Adware - VSAdd-in.dll and Removal

Part:   1  2 

(Continued from previous part...)

3. From www.techspot.com/vb/topic62105.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HiJackThis report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} 
   - C:\WINDOWS\system32\rvxjdqom.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

4. From forums.techguy.org/security/514824-i-am-direneed-help-vsadd.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HiJackThis report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} 
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} 
   - C:\WINDOWS\system32\gfbfpnyc.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

It was interesting to see that Norton Internet Security was also installed on the infected system, offering no protection at all:

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298...}
 - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} 
 - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19...}
 - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF0...}
 - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll

Conclusion: VSAdd-in.dll is a very new adware. It is possible that VSAdd-in.dll infects Windows systems through existing Trojan Vundo infections.

Removing VSAdd-in.dll

Action: I used HiJackThis to try to remove the infected VSAdd-in.dll.

1. Ran HiJackThis and did a system scan.

2. Found and checked the following items in the scan report:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452}
   - C:\Program Files\VSAdd-in\VSAdd-in.dll

3. Clicked "Fix checked".

4. Scanned again. No more VSAdd-in.dll in the report!

Conclusion: Removing VSAdd-in.dll was easy with HiJackThis.

Part:   1  2 

This site Web