What Is VSToolbar (VSAdd-in.dll)

This section provides a quick description of what is VSToolbar (VSAdd-in.dll).

After removing Trojan Vundo, I saw two more suspicious entries in the HijackThis report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

File System Checking: Using File Explorer, I was able to locate this suspicious DLL file:

Directory: \Program Files\VSAdd-in

File:
10/31/2006  09:59 PM            68,864 VSAdd-in.dll

Analysis: This adware DLL file seemed to infected to the system at the same time as the other Vundo DLL file:

10/31/2006  09:59 PM            60,436 gidijvia.dll

Was this a coincident? I don't think so. I am guessing that the Trojan Vundo was able to visit its source Website, download new adware, and install it on the infected Windows system.

Google Search Result: When I searched for "VSAdd-in.dll" with Google, I got the following interesting items out of 352 matches:

1. From fileinfo.prevx.com/fileinfo.asp?PXC=f77250043136, it was an information page about VSAdd-in.dll:

DEFINITION OF: VSADD-IN.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Adware VSToolbar
* Malware Form: EXPLOIT
* Protection: Prevx1 is a very powerful PC security product, 
  it will protect, disinfect, cleanup and remove VSADD-IN.DLL 
  and safeguard your PC against viruses, trojans, worms, spyware, 
  rootkits and adware
* New Users: You can download the full Prevx1 product and use it 
  to cleanup and remove VSADD-IN.DLL and other infections free of 
  charge, then leave it to monitor your PC for other infections
* First seen: Oct 26 2006 (GMT)
* Last seen: Oct 26 2006 (GMT)
* File Size: 126,976 bytes

2. From www.castlecops.com/t170608-VSAdd_in_dll.html, it was a forum post dated on Oct 31, 2006. The post reported that VSAdd-in toolbar links to hxxp://xxx.searchcolours.com, and searching for antispyware products spawns numerous rogue antispyware applications.

3. From www.techspot.com/vb/topic62105.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HijackThis report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} 
   - C:\WINDOWS\system32\rvxjdqom.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

4. From forums.techguy.org/security/514824-i-am-direneed-help-vsadd.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HijackThis report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} 
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} 
   - C:\WINDOWS\system32\gfbfpnyc.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

It was interesting to see that Norton Internet Security was also installed on the infected system, offering no protection at all:

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298...}
 - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} 
 - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19...}
 - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF0...}
 - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll

Conclusion: VSAdd-in.dll is a very new adware. It is possible that VSAdd-in.dll infects Windows systems through existing Trojan Vundo infections.

Table of Contents

 About This Book

 Introduction to Microsoft Windows

 Introduction to Windows Explorer

 Introduction to Internet Explorer

 "Paint" Program and Computer Graphics

 GIMP - GNU Image Manipulation Program

 JPEG Image File Format Quality and Size

 GIF Image File Format and Transparent Background

 "WinZip" - ZIP File Compression Tool

 "WinRAR" - RAR and ZIP File Compression Tool

 FTP Server, Client and Commands

 "FileZilla" - Free FTP Client and Server

 Web Server Log Files and Analysis Tool - "Analog"

 Spyware Adware Detection and Removal

 IE Addon Program Listing and Removal

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

VSToolbar (VSAdd-in.dll) - Description and Removal

What Is VSToolbar (VSAdd-in.dll)

 Removing VSToolbar (VSAdd-in.dll)

 Spybot - Spyware Blocker, Detection and Removal

 Setting Up and Using Crossover Cable Network

 Home Network Gateway - DSL Modem/Wireless Router

 Windows Task Manager - The System Performance Tool

 "tasklist" Command Line Tool to List Process Information

 "msconfig" - System Configuration Tool

 Configuring and Managing System Services

 Windows Registry Key and Value Management Tools

 Startup Programs Removal for Better System Performance

 Winsock - Windows Sockets API

 Java on Windows

 Glossary of Terms

 Outdated Tutorials

 References

 Full Version in PDF/ePUB