OpenCandy

Just only in case you missed this and are interested:

A recent posting (reply # 9) from danieln in the ESET forum from which I quote part of Wikipedia :

Let's hope that that will be sufficient....

A more general reply from the CEO of the OpenCandy company at the OpenCandy site :
The Story Behind the OpenCandy and Microsoft Adware Debacle

 

This post. I am also looking at adding the entry to my Hosts File, more as I hear more.

 

Besides the many methods of blocking it (hosts file, disconnect network adapter, etc), if you run an installer that contains Open Candy, after installation terminate rundll32.exe, then empty your user\Temp directory - that's where the Open Candy dll runs from. Bye bye OC.

 

Controversial Advertising Program Now Being Embedded in More Software

 

After reading the article linked in the previous post, I checked out several Installers that contain OpenCandy.
If you have no active internet connection during installation, you'll receive no recommendations for other software.
The OC dll (OCSetup.dll, OpenCandyHlp.dll, various other names), always runs from the user/temp directory via rundll32.exe. So terminating rundll32.exe after installation (with network adapter disabled), means no chance of OpenCandy receiving any information or recommending anything.

 

After reading about OpenCandy, I don't have any problem lumping it in with "malware". I'd at least like to be alerted to its presence before I installed something I wanted to trial.

To me gathering data about my computer, downloading it and anonymising it still feels like a violation of my privacy. Claiming it happens with other peoples installers also doesn't make it feel any less a violation. I realize it happens all the time, but that doesn't mean I have to embrace it.

I understand that annoying me by adding an unwanted toolbar in an installer might help pay the developers bills, so I grit my teeth and bear it, but scanning my computer for already installed products, uploading that info, and then recommending other software products based on that analysis is more than I like.

No matter how they try to sugarcoat it, including this extra garbage in an installer is NOT adding any value to the enduser. Maybe to the software writer, who gets revenue for it, but not the enduser.

So if Microsoft or anyone else wants to classify it as spyware, and doesn't provide OpenCandy with quick pleasant responses to their inquiries, then too bad for OpenCandy. They know what they are doing and they have to expect some backlash.

 

Analysis by Microsoft, written by Aaron Hulett (certainly well known by the oldies among us!):
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware:Win32/OpenCandy

=====

Thanks for the link, Mr.PC !!!

Long reading but well worth !!

=====

Thanks stackz !!!

I have not tried installing like you did.
If you install such a program, which installer contains OpenCandy, *and* if you do it while being off line, *and* if you reboot after installing and use a temp cleaner like for example CCleaner running at start-up, would that work? Reading your analysis does look to indicate that, if I am reading it right. Or am I wrong?
It would leave behind the reg-entries (Aaron gave examples in that MS analysis).

=====

The hpHOSTS file has these two entries included:

=====

I have been told that Winhelp has been asked about the MVPS HOSTS file

=====

Analysis using WireShark from a person who defends OpenCandy :
http://cynic.me/2011/04/03/opening-up-opencandy/

 

Is there any kind of list of installers which contain OpenCandy? It's kind irritating to find out that your favorite program has included this without user content, as happened to me with iZarc.

 

For example the list at Wikipedia at the link previously mentioned:
http://en.wikipedia.org/wiki/OpenCandy

(but that doesn't have to mean that the info at Wikipedia is right; well, the usual disclaimer)

 

Thank you, this once again confirmed true the theory that I can't see what is in front of my eyes.

 

No worries, Spysnake

 

I would use this:
0.0.0.0 api.opencandy.com

It will resolve faster, especially if you have a web server installed.

 

Here's another review, with a list at the bottom: http://cranialsoup.blogspot.com/2009/05/opencandy-new-kind-of-adwarespyware.html

 

Nothing back from Winhelp as of yet, FanJ, as soon as I hear I will post back to the thread, though anyone can manually add the entry, if they wish.

 

Yes, you are correct, your install method would work and the benign registry entries would be left behind. Just run regedit and Find (Ctrl + F) OpenCandy, then delete the entries found.

 

You are welcome!

 

More spotted Here

 

Hi Jan,

It's been talked about in 2009 https://www.wilderssecurity.com/showthread.php?t=256489

TH

 

Your finding is surely outdated as is the Wikipedia entry, as long as this adware purveyor ads it's software to known freeware, it will be Blacklisted.