NOD has labeled a few old files as infections? months later?

[NervousNed]

hi everyone. Been using NOD32 for a long while now, and never had to ask a question, or had a problem, until now!! today during my weekly scan that I have set up, for the first time ever NOD came back with infections/intrusions.

I don't know if they're legit or what. the infected files were 2 file - an installer for a program called driver sweeper, and the email file that I sent to myself to move that installer from another computer to the one in question. both of the installers (in my email folder and on my hard drive) have been there for MONTHS. NOD has scanned them numerous times in my weekly full system scans by now, so I don't know why suddenly they'd be viral?? could it be something is infecting them??

I let NOD delete them, so I no longer have them, because I was so nervous about it.

they were the only infected files on the computer. the scan log called them 'Wind32/opencandy', but the threat log doesn't have them listed. if they were infected files, well, I installed that software almost a year ago!! NOD didn't find any problem with the installed program itself - just the installer.

I did a scan with malwarebytes antimalware, and hitman pro - they both came back clean.

I am using windows 7 professional, 64-bit version. I browse with opera, running in sandboxie, so I'm usually very careful about what gets through my system.

any advice? is this the start of something worse? has malware been lurking on my computer for months without my knowing??

[cgeek]

There is no need to be worried. Please read this thread especially post #7.

Regards,
Cgeek

[NervousNed]

thank you for directing me to that thread. some of it was way over my head, but I take it that the malware is only in the installer, then? it doesn't install along with the program? I understand what a 'potentially unwanted program', and I've read the ESET page about opencandy, too( http://kb.eset.com/esetkb/index?page...nt&id=SOLN2677 ).

I'm just a little worried that I never saw this until tonight. that other thread was started back in march! what made this week special vs. all the other times ESET scanned the file, and didn't report it?

anyhow, thank you very much again. if I'm reading that thread correctly, this isn't much of a threat, and my machine isn't infected? I was wondering if I'd have to reformat my computer, and whether or not this 'opencandy' has been spying on me for months, so I'd have to cancel my creditcards and change all my passwords.

[siljaline]

Please wait for an ESET Moderator or ESET Staff to respond to your query.

[Marcos]

OpenCandy is not malware, it's correctly classified as a potentially unwanted application which means that some users may want to keep it but the others not due to its characteristics. If you fall to the former group, you can simply exclude it from scanning (ideally from within the yellow notification window if detected by the real-time or web scanner).

[Mandy123]

Hi
Happened to me too. I contacted ESET who were very helpful, but could not explain why this has only appeared now. Their reply was:

1. Is the file dangerous
Ans: this is highly dependent on the user behavior and the configuration sent to and downloaded in real-time by the adware from its server.
2. Why has the warning only appeared now? I have had this file for over a year on my PC. The PC is regularly scanned by ESET, and yet this warning has never appeared before.
Ans: detection of potentially unsafe applications is not activated in default setting, the option has to be enabled by individual users. [see Tools | Enter Advanced Setup Tree | Antivirus & Antispyware | Setup] [My setting was not activated!]
At the same time the engine and database are still evolving so it is possible they are able to classify previously undetected threats.
3. I have seen the article on ESET about this (http://kb.eset.com/esetkb/index?page...t&id=SOLN2677& ) and read a couple of postings on the forums, but they are not clear what I should do about this. i.e. Microsoft says: "Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent. "
http://www.microsoft.com/security/po...32%2FOpenCandy
Ans: That's completely up to you. My private suggestion is to keep the files and to be careful when accepting recommendations presented by the adware during the installation.