Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
What Is VSToolbar (VSAdd-in.dll)?
This section provides a quick description of what is VSToolbar (VSAdd-in.dll).
After removing Trojan Vundo, I saw two more suspicious entries in the HijackThis report:
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
File System Checking: Using File Explorer, I was able to locate this suspicious DLL file:
Directory: \Program Files\VSAdd-in File: 10/31/2006 09:59 PM 68,864 VSAdd-in.dll
Analysis: This adware DLL file seemed to infected to the system at the same time as the other Vundo DLL file:
10/31/2006 09:59 PM 60,436 gidijvia.dll
Was this a coincident? I don't think so. I am guessing that the Trojan Vundo was able to visit its source Website, download new adware, and install it on the infected Windows system.
Google Search Result: When I searched for "VSAdd-in.dll" with Google, I got the following interesting items out of 352 matches:
1. From fileinfo.prevx.com/fileinfo.asp?PXC=f77250043136, it was an information page about VSAdd-in.dll:
DEFINITION OF: VSADD-IN.DLL * Safety Rating: Known Malware, do not run * Malware Family: Part of Malware group - Adware VSToolbar * Malware Form: EXPLOIT * Protection: Prevx1 is a very powerful PC security product, it will protect, disinfect, cleanup and remove VSADD-IN.DLL and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware * New Users: You can download the full Prevx1 product and use it to cleanup and remove VSADD-IN.DLL and other infections free of charge, then leave it to monitor your PC for other infections * First seen: Oct 26 2006 (GMT) * Last seen: Oct 26 2006 (GMT) * File Size: 126,976 bytes
2. From www.castlecops.com/t170608-VSAdd_in_dll.html, it was a forum post dated on Oct 31, 2006. The post reported that VSAdd-in toolbar links to hxxp://xxx.searchcolours.com, and searching for antispyware products spawns numerous rogue antispyware applications.
3. From www.techspot.com/vb/topic62105.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HijackThis report:
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\rvxjdqom.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
4. From forums.techguy.org/security/514824-i-am-direneed-help-vsadd.html, it was a forum post dated on Nov 2, 2006, reporting a case of infection with 3 related entries in HijackThis report:
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\gfbfpnyc.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
It was interesting to see that Norton Internet Security was also installed on the infected system, offering no protection at all:
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298...} - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19...} - C:\Program Files\Common Files\Symantec ...\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF0...} - C:\Program Files\Norton Internet ...\Norton AntiVirus\NavShExt.dll
Conclusion: VSAdd-in.dll is a very new adware. It is possible that VSAdd-in.dll infects Windows systems through existing Trojan Vundo infections.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
►VSToolbar (VSAdd-in.dll) - Description and Removal
►What Is VSToolbar (VSAdd-in.dll)?
Removing VSToolbar (VSAdd-in.dll)
PWS (Password Stealer) Trojan Infection Removal