Analysis: This adware DLL file seemed to infected to the system at the same
time as the other Vundo DLL file:
10/31/2006 09:59 PM 60,436 gidijvia.dll
Was this a coincident? I don't think so. I am guessing that the Trojan Vundo was able
to visit its source Website, download new adware, and install it on the infected Windows system.
Google Search Result: When I searched for "VSAdd-in.dll" with Google, I got the following interesting items
out of 352 matches:
1. From fileinfo.prevx.com/fileinfo.asp?PXC=f77250043136, it was an information page about VSAdd-in.dll:
DEFINITION OF: VSADD-IN.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Adware VSToolbar
* Malware Form: EXPLOIT
* Protection: Prevx1 is a very powerful PC security product,
it will protect, disinfect, cleanup and remove VSADD-IN.DLL
and safeguard your PC against viruses, trojans, worms, spyware,
rootkits and adware
* New Users: You can download the full Prevx1 product and use it
to cleanup and remove VSADD-IN.DLL and other infections free of
charge, then leave it to monitor your PC for other infections
* First seen: Oct 26 2006 (GMT)
* Last seen: Oct 26 2006 (GMT)
* File Size: 126,976 bytes
2. From www.castlecops.com/t170608-VSAdd_in_dll.html, it was a forum post dated on Oct 31, 2006.
The post reported that VSAdd-in toolbar links to hxxp://xxx.searchcolours.com, and
searching for antispyware products spawns numerous rogue antispyware applications.
3. From www.techspot.com/vb/topic62105.html, it was a forum post dated on Nov 2, 2006,
reporting a case of infection with 3 related entries in HijackThis report:
4. From forums.techguy.org/security/514824-i-am-direneed-help-vsadd.html,
it was a forum post dated on Nov 2, 2006, reporting a case of infection
with 3 related entries in HijackThis report:
