OpenCandy Detected??

Discussion in 'ESET NOD32 Antivirus' started by enduser999, Mar 3, 2011.

Thread Status:
Not open for further replies.
  1. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    In the past two days I downloaded free version of applications only to be warned by NOD32 4.2.71.2 that the download has OpenCandy in it.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    More about the OpenCandy potentially unwanted application here.
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Interesting. I have had another product give the same detection today.
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    AFAICT there's no such thing like OpenCandy distributed with avast! Free, yet it's detected by NOD32. See avast! Forum. Looks an FP to me.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    What is a potentially unwanted application?

     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, and that is relevant in what way to one of the world's most popular antivirus solutions? They don't include any toolbar or whatever similar. Is (strictly optional) Google Chrome install considered adware these days? o_O :eek:

    And once again, there's no OpenCandy included, so the detection would be wrong anyway.
     
  7. STRYDER

    STRYDER Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    99
    Microsoft Malware Protection Center has a nice article about OpenCandy here:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy

    Which could be the reason why people cant seem to find OpenCandy AFTER the installation of Avast is complete.

    This freeware/shareware website is pretty clear about Avast's association with OpenCandy. I knnow they have been around a long time, however I am not citing them as subject matter experts but using them as an example. So it is pretty safe to say (imo) that this isn't an ESET problem as other groups have connected Avast free with Opencandy:
    http://www.snapfiles.com/get/avast.html

    Also, if you go to that page and click on the tiny speech bubble next to the reference to OpenCandy, you are taken here:
    http://www.snapfiles.com/help/toolbar-info.html

    The second example is very similar to what you see when you install Avast Free, the example is showing the option for the google toolbar as opposed to the option to install the Chrome browser. I think it is very important to point out that OpenCandy isn't being detected by ESET or MS as a malicious program or a threat which means, that it's not a false positive. What ESET and MS are doing, are simply informing users that this may be a program the user may not want installed, permanently or temporarily on their computer. :)

    No, no one is saying that Google Chrome is adware, but the technology used to power the option to install Chrome during the installation of Avast free is categorized as an adware program which is why (imo) it's being detected as a low risk PUP.

    Here is a tidbit from OpenCandy.com FAQ page:
    from - http://www.opencandy.com/faqs/#what-info-is-collected
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I actually got the alert yesterday when doing a routine scan - the threat was found in ...sytem volume information\.restore..... and the comment states:

    "event occurred on a file modified by the application: x\ windows\system32\svchost.exe"

    1) Am I correct in assuming that sitting in ...restore is harmless whatever the file may be?

    2) how do I interpret the comment re modifying the svchost.exe?

    I did not download a new program but suspect that new definitions only suddenly captured this file which in all likelihood has been in this restore point for a long time.
     
  9. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    621
    Location:
    Sydney Australia
    I received this warning the other day with an installer for some software I use. It didn't actually install any PUA, it just tried to send some statistical data at the beginning of the installation and at the end of installation. Both sends were alerted to by the firewall and blocked. End of (my) story. :)
     
  10. ThomasAdams

    ThomasAdams Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    35
    Location:
    Oregon, USA
    What I am rather annoyed at is the amount of software I see, where there is an option to install a such and such toolbar. And you read it carefully and select the option to not install it... Only to have it installed anyway. :mad: I have written a few scathing letters of contempt lately. It is not juse a once off error, this is becoming the "norm".:thumbd:

    In reference to OpenCandy and Google Chrome. I recently did some searching on "Googleupdater.exe". That would be my guess as to why it is being flagged.

    Source: http://googlesystem.blogspot.com/2008/10/invisible-googleupdateexe.html
     
    Last edited: Mar 6, 2011
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Googleupdater is an unfortunate component that comes bundled with many Google products, ie, Google Toolbar, Chrome, etc.

    Not a necessary start-up item nor service

    This service will unbeknownst to the user with the Google software, silently update said Google software and phone-home a globally unique identifier to Google.
     
    Last edited: Mar 6, 2011
  12. LeVzi

    LeVzi Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    2
    Last night I went to install FL Studio 10, and NOD32 popped up with the block for opencandy. I assumed that it was blocked, yet there was still a registry entry for opencandy. I removed it manually, but at least NOD32 showed me just what Opencandy is. I hope Eset continue to offer the blocking of all OpenCandy related registry/files. I do not want some company storing ANY information on me to offer me things i'll never purchase through them anyway.

    Would it be possible to make NOD32 even tougher with Opencandy and automatically wipe any registry entries OC makes ?

    Thanks Eset, once again proving why you are the number 1 AV manufacturer, the others don't even flag this OC rubbish.
     
  13. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    I downloaded the newer build of avast! from a download server and discovered the OpenCandy plug-in was removed from the installer.
    It was nice for me to see a label with ESET icon which in the Czech language means: “Verified by ESET technology.
    verified_by_eset.png
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you for the note that OpenCandy is bundled with this software.


     
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Assuming that the info from danieln in the other thread is correct *and* that Eset indeed no longer detects OpenCandy (at least for now), I suggest that this thread will be closed.


    I have edited my posting because it could be read as being inappropriate and impolite. That was never my intention. If it was, then I do apologize :oops:
     
    Last edited: May 26, 2011
  17. cbowers

    cbowers Registered Member

    Joined:
    Jul 21, 2008
    Posts:
    5
    Just today getting this prompt on an installer for WinSCP 4.29 that I had still in my download folder from some time back though I've used more recent installers since.

    No hits in my DNS for opencandy.com or any of the related registry entries:

    http://www.microsoft.com/security/p...spx?Name=Adware:Win32/OpenCandy#symptoms_link

    Nod32 4.2.71.2
    Virus signature database: 6156 (20110526)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1300 (20110517)
    Advanced heuristics module: 1118 (20110419)
    Archive support module: 1128 (20110315)
    Cleaner module: 1051 (20110420)
    Anti-Stealth support module: 1024 (20101227)
    SysInspector module: 1217 (20100907)
    Self-defense support module : 1018 (20100812)
    Real-time file system protection module: 1004 (20100727)
     
Thread Status:
Not open for further replies.