OpenCandy

HUMalware Protection CenterU

Adware:Win32/OpenCandy

• HUSummaryU • HUTechnical informationU

This program was detected by definitions prior to 1.169.1369.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using HUcurrent guidelinesUH, the program does not have unwanted behaviors.D

iD

Em, let’s see...this is the same company that repeatedly releases software with unresolved bug issues, with fanboys that go on the attack whenever someone takes Microsoft to task over it...so, trustworthy? Not so much...Nevertheless, there are variations of OpenCandy, some of which appear, in fact, to be harmless, if a nuisance, and some a threat to your system...so, to be on the safe side, SEEK AND DESTROY OPENCANDY!

HOW TO DELETE...See below the list of OpenCandy “infected” (and mostly free) software From Wikipedia, the free encyclopedia

OpenCandy from HUSweetLabsUH, a company based in HUSan DiegoUH, is an HUadvertisingUH

HUsoftware

UH module consisting of a HUMicrosoft WindowsUH HUlibraryUH that can be incorporatedin a HUWindows Installer

UH. When a user installs an application that has the OpenCandy

library, there is an option to install additional software that it recommends (based on a scan of the user's system and geolocation).HU

[1]UHHU

[2]U

The software was originally developed for the HUDivXUH installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the HUYahoo! ToolbarUH. DivX received $15.7 million during the first nine months of 2008 from Yahoo and other software developers, after 250 million downloads.HU

[2]U

Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is HUchief technology officerUH. [2] HU U

OpenCandy has attracted criticism because of HUprivacyUH concerns.H

[3]U UH Past versions of

OpenCandy were considered HUadware

UH by HUMicrosoft Security EssentialsUH as they "maysend user-specific information ... without obtaining adequate user consent".HU

[4]

UH OpenCandy has claimed that this is because another company used OpenCandy without the formal warning in their EULA.HU

[5]U

Applications known to use OpenCandy

This section needs additional citations for HUverificationUH. Please help HUimprove this articleUH by HUadding citations to reliable sourcesUH. Unsourced material may be challenged and removed. (September 2013)

• HUaMSNU • HUAny Video ConverterU • HUAOL Instant MessengerU • HUApexDC++U • HUAuslogics Disk DefragUHHU

[6]U

• HUAxCryptU • HUBurnAwareU • HUCDBurnerXPUH (depending on version) • HUCheat EngineUH (depending on version) • HUConnectifyU • HUCrystalDiskInfoUH (except in Portable Edition) • HUCutePDFU • HUDaemon ToolsU • HUdoubleTwistU • HUDexpotU • HUDVDStylerUH (1.8.4.2 verified) • HUDVDVideoSoftU • HUEaseUSUH Partition Master Free 10.1HU

[7]U

• HUEzvidU • HUFrostwireU • HUFoxit ReaderU • HUFL StudioU • HUFreeFileSyncU • HUFreemake Video DownloaderU

• HUFree Video DubU • HUFree Video To Flash ConverterUH (5.0.6.221, according to terms of use) • HUGameHouseU • HUGOM PlayerU • HUIE7ProU • HUImgBurnUH (from version 2.5.8.0)HU

[8]U

• HUIZArcUHHU

[9]U

• HUKMPlayerU • HULaunchyUH (when not downloaded from SourceForge) • HUMagical Jelly Bean KeyfinderU • HUMediaCoderU • HUMediaInfoU • HUmHotspotU • HUmIRCUHHU

[9]U

• HUMiroU • HUMyPhoneExplorerU • HUNero Burning ROMU • HUOrbit DownloaderU • HUPDFCreatorU • HUPeaZipU • HUPhotoScapeU • HUPowerISOU • HUPrimoPDFUHHU

[9]U

• HURealArcadeU • HUSoldatU • HUStepManiaU • HUSMPlayerUH (win32 version) • HUVeohUH Web Player • HUSigilUH (dropped with version 0.5.0 and later)HU

[10]U

• HUSUPERU • HUTrillianUHHU

[9]UH (dropped 5 May 2011)

• HUUnlockerU • HUuTorrentUH (version 3.x.x and above) • HUWinampUH (version 5 and newer, but not version 2.x) • HUWinSCPUH (through August 2012)HU

[11]U

• HUXfireU

1. FIRST AND FOREMOST: MAKE SURE, IF GIVEN THE OPPORTUNITY, THAT YOU CLICK NO THANKS (UNCHECK OR CHECK THE APPROPRIATE BOX) TO ANY OFFER TO INSTALL OTHER SOFTWARE OTHER THAN WHAT YOU WANT ON YOUR COMPUTER

2. IF NECESSARY, This will help you get rid of OpenCandy HUhttp://www.eset.com/us/online-scanner-popup/UH HUhttp://www.bleepingcomputer.com/download/adwcleaner/UH

(CAUTION: ADWCLEANER [http://www.bleepingcomputer.com/download/adwcleaner/dl/125/] WILL IDENTITY ALL ADWARE FILES ON YOUR COMPUTER, INCLUDING OPENCANDY, AND WILL RECOMMEND DELETING ALL OF THEM. SOME OLDER FREEWARE WILL NOT OPERATE IF THE ADWARE HAS BEEN REMOVED. HOPEFULLY, YOU WILL NOT RUN INTO ONE OF THEM. MOST NEW FREE SOFTWARE RUN INDEPENDENT OF THE ADWARE THAT HELPS TO KEEP THEM FREE...)

They both remove OpenCandy. If for whatever reason this doesn't work I would try downloading Malwarebytes.

3. MANUALLY UNISTALL OPENCANDY (FOR ADRENALIN JUNKIES, TECHIES, AND THOSE WHO WANT TO SEE WHAT DELETING THE WRONG REGISTRY FILE WILL DO TO THEIR OS... KIDDING ...

0BHow to manually remove Adware.OpenCandy

1BFiles associated with Adware.OpenCandy infection:

Mipony-Installer.exe OCBrowserHelper_1.0.6.124.exe IE7proSetup_2.4.7.exe CheatEngine56.exe Freeware_PrimoPDF.exe {E0C67074-3B14-4C28-975E-6F2F33E991C5}.dll frostwire-4.20.6.windows.exe WECPSetup.exe cdbxp_setup_4.3.7.2420.exe HUwscntfy.exeUH frostwire-4.20.6.windows.exe MediaCoder-0.7.2.4535.exe frostwire-4.18.5.windows.exe CuteWriter.exe

CheatEngine561.exe wscntfy.exe MP3Rocket-Win-pro.exe videora-ipod-504-setup.exe freewarePrimoPDF.exe

2BAdware.OpenCandy DLL's to remove:

{E0C67074-3B14-4C28-975E-6F2F33E991C5}.dll

3BAdware.OpenCandy processes to kill:

videora-ipod-504-setup.exe IE7proSetup_2.4.7.exe frostwire-4.18.5.windows.exe Freeware_PrimoPDF.exe HUwscntfy.exeUH frostwire-4.20.6.windows.exe frostwire-4.20.6.windows.exe cdbxp_setup_4.3.7.2420.exe CheatEngine56.exe MP3Rocket-Win-pro.exe freewarePrimoPDF.exe MediaCoder-0.7.2.4535.exe CheatEngine561.exe Mipony-Installer.exe OCBrowserHelper_1.0.6.124.exe WECPSetup.exe wscntfy.exe CuteWriter.exe

4. (Translated forum page)

HUKaspersky Lab ForumUH > HUGerman Multilingual User ForumUH > HUProtection for Home UsersUH Astor27 21/10/2013 20:34

Hello In full scan with Kaspersky comb 0 findings, Malwarebyts but shows me the full scan Findings: PUP.Optional.OpenCandy virus C: \ Users \ HP E Series \ AppData \ Local \ Temp \ is-CBU94.temp \ OCSetupHIp.dll According googel should we run the ESET Online Scanner has so far found nothing anyone remember a Council SebastianLE 21/10/2013 20:46 Many freeware authors build to finance themselves in their promotional offers an installer. Toolbars, suggestions of other programs etc. These can install optional, often it is pre-selected and if you're not careful you put it on the system. Pests are never, but potentially unwanted programs. OpenCandy is a Install System that suggests when installing various program offerings in the installer (eg TuneUp etc.) Anti-virus programs detect PUPs usually after it has been activated. Some have since 1-2 months a more aggressive PUPs recognition and Malwarebytes is doing in my opinion too far and confused customers. Because the program detects all the installer contain something (even unpacked in the Temp Folder as with you) and then complains - even if the user has not installed the PUPs programs and everything always wegklickte. You do not need to scan or fear - empty the Temp folder (or wait a few days until he himself does) and good. Astor27 21/10/2013 20:51 Hello SebastianLE Thanks for your quick info, and again what to learned there. mfg

And this generally for Kaspersky users:

HUKaspersky Lab ForumUH > HUEnglish User ForumUH > HUVirus-related issuesU 22.06.2014 08:06 Welcome. Kaspersky Settings > Additional > Threats and exclusions > Detection types > Settings > enable Other > ok>ok, and do a databases update > reboot, then do a scan. After that, uninstall any recently installed junk > reboot. After that, uninstall any and all junk toolbars > reboot. Uninstall/disable any and all junk browser add-ons and extensions in all of your browsers. Remove any and all junk search providers in all of your browsers. Then if need be, change your home page, in all of your browsers.

If still no go, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second Important topic. There, you will find instructions for GSI and AVZ logs. Please see the small print that is located at the bottom of this message. FastPath1 23.06.2014 22:58 QUOTE(richbuff @ 22.06.2014 07:06) Welcome.... Thank you for the quick reply, however we're still faced with BrowseBurst (adware left undetected), which seems to rely on files in OpenCandy in the hidden Roaming folder. OpenCandy is part of an even bigger virus network, and by initiating the Kaspersky scan with Other enabled, I have just recently noticed. Do you know anything else I can do? Add & Remove Programs thinks BrowseBurst has already been uninstalled, although I am certain it isn't.

5. ANOTHER ARTICLE AND SOURCES ABOUT OPENCANDY REMOVAL TOOLS

How to Remove PUP.Optional.OpenCandy (Removal Guide) PUP.Optional.OpenCandy is a specific detection used by Malwarebytes Anti-Malware and other antivirus products to indicate and detect a Potentially Unwanted Program. A potentially unwanted application is a program that contains adware, installs

toolbars or has other unclear objectives.

PUP.Optional.OpenCandy it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program. The PUP.Optional.OpenCandy infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.

PUP.Optional.OpenCandy got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Propgram is also bundled within the custom installer on many download sites (examples: CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that PUP.Optional.OpenCandy was installed during the software setup process.

You should always pay attention when installing software because often, a software installer includes optional installs, such as this PUP.Optional.OpenCandy browser hijacker. Be very careful what you agree to install. Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

UHow to remove PUP.Optional.OpenCandy (Virus Removal Guide)

This page is a comprehensive guide, which will remove PUP.Optional.OpenCandy from Internet Explorer, Firefox and Google Chrome.

Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance. HUSTEP 1: Remove PUP.Optional.OpenCandy adware with AdwCleanerUH HUSTEP 2: Remove PUP.Optional.OpenCandy browser hijacker with Junkware Removal ToolUH HUSTEP 3: Remove PUP.Optional.OpenCandy virus with Malwarebytes Anti-Malware FreeUH HUSTEP 4: Double-check for the PUP.Optional.OpenCandy infection with HitmanProU

STEP 1: Remove PUP.Optional.OpenCandy adware with AdwCleaner

The AdwCleaner utility will scan your computer for PUP.Optional.OpenCandy malicious files and registry keys, that may have been installed on your computer without your knowledge.

1. You can download AdwCleaner utility from the below link. HUADWCLEANER DOWNLOAD LINKUH (This link will automatically downloadAdwCleaner on your computer)

2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

3. When the AdwCleaner program will open, click on the Search button as shown below.

The program will now start to search for PUP.Optional.OpenCandy malicious files that may be installed on your computer. When it has finished it will display a notepad screen that contains a log file of all the PUP.Optional.OpenCandy extensions, files, and registry keys that have been detected.

4. To remove the PUP.Optional.OpenCandy malicious files that were detected in the previous step, please click on the Delete button on the AdwCleaner screen.

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.

STEP 2: Remove PUP.Optional.OpenCandy browser hijack with Junkware Removal Tool

Junkware Removal Tool is a powerful utility, which will remove PUP.Optional.OpenCandy virus from Internet Explorer, Firefox or Google Chrome.

1. You can download the Junkware Removal Tool utility from the below link: HUJUNKWARE REMOVAL TOOL DOWNLOAD LINKUH (This link will automaticallydownload the Junkware Removal Tool utility on your computer)

2. Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.

If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.

3. Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the PUP.Optional.OpenCandy.

Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.

4. When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your

computer.

STEP 3: Remove PUP.Optional.OpenCandy virus with Malwarebytes Anti-Malware Free

1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program. HUMALWAREBYTES ANTI-MALWARE DOWNLOAD LINKUH(This link will open adownload page in a new window from where you can download Malwarebytes Anti-Malware Free)

2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.

3. On the Scanner tab, select Perform quick scan, and then click on the Scan

button to start searching for the PUP.Optional.OpenCandy malicious files.

4. Malwarebytes’ Anti-Malware will now start scanning your computer for PUP.Optional.OpenCandy as shown below.

5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.

6. You will now be presented with a screen showing you the computer infections

that Malwarebytes Anti-Malware has detected. Make sure that everything is

Checked (ticked), then click on the Remove Selected button.

STEP 4: Double-check for the PUP.Optional.OpenCandy infection with HitmanPro

1. You can download HitmanPro from the below link: HUHITMANPRO DOWNLOAD LINKUH (This link will open a web page from where you can download HitmanPro)

2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.

Click on the Next button, to install HitmanPro on your computer.

3. HitmanPro will now begin to scan your computer for PUP.Optional.OpenCandy malicious files.

4. When it has finished it will display a list of all the malware that the program

found as shown in the image below. Click on the Next button, to remove

PUP.Optional.OpenCandy adware.

5. Click on the Activate free license button to begin the free 30 days trial, and

remove all the malicious files from your computer.

Your computer should now be free of the PUP.Optional.OpenCandy infection. If your current anti-virus solution let this infection through, you may want to consider purchasing HUthe PRO version of Malwarebytes Anti-MalwareUH to protect against these types of threats in the future, and perform regular computer scans with HitmanPro. If you are still experiencing problems while trying to remove PUP.Optional.OpenCandy from your machine, please start a new thread in our HUMalware Removal AssistanceUH forum.

ANOTHER MULTI-STEP PROCESS THAT MAY PRODUCE NO REAL RESULTS:

H27UApr 2012U

How to get rid of Adware:Win32/OpenCandy Virus HUadminUH HU15 CommentsU

Adware:Win32/OpenCandy Virus is a malicious adware program. Our expert team classified is as Adware. This infection, Adware:Win32/OpenCandy Virus, makes your personal computer almost unusable. Sometime this change Proxy setting to block any external communication to other web site. It also blocks downloads. It is important to get rid of this, Adware:Win32/OpenCandy Virus, as soon as possible to avoid further damage to you computer or even worst losing important files, pictures and video files. Like all other rogueprogram like this parasite it is extremely difficult to remove manually. To fix your pc yourself and remove infection program like Adware:Win32/OpenCandy simply follow these steps.

How to remove Adware:Win32/OpenCandy Steps : Step 1:Print out these instructions as you will need to shutdown the computer in next step.

Step 2:Now power down the Adware:Win32/OpenCandy infected computer. And wait for 30 Seconds before you turn on

Step 3:Now please turn ON the computer and immediately keep hitting F8 until you see WINDOWS ADVANCED OPTIONS MENU as shown below.

Step 4:In the WINDOWS ADVANCED OPTIONS MENU, go down to the SAFE MODE WITH NETWORKING using the arrow keys on the board. Then press ENTER on the keyboard. This will take your computer to Safe mode. Safe Mode will cause the display and desktop icons to appear changed. This is normal. No need to Panic as it is due to Adware:Win32/OpenCandy.

Step 5:This, Adware:Win32/OpenCandy, infection may change computer windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer. We will first need to fix this as we will need to download malware removal utilities. They are safe and very reputed in Computer Industry. Now hold down the WINDOWS key and then press the R key.

Step 6:The RUN dialog box will appear. Type iexplore.exe In the RUN dialog and click OK button.

Step 7:You will see Internet Explorer. On the top navigation click TOOLS then under the sub-menu of TOOLS choose INTERNET OPTIONS as shown below.

Step 8: Now find the CONNECTIONS tab within the INTERNET OPTIONS dialog box and click on it. Then click the LAN SETTINGS button.

Step 9:If there is a check-mark in the box named ‘Use a proxy server for your LAN’, under the PROXY SERVER section, then uncheck the box. If there is not a check mark located in the box

then you can skip this step and move on to next step.

Step 10:Now hit the OK button to close the LOCAL AREA NETWORK dialog box. Then press the OK button to close the INTERNET OPTIONS dialog box.

Step 11Now we must end all the processes that belong to Adware:Win32/OpenCandy so that it does not interfere with your ability clear your computer. Inspector-[random char].exe and Protector-[ random char].exe are the processed that needs to be stopped. To do this we need to download Rkill, developed by Bleepingcomputer to help stop the computer process of Adware:Win32/OpenCandy. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box.

Step 12Now type ‘iexplore.exe http://www.fixpcyourself.com/rkill.com’ and hit the OK button.

Step 13:Save the Rkill.exe on your desktop. Double-click the Rkill icon and run Rkill.exe. You will see a black MS DOS dialog box. Now it will kill all the processes of Adware:Win32/OpenCandy. It will take several minute before a Notepad file containing log information on what Rkill found will open. You may review it and close notepad file.

Step 14:Now you are ready to removal all the infection related to Adware:Win32/OpenCandy. For the you need to Malwarebytes. Malwarebytes is a very popular malware and spyware removal application. Now please hold down the WINDOWS key and the R key simultaneously to open RUN dialog box. Type ‘iexplore.exe http://www.fixpcyourself.com/mbam.exe’ and hit the OK button.

Step 15:Save the mbam.exe on your desktop. Double-click the Malwarebytes icon and run mbam.exe. Now the SELECT SETUP LANGUAGE dialog box will appear. Select your

preferred language and hit press OK button.

Step 16:The Malwarebytes SETUP WIZARD will show blow screen Hit the NEXT button to continue.

Step 17:Now the LICENSE AGREEMENT screen will appear as shown. Accept the agreement and hit NEXT button.

Step 18:Now the Information screen will appear. Click on next button and continue following the steps.

Step 19:SELECT DESTINATION LOCATION screen will appear now. You can choose the location where Malwarebytes can be install. We recommend to choose the default location as

shown then click NEXT button.

Step 20:Now the SELECT START MENU FOLDER screen will appear. Let the default as it is and click NEXT button.

Step 21:Now the SELECT ADDITIONAL TASKS screen will appear. If you want a Desktop Icon or Quick Launch icon then check appropriate boxes.

Step 22:READY TO INSTALL screen will come next. Hit the INSTALL button to install Malwarebytes.

Step 23:In this step let the UPDATE and LAUNCH checked as it is to update the application with latest malware definition to capture all the malwares then click FINISH button.

Step 24:Once update is done then Scanner screen will launch. Make sure to select PERFORM FULL SCAN is selected to clean up Adware:Win32/OpenCandy infection. Click on SCAN

button to start the scan.

Step 25:Now choose the local drives that you want to scan from the dialog box and click SCAN button.

Step 26:Be patient as the scan will take several minutes before it cleans up Adware:Win32/OpenCandy infection. Once the scan is finished, a message box saying the scan

is complete will appear. Click OK button to close the box then click SHOW RESULTS button.

Step 27:From results dialog box choose REMOVE SELECTED button to remove all the infections found. Malwarebytes will also delete all of the files and registry keys affected by

Adware:Win32/OpenCandy and add them to the quarantine.

Step 28:Malwarebytes may required you to reboot the PC to complete the removal of Adware:Win32/OpenCandy. After completion reboot your computer Malwarebytes will be relaunched, please follow the instructions on the screen and continue the removal process. Once everything is clean out a log will be open created by Malwarebytes. Please reviewed it and

closed it. Now your computer should be free of Adware:Win32/OpenCandy. Enjoy.

Technical Details of Adware:Win32/OpenCandy files : You need to delete following Adware:Win32/OpenCandy files:

%AllUsersProfile%\Application Data\~ %AllUsersProfile%\Application Data\~r %AllUsersProfile%\Application Data\.dll %AllUsersProfile%\Application Data\.exe %AllUsersProfile%\Application Data\ %AllUsersProfile%\Application Data\.exe %UserProfile%\Desktop\Adware:Win32/OpenCandy.lnk %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\ %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\Uninstall Adware:Win32/OpenCandy.lnk %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\Adware:Win32/OpenCandy.lnk Windows Vista & 7: %AllUsersProfile%\~ %AllUsersProfile%\~r %AllUsersProfile%\.dll %AllUsersProfile%\.exe %AllUsersProfile%\

%AllUsersProfile%\.exe %UserProfile%\Desktop\Adware:Win32/OpenCandy.lnk %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\ %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\Uninstall Adware:Win32/OpenCandy.lnk %UserProfile%\Start Menu\Programs\Adware:Win32/OpenCandy\Adware:Win32/OpenCandy.lnk

Also please delete Adware:Win32/OpenCandy registry file:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘.exe’ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘CertificateRevocation’ = ’0′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = ’1′ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘DisableTaskMgr’ = ’1′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnonBadCertRecving’ = ’0′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop ‘NoChangingWallPaper’ = ’1′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations ‘LowRiskFileTypes’ = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments ‘SaveZoneInformation’ = ’1′ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download ‘CheckExeSignatures’ = ‘no’ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main ‘Use FormSuggest’ = ‘yes’ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ‘Hidden’ = ’0′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ‘ShowSuperHidden’ = 0′

Adware:Win32/OpenCandy Symptoms: Changes browser settings Shows popping ads Browser window open up itself Slow running computer

Removal guide of Adware Win32/ Open Candy virus(how to remove it using YouTube Video):

HUBack to TopU

Posted in: HUAdwareUH Tagged: HUAdware:Win32/OpenCandy VirusU

References

1. Needleman, Rafe (11 November 2008), HUOpenCandy brings ad market to software installs. What?UH, CNET news, retrieved 2009-08-18

2. Marshall, Matt (10 November 2008), HUOpenCandy inserts recommendations when you install softwareUH, retrieved 2009-08-18

3. Needleman, Rafe (11 November 2008), HUOpenCandy brings ad market to software installs. What?UH, CNET news, retrieved 2011-08-06. Particularly see the user comments

4. HUWin32/OpenCandyUH, Microsoft Corporation, 16 Feb 2011, retrieved 2011-02-23

5. HU"The Story Behind the OpenCandy and Microsoft Adware Debacle"UH. Retrieved 2011-06-02.[HU

dead linkUH

] 6. HU[1]U 7. End User License Agreement, retrieved September 2014 8. HU"Change log"UH. ImgBurn. LIGHTNING UK!. 2013-06-16. HUArchivedUH from the

original on 2014-08-08. Retrieved 2014-08-30. "Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation."

9. gizmo, richards (2014-02-08). HU"Controversial Advertising Program Now Being Embedded in More Software"UH. Gizmo's Freeware. HUArchivedUH from theoriginal on 2014-08-07. Retrieved 2014-08-30. "OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more."

10. Schember, John (21 January 2012). HU"Sigil 0.5.0 Released"UH. Retrieved 2012-03-17.

11. HU"WinSCP - OpenCandy"UH. Retrieved 2014-04-03.

• st modified on 22 September 2014 at 05:30.

i How Microsoft antimalware products identify malware and unwanted software Unwanted software Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.

Microsoft helps by giving you the information and tools you need to decide which software to download, install, and run on your PC.

We maintain a definition library of unwanted software. This library has a database of unwanted software files and settings. When our researchers identify new unwanted software, they create definitions and add them to the library. We release regular definition updates to help protect your PC and personal information.

You can participate in our worldwide network by submitting unwanted software for analysis. This network helps identify programs to add to our definition library.

New forms of unwanted software are developed and distributed rapidly. As a result, Microsoft reserves the right to adjust, expand, and update its criteria for analysis without prior notice or announcements.

Consumer opinion 

Microsoft has created a worldwide network where you can submit unwanted software for analysis. Participants in the network play a key role in helping identify new suspicious programs quickly. After analysis, Microsoft creates definitions for programs that meet the criteria, and makes them available to all users through Microsoft antimalware software.

If you believe you have been negatively affected by unwanted software, download and install Microsoft antimalware software. If the unwanted software persists, you canHU report the problem to MicrosoftUH.

Evaluation criteria

Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it:

• Unwanted behavior: The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, or makes misleading or inaccurate claims about the state of your computer.

• Advertising: The software delivers out-of-context advertising that interferes with the quality of your computing experience, regardless of whether you consented to this behavior or not.

• Privacy: The software collects, uses, or communicates your information without your explicit consent.

• Consumer opinion: Microsoft considers input from individual users as a key factor in helping to identify new unwanted behaviors and programs that might interfere with the quality of your computing experience.

Unwanted behavior: lack of choice 

You must be notified about what is happening on your PC, including what a program does and whether it is active.

Software that exhibits lack of choice may:

• Fail to provide prominent notice about the behavior of the program and its purpose and intent

• Fail to clearly indicate when the program is active, and may attempt to hide or disguise its presence

• Install, reinstall, or remove software without your permission, interaction, or consent

• Install other software without a clear indication of its relationship to the primary program

• Falsely claim to be a program from Microsoft.

Unwanted behaviors: lack of control 

You must be able to control programs on your computer. You must be able to start, stop, and otherwise revoke authorization to a program.

Software that exhibits lack of control may:

• Open browser windows without authorization • Redirect or block searches, queries, user-entered URLs, or access to other sites without

clear notification and consent • Modify or manipulate webpage content without your consent

Unwanted behaviors: installation and removal 

You must be able to start, stop, and otherwise revoke authorization to a program. Programs should obtain your consent before installing, and the program must provide a clear and straightforward way for you to install, uninstall, or disable it.

Software that exhibits a poor installation experience may:

• Bundle or download other unwanted software classified in the Microsoft antimalware definition library

Software that exhibits a poor removal experience may:

• Present confusing or misleading prompts or pop-ups when attempting to uninstall software

• Fail to use standard install/uninstall features, such as Add/Remove Programs

Unwanted behaviors: computer performance 

You must be able to expect that the actions a system maintenance or optimization program takes towards system performance are actually beneficial. You should be able to maintain the overall quality of your computing experience.

Software that impairs computer performance may:

• Display exaggerated claims about the system's health • Make misleading or inaccurate claims about files, registry entries, or other items on the

system • Decrease computer reliability

Advertising 

Programs that promote a product or service outside of their own program can interfere with your computing experience. You should have clear choice and control when installing programs that open advertisements.

The advertisements that are opened by these programs must:

• Include an obvious way to close the ad. • Include the name of the program that created the ad.

The program that creates these advertisements must:

• Provide a standard uninstall method for the program using the same name as shown in the ads it produces.

Privacy 

You want to maintain control over your information. You expect to determine how your information is collected, used, and shared with others.

Some types of programs can also have an impact on your privacy. These include, but are not limited to:

• Monitoring programs: software that stores or transmits your activities without notice and consent, or offers a stealth option to hide this behavior.

Note: Monitoring programs are not necessarily malicious. For example, parental controls can feature keystroke monitors, but these programs can pose a risk to your privacy if you don't expect or know about their presence.

Malware Malware is the general name for programs that perform unwanted actions on your PC. This can include stealing your personal information, locking your PC until you pay a ransom, using your PC to send spam, or downloading other malware.

Most software that we classify as malware falls into one of the following categories:

• Backdoor trojan: A type of trojan that gives a malicious hacker access to and control of your PC. This means they may be able to tell your PC what to do or monitor what you do online. A bot is a type of backdoor trojan.

• Downloader: A type of trojan that downloads other malware onto your PC. The downloader needs to connect to the Internet to download the files.

• Dropper: A type of trojan that installs other malware files onto your PC. The other malware is included within the trojan file. This is different to a downloader, which needs to connect to the Internet to download other files.

• Exploit: A piece of code that uses software vulnerabilities to access information on your PC or install malware. For more information, see our page on exploits.

• Hacktool: A type of tool that can be used to allow and maintain unauthorized access to your PC.

• Macro virus: A type of virus that spreads through infected documents such as Microsoft Word or Excel documents. The virus is run when you open an infected document.

• Obfuscator: A type of malware that hides its code and purpose to make it more difficult for security software to detect or remove it.

• Password stealer: A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and

sends information about what keys you press and websites you visit to a malicious hacker.

• Ransomware: A type of malware that can stop you from using your PC, or encrypt your files so you can’t use them. You may be warned that you need to pay money, complete surveys, or perform other actions before you can use your PC again. For more information, see our ransomware page.

• Rogue security software: Software that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don't exist. It also tries to convince you to pay for its services. Our rogue security software page has more information.

• Trojan: A type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC.

• Trojan clicker: A type of trojan that can use your PC to "click" on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is.

• TrojanSpy: A program that collects your personal information, such as your browsing history, and uses it without adequate consent.

• Virtool: A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.

• Worm: A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: email programs, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives with Autorun enabled, and software vulnerabilities.