Home / malware Adware:Win32/DoubleD
First posted on 28 August 2019.
Source: MicrosoftAliases :
There are no other names known for Adware:Win32/DoubleD.
Explanation :
Adware:Win32/DoubleD is an adware program that displays pop-up advertising, runs at each system start and is installed as an Internet Explorer toolbar. InstallationBy default, Adware:Win32/DoubleD is installed to the <%Program Files%>DoubleDDesktop Smiley Toolbar
folder, where may be similar to "4.2.7.25320". Adware:Win32/DoubleD installs the following files to this location: <%InstallPath%>stb0.dll
<%InstallPath%>stbAol.dll
<%InstallPath%>stbapp.dll
<%InstallPath%>stbapp.exe
<%InstallPath%>stbappHelper.exe
<%InstallPath%>stbasst.exe
<%InstallPath%>stbdl.exe
<%InstallPath%>stbIE.dll
<%InstallPath%>stbMsn.dll
<%InstallPath%>stbOL.dll
<%InstallPath%>stbOLEX.dll
<%InstallPath%>stbsvc.exe
<%InstallPath%>stbYahoo8.dll
<%InstallPath%>stbYahoo9.dll Adware:Win32/DoubleD modifies the following registry entries to ensure that it runs at each system start, and to install itself as an IE toolbar: Adds value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2}
to key: HKLMSOFTWAREClassesCLSID Adds vale: {5297E905-1DFB-4A9C-9871-A4F95FD58945}
to key: HKLMSOFTWAREClassesTypeLib Adds value: "SmileyApp"
with data: "<%InstallPath%>stbapp.exe"
to key: HKCUSoftwareMicrosoftWindowsCurrentVersionRun Adds value: "Desktop Smiley Toolbar"
with data: "<%InstallPath%>stb0.dll"
to key: HKLMSoftwareMicrosoftInternet ExplorerToolbar See below for an example of the toolbar added by Adware:Win32/DoubleD: Additional informationAdware:Win32/DoubleD displays pop-ups that link to advertisements without the affected users' consent. See below for an example of a pop up displayed by Adware:Win32/DoubleD: Analysis by Shawn WangLast update 28 August 2019
