OpenCandy explained

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. They flagged OpenCandy due to its undesirable side-effects.[1] It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.

OpenCandy's various undesirable side-effects included, changing the user's homepage, desktop background or search provider, inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent.[2] After massive criticism of the software occurred, it was eventually discontinued in August of 2016.

Development

The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.

Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.

Windows components

Components that the program used may have differed but here are some similar names based on versions of the software.

Files dropped

Processes

DNS and HTTP queries

Software known to have included OpenCandy

Workarounds

There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line, which was up to the installer to support or not.[32]

Notes and References

  1. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ADW_OPENCANDY ADW_OPENCANDY:
  2. Web site: 2016-01-24. What is OpenCandy and How to remove it?. 2022-01-31. Appuals.com. en-US.
  3. Web site: OpenCandy. 7 December 2023 .
  4. Web site: Antivirus notes. 7 December 2023 .
  5. Web site: Inquiry about detection of Auslogics Defrag Free Edition – ESET NOD32 Antivirus. 22 January 2014 .
  6. Web site: Complete Version history / Release notes / Changelog.
  7. Web site: CDBurnerXP: FAQ.
  8. Web site: FileZilla OpenCandy. 2013-07-24.
  9. Web site: Format Factory – Free media file format converter.
  10. Web site: Does Foxit Reader free 6.1.4.0217 have malware? . Foxit Corporation Forums.
  11. Web site: FreeFileSync. Zenju.
  12. Web site: FrostWire: Downloader, BitTorrent Client and Media Player.
  13. Web site: GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote..
  14. Web site: The Official ImgBurn Website: Change log . LIGHTNING UK! . www.imgburn.com . Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation. . 2013-06-16 . 2017-10-03.
  15. Web site: The Official ImgBurn Website: Download . LIGHTNING UK! . www.imgburn.com . 2013-06-16 . 2017-10-03.
  16. Web site: MD5 doesn't match any downloadable installers – ImgBurn General . forum.imgburn.com . 2016-10-29 . 2017-10-03.
  17. Web site: Wrong hash? – ImgBurn Support . forum.imgburn.com . 2016-06-23 . 2017-10-03.
  18. Web site: Wrong Hash 2 – ImgBurn Support . forum.imgburn.com . 2017-01-31 . 2017-10-03.
  19. Web site: ImgBurn . fileforum.betanews.com . CLEAN INSTALL! No OpenCandy bundled. . 2013-06-17 . 2017-10-03.
  20. Web site: ImgBurn Download: Changelog . . no more 'opencandy' adware! . 2017-03-31 . 2017-10-03.
  21. Web site: Codecs.com Downloads for ImgBurn 2.5.8 . www.free-codecs.com . Download ImgBurn 2.5.8 – without OpenCandy! . 2016-06-20 . 2017-10-03.
  22. Web site: ImgBurn . www.majorgeeks.com . This is a clean, no OpenCandy version. . 2016-06-23 . 2017-10-03.
  23. News: gizmo . richards . Controversial Advertising Program Now Being Embedded in More Software . Gizmo's Freeware . 2014-02-08 . live . https://web.archive.org/web/20140807095841/http://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm . 2014-08-07 . 2014-08-30 . OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more..
  24. Web site: MP3 Support Analysis – herdProtect.
  25. http://www.orbitdownloader.com/what-is-opencandy.htm
  26. http://forums.pdfforge.org/discussion/comment/19987#Comment_19987 Discussions on pdfforge Forums
  27. https://photoscape.en.lo4d.com/virus-malware-tests
  28. Web site: Schember. John (21 January 2012). Sigil 0.5.0 Released. 2012-03-17. https://web.archive.org/web/20160424115403/http://sigildev.blogspot.com.au/2012/01/sigil-050-released.html. 24 April 2016. dead.
  29. Web site: Malware on Install. 29 March 2014 .
  30. Web site: WinSCP – OpenCandy. 2014-04-03. dead. https://web.archive.org/web/20140407065014/http://winscp.net/eng/docs/opencandy. 7 April 2014.
  31. Found in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll
  32. Web site: OpenCandy explained: what you need to know about the technology . www.ghacks.net . 12 May 2021 . 2021-08-06.