Windows Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.20

Adware - VSAdd-in.dll and Removal

Part:   1  2 

Windows Tutorials - Herong's Notes © 2006 Dr. Herong Yang

Adware - VSAdd-in.dll and Removal

Trojan and Adware - Vundo

Controlling IE Addons

Removing Spyware

Web Log Analysis

Paint - Graphics Tool

WinRAR - RAR Compression Tool

FTP Server and Client

Crossover Cable Network

... Table of Contents

This chapter describes:

  • What Is VSAdd-in.dll?
  • Removing VSAdd-in.dll

What Is VSAdd-in.dll?

After removing Trojan Vundo, I saw two more suspicious entries in the HiJackThis report: 

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

File System Checking: Using File Explorer, I was able to locate this suspicious DLL file: 

Directory: \Program Files\VSAdd-in

File:
10/31/2006  09:59 PM            68,864 VSAdd-in.dll

Analysis: This adware DLL file seemed to infected to the system at the same time as the other Vundo DLL file: 

10/31/2006  09:59 PM            60,436 gidijvia.dll

Was this a coincident? I don't think so. I am guessing that the Trojan Vundo was able to visit its source Website, download new adware, and install it on the infected Windows system.

Google Search Result: When I searched for "VSAdd-in.dll" with Google, I got the following interesting items out of 352 matches:

1. From fileinfo.prevx.com/fileinfo.asp?PXC=f77250043136, it was an information page about VSAdd-in.dll: 

DEFINITION OF: VSADD-IN.DLL
* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Adware VSToolbar
* Malware Form: EXPLOIT
* Protection: Prevx1 is a very powerful PC security product, 
  it will protect, disinfect, cleanup and remove VSADD-IN.DLL 
  and safeguard your PC against viruses, trojans, worms, spyware, 
  rootkits and adware
* New Users: You can download the full Prevx1 product and use it 
  to cleanup and remove VSADD-IN.DLL and other infections free of 
  charge, then leave it to monitor your PC for other infections
* First seen: Oct 26 2006 (GMT)
* Last seen: Oct 26 2006 (GMT)
* File Size: 126,976 bytes

2. From www.castlecops.com/t170608-VSAdd_in_dll.html, it was a forum post dated on Oct 31, 2006. The post reported that VSAdd-in toolbar links to hxxp://xxx.searchcolours.com, and searching for antispyware products spawns numerous rogue antispyware applications.

(Continued on next part...)

Part:   1  2 

This site Web Google

Dr. Herong Yang, updated in 2006
Windows Tutorials - Herong's Tutorial Notes - Adware - VSAdd-in.dll and Removal