The risk also creates the following registry entry, so that it runs every time Windows starts: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SmileyApp" = "%ProgramFiles%\DoubleD\Desktop Smiley Toolbar\18.104.22.16810\stbapp.exe"
The risk then installs toolbars in Internet Explorer and Firefox.
It also modifies the browser's home page to intercept user searches.
The risk installs emoticons that are available through AOL Instant Messenger, Yahoo Messenger, and Microsoft instant messaging clients, such as Windows Live Messenger, MSN Messenger, and Windows Messenger.
The risk also displays advertisements not relevant to user search keywords on the computer.