Thursday, May 29, 2014

OpenCandy Ads Cause Troubles and Be Potentially Dangerous

remove and stop OpenCandy ads




 

 

Variants


  • Adware.OpenCandy
  • PUP.Optional.OpenCandy
OpenCandy and its variants work the same to cause ads and generate profitable income out of it.



What Is OpenCandy?


Not like everyone thinks that OpenCandy is a virus, instead, it is no more than an adware help promote products, services and applications. Such advertising platform makes money out of it. To appeal more people to use its advertising platform, OpenCandy declares to give money to online operators or individuals to recommend products.



OpenCandy Is Causing Troubles and Can’t Be Removed!


The industry would like to call OpenCandy PUP which is a word specially created to categorize the items causing troubles without vicious attribute code. That’s why some anti-virus program would flag OpenCandy ads without removing it. Regardless of the advanced technology it adopts and the perfect optimization it achieves, OpenCandy does impose some adverse impact to target machine:
  1. Some more additional web applications are detected to install on the target machine without permission and knowledge.
    To popularize itself, OpenCandy would bundle with third-party programs/applications or gain cooperative ties with online operators; in return, OpenCandy would alleviate the installation of its partners.
  2. Additional processes will be detected to run in the background.
    With more ads popping up and more online activities, corresponding processes will be created; this could consume limited resource.
  3. It makes the browser slower in loading intended web pages.
    OpenCandy ads take precedence over intended web page.
  4. The PC performance will be greatly degraded.


Potentially Dangerous OpenCandy


One should also recognize the potential dangers from OpenCandy. With additional apps consuming the limited resource, less CPU will be left for pivotal services (i.e. security defense) to play fully in protecting the target machine. Once certain virus finds loophole, the techniques (BHO and JS) used to build OpenCandy will be utilized maliciously to preload vicious codes into system configuration and record any in-put information.

Besides, the techniques to build OpenCandy have been slightly modified so that the PUP manages to hook API as well as change DNS settings and thus stick to a machine for more traffic and higher exposure. Due to the random modified technique, wide coverage and higher exposure, OpenCandy becomes one of the major targets to help with rapid propagation.

live chat to get expert help in removing OpenCandy

Therefore, it is better to remove OpenCandy as soon as possible. Below is the instruction to help with the removal manually considering that security utilities will not remove the PUP. If you want specialized technical help, you may just contact Global PC Support Center by starting a live chat window here.



Manual Instruction to Remove OpenCandy Ads

1. Reset browser settings.

IE
Tools menu > Internet Options > Advanced tab > Restore Defaults button > OK.

Firefox
Firefox button > Help > Troubleshooting information > ‘Reset Firefox’ button.

Chrome
‘Customize and Control Google Chrome’ menu > ‘Options’ > ‘Under the Hood’ > ‘Reset to Defaults’ button.

Opera
Show hidden files and folders (explicit instruction shown in Step3) > navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini.

Safari
Safari menu > ‘Reset Safari’ > tick all given options > ‘Reset’ button.




2. Enable pop-up blocker to stop OpenCandy from popping up.

IE
Tools > Options > Privacy tab > “Block pop-ups” > stop OpenCandy from popping up.

Firefox
Tools > Options > Web features button > block OpenCandy from popping up.

Chrome
Tool menu > Options > “Under the Hood” tab > “Content Settings” > “Pop-ups” > “Exceptions” > rule out OpenCandy popup.

Opera
Opera’s menu > “settings” > “Preference” > General tab > “Pop-up” > “Block Unwanted Pop-ups” > OK button.

Safari
“Safari” > “Preference”>“Security” tab > check “Block pop-up windows".




3. Remove all the Temp files under the following directories.

Windows 7/XP/Vista
Click open ‘Control Panel’ > search for ‘Folder Options’ > tap View tab > tick ‘Show hidden files and folders' and non-tick 'Hide protected operating system files (Recommended)’.
show hidden files and folders on Windows7/XP/Vista

Windows 8
Start screen > open any folder > open Windows Explorer > select View tab > Tick ‘File name extensions’ and ‘Hidden items’ options. 
show hidden files and folders on Windows8 to remove the items related to
OpenCandy

  • navigate to the following directories and remove all the files and folders:
C:\WINDOWS\Temp
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File
  •  remove the items generated on the day when OpenCandy firstly appears under the following listed items:

    (tip:
    1. the below directories can be different on other system
    2. to locate the related items, one should find out the ones were created on the day when OpenCandy was firstly detected.)
    To show the date, one should:right click on the space of a window that is under inspection > select "Arrange by" > select "day")
    show the creation date of the items related to OpenCandy
    %Program Files%\Common Files\
    C:\Windows
    C:\Windows\System32
    C:\Users\[your username]\Documents\
    C:\users\user\appdata\local\
    C:\Program Files\

Mac OS X
Finder > Utilities folder > terminal:
access Mac's Terminal to remove the temp files generated by OpenCandy
  1. type
    cd ~/Library/Logs
    sudo rm -rf ~/Library/Logs/*
    and press Return button.

  2. type
    rm -rf ~/Library/Safari/Downloads.plist
    cd ~/Library/Caches
    sudo rm -rf ~/Library/Caches/*
    and press Return button.



4. Search for and remove the items related to PUP.Optional.OpenCandy.

Click open random folder and hit on Search icon, type "PUP.Optional.OpenCandy" in all the search blanks and hit Enter button so as to remove all the detection.




5. Modify Hosts file to block OpenCandy Ads

Windows
Navigate to C:\Windows\System32\drivers\etc > open Hosts file.

Mac OS X
Finder launchpad icon > Utilities > Terminal> type “etc” (/private/etc/hosts) >  hit Enter/Return key > open Hosts file.

When done, add the following IP to the Hosts file and save the file.

127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com



By frequently popping up on a target machine, OpenCandy manages to collect as much traffic as possible and promote potential business. The more traffic it gets, the more popular it will be; the more frequent it pops up, the more likely it is to make a deal. Thus some techniques have been slightly modified to intercept traffic by force. Such arbitrary behavior should be stopped so as to guarantee a long-term computer security.NOTE: depending on the Operating System installed, the images, directories displayed in this document might differ from what you observe when following these instructions on your computer. This is why certain level of computer skills and knowledge is required to carry out the above offered steps.
get expert help in removing OpenCandy




No comments: