelp is clean.
VCDHelp is still showing the warnings.

[Seeker47]

I'd be curious to learn the specific how & where of this. What were they, where (to which pages) did they attach, and how did they do whatever they did ?

So -- the exact name of this, how & where they stashed it on VH, remains classified info ?

[Baldrick]

vcdhelp doesn't contain anything...it forwards everything to videohelp.com. Strange.

[Baldrick]

I'd be curious to learn the specific how & where of this. What were they, where (to which pages) did they attach, and how did they do whatever they did ?

So -- the exact name of this, how & where they stashed it on VH, remains classified info ?

Bad coding from me. I used a third party example code for another project on the server and forgot to check it. It allowed you to upload any files to the server and also run php. I have fixed that and also added some extra security checks to the web server.

[Baldrick]

VCDhelp.com fixed. Requested a review from google with the google webmaster tools.