OpenCandy is an
adware
Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
module and a
potentially unwanted program
A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software ma ...
classified as
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
by many anti-virus vendors.
They flag OpenCandy due to its undesirable side-effects.
It is designed to run during installation of other desired
software
Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work.
At the lowest programming level, executable code consists ...
. Produced by
SweetLabs
SweetLabs is a software distribution company.
Company overview
Based in San Diego and Seattle, SweetLabs has raised $21.5 million in venture capital from Bessemer Venture Partners, Google Ventures, Intel Capital, and O’Reilly AlphaTech Ventures ...
, it consists of a
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
library
A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
incorporated in a
Windows Installer
Windows Installer (msiexec.exe, previously known as Microsoft Installer, codename Darwin) is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. ...
. When a user installs an application that has
bundled the OpenCandy library, an option appears to install software it recommends based on a scan of the user's system and
geolocation
Geopositioning, also known as geotracking, geolocalization, geolocating, geolocation, or geoposition fixing, is the process of determining or estimating the geographic position of an object.
Geopositioning yields a set of Geographic coordinate s ...
. Both the option and offers it generates are selected by default and will be installed unless the user unchecks them before continuing with the installation.
[
OpenCandy's various undesirable side-effects include changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collects and transmits various information about the user and their Web usage without notification or consent.]
Development
The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar
Yahoo! Toolbar is a browser plugin. It is available for Internet Explorer, Firefox and Google Chrome browsers.
Yahoo! Toolbar has been around for more than 10 years and has evolved since its inception.
Originally aimed at being a bookmark and pop ...
. DivX received $15.7 million during the first nine months of 2008 from Yahoo and other software developers, after 250 million downloads.[
]
Windows components
Components of the program may have differing but similar names based on version.
Files dropped
*OCComSDK.dll
*OCSetupHlp.dll
*Fusion.dll
Processes
*spidentifier.exe
* rundll32.exe
DNS and HTTP queries
*tracking.opencandy.com.s3.amazonaws.com
*media.opencandy.com
*cdn.opencandy.com
*cdn.putono5.com
*tracking.opencandy.com
*api.opencandy.com
*www.arcadefrontier.com
Software known to have included OpenCandy
* AC3Filter
AC3Filter is a free DirectShow filter for real time audio decoding and processing. It can decode the audio formats AC3, DTS, and MPEG Multichannel.
Features
Features include:
* Playback of video with DTS and AC3 audio tracks,
* Up-mix of any ...
* Auslogics Disk Defrag
Auslogics Disk Defrag is a freemium software application for Microsoft Windows intended to defragment files and folders on a hard drive, consolidate free space and optimize file placement using different criteria. It is available in both a free ...
* CamStudio
CamStudio is an open-source screencasting program for Microsoft Windows released as free software. The software renders videos in an AVI format. It can also convert these AVIs into Flash Video format, embedded in SWF files. CamStudio is w ...
(since version 2.7 r316)
* CDBurnerXP
CDBurnerXP is an optical disc authoring utility for Windows 2000 and later, written mostly in Visual Basic .NET as of version 4, released in September 2007. It has international language support. The software is available to download in both 32 ...
(depending on version; alternate download without OpenCandy available; confirmed 2017-03-01)
* FileZilla
FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS (FTP over SSL/TLS), while ...
(present in 2013)Format Factory
__NOTOC__
FormatFactory is an ad-supported freeware multimedia converter that can convert video, audio, and picture files. It is also capable of ripping DVDs and CDs to other file formats, as well as creating .iso images. It can also join multipl ...
* Foxit Reader
Foxit PDF Reader (formerly Foxit Reader) is a multilingual freemium PDF (Portable Document Format) tool that can create, view, edit, digitally sign, and print PDF files. Foxit Reader is developed by Fuzhou, China-based Foxit Software. Early ver ...
(6.1.4 – 6.2.1)
* FreeFileSync
FreeFileSync is a free and open-source program used for file synchronization. It is available on Windows, Linux and macOS. The project is backed by donations. Donors get access to a Donation Edition that contains a few additional features such a ...
* FrostWire
FrostWire is a free and open-source BitTorrent client first released in September 2004, as a fork of LimeWire. It was initially very similar to LimeWire in appearance and functionality, but over time developers added more features, including sup ...
* GOM Player
GOM Player is a media player for Windows, developed by GOM & Company. With more than 100 million downloads, it is also known as the most used player in South Korea. Its main features include the ability to play some broken media files and find ...
* ImgBurn
ImgBurn is an optical disc authoring program that allows the recording of many types of CD, DVD and Blu-ray images to recordable media (.cue files are supported as of version 2.4.0.0). Starting with version 2.0.0.0, ImgBurn can also burn files a ...
(since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free)
* mIRC
mIRC is an Internet Relay Chat (IRC) client for Windows, created in 1995. It is a fully functional chat utility and its integrated scripting language makes it extensible and versatile.
mIRC has been described as "one of the most popular IRC cl ...
MyPhoneExplorer MyPhoneExplorer is a proprietary freeware desktop application allowing management of Android mobile phones. It is developed in Austria, originally for the Sony Ericsson mobile phone.
Features
MyPhoneExplorer can connect to a phone using a USB cabl ...
(dropped March 2015)
* Orbit Downloader
Orbit Downloader is a discontinued download manager for Microsoft Windows. Launched in 2006, its developers abandoned it in 2009. In 2013, Orbit Downloader was classified as malware by antivirus software after ESET discovered a botnet in the ap ...
(confirmed 2015-10-24)
* PDFCreator
PDFCreator is an application for converting documents into Portable Document Format (PDF) format on Microsoft Windows operating systems. It works by creating a virtual printer that prints to PDF files, and thereby allows practically any applicati ...
* PhotoScape
PhotoScape is a graphics editing program, developed by MOOII Tech, South Korea, Korea. The basic concept of PhotoScape is 'easy and fun', allowing users to easily edit photographs taken from their digital cameras or even mobile phones. PhotoScape ...
* PrimoPDFSigil
A sigil () is a type of symbol used in magic. The term has usually referred to a pictorial signature of a deity or spirit. In modern usage, especially in the context of chaos magic, sigil refers to a symbolic representation of the practitioner ...
(dropped in version 0.5.0 and later)
* Trillian (dropped 5 May 2011)μTorrent
μTorrent, or uTorrent (see pronunciation) is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. with over 150 million users. It is the most widely used BitTorrent client outside China; globally only behind Xunlei. ...
* WinSCP
WinSCP (''Windows Secure Copy'') is a free and open-source SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. Its main function is secure file transfer ...
(through August 2012)
Workarounds
There is a workaround to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line
A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...
, which is up to the installer to support or not.
References
{{DEFAULTSORT:Opencandy
Windows adware