Adware-DoubleD

Updated: September 20, 2011 Adware 9 Comments

Potentially unwanted program that goes by the name of Adware-DoubleD will spread from various locations that are reachable with Internet connection. By monitoring user’s web browsing habit, Adware-DoubleD will display different kinds of advertisements in the form of pop-up window. The adware will also redirect your Internet browser to other malicious web pages and intercept your online search result.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista

How to Remove Adware-DoubleD:

FIRST AID TO STOP Adware-DoubleD:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with Adware-DoubleD, please restore Windows to previous configuration.

How to remove Adware-DoubleD:

1. Click here to download removal tool. Save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. If it prompts to update the database after installation, please proceed.

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your Windows.

ADDITIONAL TOOLS AND PROGRAMS:

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Adware:
- Adware-DoubleD employs browser redirection to promote online products.
- This malware will install toolbar on Internet Explorer and Firefox browsers.
- It will install various emoticons for your Instant messaging program.

Malicious Files Added by Adware-DoubleD:
%UserProfile%\Favorites\home.desktopsmiley.com.url
%UserProfile%\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\bin\stbup.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\BED3DEFB\3E688669\stbasst.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
C:\Documents and Settings\All Users\Application Data\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\Setup.exe
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbappHelper.exe
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbasst.exe
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbdl.exe
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbsvc.exe
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbYahoo8.dll
%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbYahoo9.dll

File Location for Windows Versions:

%UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.

Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”SmileyApp” = “%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\4.2.0.11210\stbapp.exe”

Alternative Removal Method for Adware-DoubleD

Option 1 : Use Windows System Restore to return Windows to previous state

If Adware-DoubleD enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Adware-DoubleD infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

9 Comments

Greg Hill
Jul 27, 2009 @ 23:34:35

The link above directs the user to PC Tools.com.
This program did not even catch the infection, although it was there. I ran “Malwarebytes”, also a free download, and it found 551 files infected. Furthere it quarantined them and finally removed them.

Just a thought for your readers, as this can be an extremely annoying infection to say the least. I tried several spyware detection and removal tools before I found one that worked.
Incidentally, I suspect that this malicious file was placed by a Trojan virus which I detected and removed about 2 weeks ago. Got it from a gaming site referred by Facebook, so “heads up!”
Gary
Aug 03, 2009 @ 07:55:26

Spybot got rid of all these problems after trying nearly all pop up blockers and its free. Top marks spybot.
Jan
Aug 06, 2009 @ 22:09:01

Spybot has got rid of DoubleD twice for me now!
Sleepypete
Aug 24, 2009 @ 09:28:36

Yep – also got this one from a Facebook link to a games site (I know I know ! have already slapped self :-)

Kaspersky 2009 did NOT detect it on a full machine scan or prevent it getting in, many thanks to MalwareBytes’ excellent software for hopefully doing the business.
mike
Sep 06, 2009 @ 15:28:21

MalwareBytes found a few hundred “adware doubled” infections but when i tried to quarantine them it hung after a few files. I tried several times but it did the same and my only option was to power off the PC.

I haven’t purchased the software, but would you if that is what happened?
precisesecurity
Sep 07, 2009 @ 02:01:56

Mike, actually there are big differences between trial and full version and one of that is the auto-protect. With regards in removing malware, trial can do it. Have you tried to scan in Safe Mode?

If you decided to get MalwareBytes’ Full Version for your protection and prevent being infected again. You may get it here.
https://store.malwarebytes.org/342/?affiliate=5776&cart=29945&scope=checkout
rachel
Jan 19, 2010 @ 22:39:50

Hey, i have the DoubleD virus and it’s so annoying. But, i dont wanna stop using facebook. most of my friends have one. I need help and i dont feel like downloading another virus remover. i already have mcafee and malwarebytes. Please help me
Keith
Feb 04, 2010 @ 19:24:04

Spybot appears to fully remove DoubleD.* Note Symantec , Kaspersky & Sophos (all fully updated) failed to detect this. 10/10 Spybot.
Ferfer72
Mar 05, 2011 @ 03:00:02

Malwarebytes wants me to give them a credit card number to download their free trial. I don’t think so.

Spybot can see it, but can’t get rid of it. It tells me to restart in safe mode, but then it can’t see it.

What do I do?