F-Secure
Tools
Adware:W32/Popmenu
Summary
This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.
Additional Details
Adware:W32/Popmenu is a Browser Helper Object (BHO) that installs a toolbar on the Internet Explorer (IE) web browser and displays out of context advertisements unrelated to the user's search.
Installation
When Popmenu's executable file is first run, it opens a new window showing the installation progress of 'Desktop Smiley toolbar'. No End User License Agreement is shown and no input from the user is needed during installation.
During installation, the program attempts to download files from these websites:
The installation is aborted if the download is not successful.
The adware is installed in the following folder:
Where the [version] is obtained from the website. The adware also installs the following files:
The following registry key is modified to enable the adware to run at system start up:
While the following registry key is modified to install a toolbar in IE:
Installation
When Popmenu's executable file is first run, it opens a new window showing the installation progress of 'Desktop Smiley toolbar'. No End User License Agreement is shown and no input from the user is needed during installation.
During installation, the program attempts to download files from these websites:
• http://www.desktopsmiley.com/[...].do?p.pixelType=16&admin=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) http://www.desktopsmiley.com/toolbar/desktopsmiley/[...]/CurrentVersion.xml
User-Agent: HTTP Wininet
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
User-Agent: HTTP Wininet
The installation is aborted if the download is not successful.
The adware is installed in the following folder:
• C:/Program Files/DoubleD/Desktop Smiley Toolbar/[version]
Where the [version] is obtained from the website. The adware also installs the following files:
• stb0.dll
stbAol.dll
stbapp.dll
stbapp.exe
stbappHelper.exe
stbasst.exe
stbdl.exe
stbIE.dll
stbMsn.dll
stbOL.dll
stbOLEX.dll
stbsvc.exe
stbYahoo8.dll
stbYahoo9.dll
The following registry key is modified to enable the adware to run at system start up:
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Data="C:/Program Files/DoubleD/Desktop Smiley Toolbar/[version] folder/stbapp.exe"
Data="C:/Program Files/DoubleD/Desktop Smiley Toolbar/[version] folder/stbapp.exe"
While the following registry key is modified to install a toolbar in IE:
• HKLM\Software\Microsoft\Internet Explorer\Toolbar
Data="C:/Program Files/DoubleD/Desktop Smiley Toolbar/[version] folder/stb0.dll"
Data="C:/Program Files/DoubleD/Desktop Smiley Toolbar/[version] folder/stb0.dll"