I need help with removing this Open Candy stuff. I have already done some steps, unsuccessfully I have to say, and the article I read How to Remove PUP.Optional.OpenCandy (Removal Guide) by Stelian Pilici said to do it exactly in a certain way which I cannot do because I had already started trying to remove using different program (or same programs but in different order). I would appreciate any help you can give... but please not super technical because I do know some but not a lot. Thanks
Help removing PUP OPEN CANDY
- Thread starter dalibella
- Start date
- Jan 24, 2011
- 9,378
Hi and welcome to the malwaretips.com forums!
I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
STEP 1: Run a computer scan with Malwarebytes Anti-Malware Free
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
What's next?
Please add in your next reply:
1. Malwarebytes Anti-Malware log
2. ESET log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
STEP 1: Run a computer scan with Malwarebytes Anti-Malware Free
- You can download Malwarebytes Anti-Malware Free from the below link.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a new web page from where you can download Malwarebytes Anti-Malware Free) - Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- Once the program has loaded, select Perform full scan, then click on the Scan button.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Post the log back here.
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
What's next?
Please add in your next reply:
1. Malwarebytes Anti-Malware log
2. ESET log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
Last edited:
Hi,
thank you so much for answering. I did run malawarebytes before (I am doing it again and then I will attach the full scan for you) but my issue was after removing all that junk the computer said that one dll file for Open Candy was missing, and that notice kept popping up every time I shut down. just wanted you to know that. I also had run some other removal programs already. Will this be a problem? thanks so very much. ciao
thank you so much for answering. I did run malawarebytes before (I am doing it again and then I will attach the full scan for you) but my issue was after removing all that junk the computer said that one dll file for Open Candy was missing, and that notice kept popping up every time I shut down. just wanted you to know that. I also had run some other removal programs already. Will this be a problem? thanks so very much. ciao
- Jan 24, 2011
- 9,378
dalibella said:
Hello,
The infection was removed however you have a harmless left over registry key which is trying to find the program at Windows startup. However because the program has been removed, Windows cannot find the file so is generating that error. It's easy to fix, and once you'll have those two scans, we can go ahead and fix it.
The infection was removed however you have a harmless left over registry key which is trying to find the program at Windows startup. However because the program has been removed, Windows cannot find the file so is generating that error. It's easy to fix, and once you'll have those two scans, we can go ahead and fix it.
Hi,
first of all thank you so very much for all your help. You are wonderful indeed!
I have ran malawarebytes and eliminated the threats, however today there was a new one that I did not get from downloading anything. WHy? I am enclosing the logs from malawarebytes (all in one) just in case you need them. Is open candy something that can read or mess up your passwords? should I change all of them? I read that mse is better than AVG, is that true? should I change? Is it bad to keep spybot as well? I also read that too many antivirus programs are not a good idea.
The eset scanner has some files quarantined, but it does not look like it wants to copy them or have an exportable log. Its said there were no infected files.
Please do let me know how to get rid of this error message for this one file
Hi,
first of all thank you so very much for all your help. You are wonderful indeed!
I have ran malawarebytes and eliminated the threats, however today there was a new one that I did not get from downloading anything. WHy? I am enclosing the logs from malawarebytes (all in one) just in case you need them. Is open candy something that can read or mess up your passwords? should I change all of them? I read that mse is better than AVG, is that true? should I change? Is it bad to keep spybot as well? I also read that too many antivirus programs are not a good idea.
The eset scanner has some files quarantined, but it does not look like it wants to copy them or have an exportable log. Its said there were no infected files.
Please do let me know how to get rid of this error message for this one file
- Jan 24, 2011
- 9,378
Hello dalibella,dalibella said:
OpenCandy is an adware program that is bundled with other installers. When installed this infection will display ads or install a toolbar on your browser, however it does not have keylogging capabilities.
You can find more details here: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Adware%3AWin32%2FOpenCandy#tab=2
Lets try to fix your machine:
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</> (OTL by oldtimer)</li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:OTL
O4 - HKLM..\Run: [(default)] File not found
:Commands
[EMPTYTEMP]
[RESETHOSTS]<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
STEP 2: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download AdwCleaner on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 3: Run a scan with Junkware Removal Tool
- Please download Junkware Removal Tool to your desktop from the following link:
JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download Junkware Removal Tool on your computer) - Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
What's next?
Add the following logs to your next post (You can find here details on how to use the Attachment System):
1. OTL log
2. AdwCleaner log
3. Junkware Removal Tool log
4. Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
[/quote]
Last edited:
I read that mse is better than AVG, is that true? should I change? Is it bad to keep spybot as well? I also read that too many antivirus programs are not a good idea.
Hi there,
thanks I did what you said, and I am posting the results. It seems that at opening it did not ask for that dll file... could you give me your opinion about the above questions? thanks again and happy Sunday to you.
Hi there,
thanks I did what you said, and I am posting the results. It seems that at opening it did not ask for that dll file... could you give me your opinion about the above questions? thanks again and happy Sunday to you.
actually, that message about the missing dll is still there. I cannot attach it but here it is
C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A0F73D5EAE140E\OCBrowserHlper_1.0.4.106.dll
sorry for bugging you so much. thanks
C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A0F73D5EAE140E\OCBrowserHlper_1.0.4.106.dll
sorry for bugging you so much. thanks
- Jan 24, 2011
- 9,378
Ok. Let me show you how to fix this, so that in the future you will know how to fix this type of errors:
If you are having problems finding this startup item, then you can post a screenshot and I'll tell you what to remove from Windows startup.
- Download Ccleaner from here: https://www.piriform.com/ccleaner/download/standard
- Install Ccleaner and start this utility, click the Tools icon at left, then click the Startup button.
- In the Startup screen, you'll see a list of all items that have been set to start automatically with Windows.
- Select for OCBrowserHlper_1.0.4.106.dll, and any other programs that you don't want to start with Windows, then right-click on it and select Disable:
If you are having problems finding this startup item, then you can post a screenshot and I'll tell you what to remove from Windows startup.
dalibella said:
Hello,
I haven't heard from anyone. Is there a problem? Could someone answer please? thanks
Similar threads
- Locked
- Locked
