Fact-checked by Grok 2 weeks ago

OpenCandy

OpenCandy was an adware module developed by SweetLabs, a San Diego-based software company, designed to enable freeware developers to monetize their Windows applications by integrating optional advertising offers into the installation process.^[1] Founded around 2008 by Chester Ng, the CEO of SweetLabs, OpenCandy functioned as an installation wrapper that scanned users' systems to recommend relevant secondary software, such as productivity tools or utilities, presented as opt-in promotions during setup.^[1] This approach aimed to provide value to both developers—through revenue sharing from accepted offers—and users, by avoiding intrusive or repetitive ads, while reportedly achieving over 1 billion installs by early 2013 and a 63% month-over-month growth in volume that year.^[1] Despite its intended legitimacy, OpenCandy was frequently bundled with popular free software like PDFCreator and ImgBurn without clear user disclosure, leading to widespread criticism for stealthy installation practices.^[2] It often resulted in browser modifications, including home page hijacks, unwanted toolbar installations, and data collection on browsing habits for targeted advertising, prompting classifications as a potentially unwanted program (PUP) or adware by major security firms.^[2]^[3] For instance, Kaspersky identified it as Adware.Win32.OpenCandy in 2017, noting its ability to redirect searches and gather user data like IP addresses and visited sites, while ESET and Trend Micro flagged variants for similar behaviors as recently as 2023.^[3]^[4]^[5] The module's reputation issues peaked in 2011 when Microsoft labeled it as low-level adware, sparking debates over its ethics and contributing to user avoidance of bundled software.^[2] Although SweetLabs positioned OpenCandy as a non-malicious alternative to traditional adware like Google AdSense—focusing on contextual recommendations rather than forced displays—its association with privacy risks and performance impacts led many antivirus tools to detect and quarantine it automatically.^[2]^[3] OpenCandy was discontinued in August 2016. By the mid-2010s, detections persisted in installers from various developers, but integrations declined amid growing scrutiny of bundleware practices.^[2]

History

Development and Launch

OpenCandy was developed by SweetLabs, a San Diego-based company founded in 2008 by former executives from DivX, Inc., drawing on their experience in distributing consumer software to millions of users. The technology originated from efforts to address challenges in software monetization encountered during DivX installations, where bundled offers had become a key revenue stream but often faced criticism for intrusive practices. SweetLabs aimed to create a more user-centric alternative by focusing on optional, contextually relevant recommendations during software setups.^[6]^[7]^[1] The founding team included Darrius Thompson as CEO and co-founder, who had previously co-founded DivX; Chester Ng as co-founder and chief business officer, formerly DivX's business development director; and Mark Chweh as chief technology officer, previously DivX's engineering director. This expertise enabled the rapid prototyping of OpenCandy as an advertising module integrated into installers, initially tailored for DivX but designed with broader applicability in mind. The initial purpose was to allow software developers to generate revenue through opt-in promotions—such as toolbars or utilities like the Yahoo! Toolbar—without imposing direct costs on end-users, while ensuring transparency and ease of declination.^[6]^[8]^[1]^[9] Launched in 2008, OpenCandy quickly gained traction, powering over 400 million desktop app installations in its early years and securing $3.5 million in venture funding from investors including Bessemer Venture Partners and Tim O'Reilly. Early success stemmed from its non-intrusive model, which contrasted with aggressive bundling tactics and earned partnerships with developers seeking ethical monetization options—though it later drew scrutiny for adware-like behavior. By 2011, the platform had evolved from DivX-specific prompts into a general software development kit (SDK), enabling third-party developers to integrate the module into their installers for customized, audited offer networks.^[10]^[6]^[11]

Discontinuation and Legacy

OpenCandy was discontinued by SweetLabs in August 2016 amid widespread criticism for its deceptive bundling practices and classification as potentially unwanted software or malware by numerous antivirus vendors.^[2] The decision stemmed from massive backlash over user privacy concerns, including the software's ability to scan systems for personalized ad recommendations without explicit consent, leading many software developers to abandon the bundler.^[12] As of 2025, OpenCandy is no longer actively distributed or supported, with SweetLabs having pivoted to other ventures such as the Pokki app platform and partnerships for pre-installed software like Lenovo App Explorer.^[13] However, legacy detections persist, often as false positives triggered by antivirus software scanning files with remnant signatures or similar behaviors; for instance, legitimate Microsoft OneDrive.exe files have been flagged under OpenCandy-related heuristics in recent reports.^[14] Historically, OpenCandy exemplified early opt-out adware models in software distribution, where installers promoted additional downloads during setup to generate revenue for developers, though this approach ultimately contributed to its downfall due to eroded user trust and regulatory scrutiny on bundled software.^[15]

Functionality

OpenCandy, discontinued in August 2016, operated as a software development kit (SDK) that developers integrated into the installation processes of third-party applications, allowing for the seamless embedding of optional software recommendations without altering the core installer functionality.^[16]^[17] This integration involved adding a small code module provided by OpenCandy to the installer's framework, which communicated with OpenCandy's servers to retrieve a curated list of approved applications based on the developer's preferences.^[16]^[17] During the installation of the host software, the OpenCandy module initiated a lightweight scan of the user's system profile, including operating system version, language settings, geographic location (derived from timezone and country data), and existing installed applications to identify compatibility and relevance.^[16]^[17] Based on this data, it selected and presented personalized offers for additional software—typically one or a few at a time—through non-intrusive interfaces such as checkboxes or pop-up dialogs integrated into the installation wizard.^[16] These offers were framed as "recommended" enhancements, with the installation of the bundled software proceeding only if the user explicitly accepted them.^[17] The model relied on an opt-out approach, where offers were enabled by default, requiring users to actively uncheck boxes or decline prompts to avoid installation; this shift from an earlier opt-in system was implemented to increase acceptance rates while still allowing user choice.^[17] OpenCandy collected anonymized data on user interactions, such as installation outcomes (e.g., accepted, declined, or canceled) and system attributes, to refine targeting algorithms, but it did not seek explicit consent for this data use beyond the host installer's end-user license agreement (EULA), which referenced OpenCandy's involvement; according to the developer, this did not include personally identifiable information or IP addresses, though security analyses reported collection of such data.^[16] Revenue for developers and OpenCandy stemmed from affiliate commissions earned when users accepted and installed the recommended software, with no direct charges to end-users; this incentivized the bundling by providing a monetization stream for free or low-cost applications.^[16]^[17]

Windows Components

OpenCandy operated primarily as a bundling module within software installers on Windows systems, integrating components that facilitated the presentation of optional software offers during installation. These components typically included dynamic link libraries (DLLs) and executable files that enabled system scanning, network communication, and user interface modifications. For instance, common files dropped included OCBrowserHelper.dll, which assisted in browser-related integrations, and various installer artifacts like OCSetupHlp.dll for handling setup processes. These files were often placed in user-specific directories such as %AppData%\OpenCandy or system folders like %System Root%\tools, depending on the host application.^[15]^[5] In terms of processes, OpenCandy leveraged existing Windows processes for execution to minimize detectability, such as injecting code into explorer.exe or other system processes to run its scanning and offer-display logic. Dedicated processes like dlm.exe (Download Manager) or ServiceHostAppUpdater.exe were also spawned during installation to manage the retrieval of recommended software. These processes performed real-time system analysis to identify missing applications or updates, querying against a predefined list to select offers tailored to the user's operating system, language, and location. Once activated, they ensured the optional offers appeared in the installer UI without disrupting the primary software installation.^[18]^[15] Network activity was a core component, with OpenCandy establishing outbound connections to servers like api.opencandy.com to fetch personalized software recommendations and transmit anonymous usage statistics, such as installation outcomes and system details (e.g., OS version and country). This communication occurred via HTTP requests during the bundling process and involved layered service providers (LSPs) registered to intercept or modify network traffic for ad injection in some variants. Additionally, DNS settings could be altered to route queries through proxies, and local proxy configurations were sometimes added to facilitate these interactions. Such activity enabled revenue generation through affiliate partnerships but raised privacy concerns due to the collection of non-personally identifiable data.^[18]^[19]^[16] Registry modifications were extensive to ensure persistence and integration. OpenCandy often created keys under HKEY_LOCAL_MACHINE\SOFTWARE\OpenCandy and HKEY_CURRENT_USER\Software[Microsoft](/page/Microsoft)\Windows\CurrentVersion\Run to launch components at startup, alongside uninstall entries like HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenCandy NSIS SDK for removal tracking. File associations and browser settings could be altered, such as modifying CLSIDs for installer classes or default handlers, potentially leading to changes in User Access Control (UAC) prompts or Windows Update interference in aggressive implementations. Folders like %AppData%\OpenCandy or %COMMONPROGRAMS%\OpenCandy NSIS SDK were created to store configuration files, shortcuts, and EULA documents. These changes collectively embedded OpenCandy into the Windows environment, allowing it to operate seamlessly with bundled applications like CCleaner or uTorrent.^[20]^[15]^[18]

Windows Components

Files Dropped

OpenCandy primarily deploys dynamic-link libraries (DLLs) rather than standalone executables during its installation as part of bundled software setups on Windows systems. These DLLs facilitate the adware's core operations, such as displaying software offers and handling internal communications, by being loaded dynamically into the host application's process.^[21] The key file is OCSetupHlp.dll, which serves as an installation helper and recommendation engine component for OpenCandy. This DLL is digitally signed by OpenCandy Inc. and is typically dropped into temporary directories during the bundling process, such as subfolders within %TEMP% (e.g., C:\Users%USERNAME%\AppData\Local\Temp\is-XXXX.tmp\ or C:\Users%USERNAME%\AppData\Local\Temp\OpenCandy). In some cases, remnants may persist in application-specific folders under %Program Files%. Its behaviors include assisting in the setup of optional offers without requiring a separate executable, often invoked via rundll32.exe for temporary execution. A common version is 1.6.4.114 (32-bit), with an original file size of approximately 807 KB.^[22]^[23]^[24] Another primary DLL is OCComSDK.dll, functioning as the core communication SDK that manages data transmission related to ad offers and system scanning for personalized recommendations. It is usually placed in temporary or application data paths, such as C:\Users%USERNAME%\AppData\Local\Temp...\3rdparty\OCComSDK.dll, and is designed for dynamic loading to integrate seamlessly with the installer without independent execution. This file gathers non-identifiable system information to support offer display and is digitally signed by OpenCandy (issued by COMODO RSA Code Signing CA). Versions are often listed as 1.0.0.1, though specific builds tie to OpenCandy releases through 2016; file sizes typically range around 1-2 MB based on analyzed samples.^[25]^[21] These DLLs are versioned in alignment with OpenCandy's development cycle, which ceased active updates by 2016 following the company's discontinuation, ensuring compatibility with Windows installers up to that point. No persistent executables are dropped, emphasizing OpenCandy's reliance on modular, load-time integration to minimize its footprint.^[25]^[23]

Processes

OpenCandy primarily executes through injection into the host software installer's process during setup, utilizing variants of Setup.exe to embed its operations without launching independent windows. This injection allows OpenCandy to leverage the host process's privileges and interface, facilitating the display of bundled offers during the installation sequence.^[15]^[18] Post-installation, OpenCandy initiates background tasks via DLL injection into system processes, such as spawning dlm.exe for managing additional content downloads and offer resolutions. These tasks run persistently until the bundling cycle completes, often as temporary instances lasting briefly to handle specific actions like user prompt responses. The processes monitor interactions with the installer UI to track opt-in decisions for secondary software, ensuring offers are presented contextually.^[15]^[26]^[27] To maintain stealth, OpenCandy's processes exhibit a low resource footprint, typically consuming minimal CPU and memory to evade user or antivirus detection while remaining active throughout the installation. Integration occurs via hooks into Windows APIs, including SetWindowsHookEx, which enables seamless interception of installer events without altering the host's visible behavior. These processes are supported by associated DLL files placed in user directories during setup.^[15]^[18]

Network Activity

OpenCandy's network activity occurs during the installation phase of bundled software and periodically thereafter, where it communicates with remote servers to retrieve promotional offers and report installation outcomes for revenue tracking. This involves DNS resolutions to domains such as api.opencandy.com to locate the primary API server, as observed in traffic analyses of the installer.^[28] Additional DNS queries target tracking.opencandy.com and media.opencandy.com to resolve server locations for tracking and media content delivery, respectively, ensuring connectivity for offer-related operations.^[29] The core communications utilize HTTP requests, including POST and GET methods, directed to endpoints like api.opencandy.com. These requests transmit anonymized user profile data—such as IP address for geolocation, operating system version, browser details, MAC address, and machine GUID—to enable personalized offer selection. In response, the server delivers lists of 5 to 50 offers per request, each containing metadata like installation commands and advertiser binary URLs for subsequent downloads. Following user interactions, additional HTTP requests report acceptance rates and successful installs to facilitate publisher compensation.^[29] These protocols support a three-stage process: device fingerprinting, offer fetching, and install verification.^[29]

Software Distribution

Programs That Included OpenCandy

OpenCandy was initially integrated into the DivX video codec and player software as an early adopter, generating significant revenue through its ad recommendation system during installations starting around 2008.^[30] This partnership marked the beginning of OpenCandy's adoption by various freeware developers seeking alternative monetization options. Numerous freeware and open-source applications bundled OpenCandy into their installers between 2007 and 2016, allowing developers to opt in for revenue sharing via contextual software recommendations displayed during setup. Known programs include DivX, FileZilla, ImgBurn (versions up to at least 2.5.8.0), FrostWire (around 2011), Foxit Reader (2013–2014), CamStudio, CDBurnerXP Pro, Format Factory, GOM Player, FreeFileSync (until 2016), uTorrent (2014–2015), WinSCP, Nitro PDF Reader (via PrimoPDF integration in 2009), and Snagit (recommended in bundled setups).^[31]^[30]^[32]^[33]^[34]^[35]^[36]^[37] Other examples from installer analyses encompass aTube Catcher, Freemake Video Converter, KMPlayer, and PeaZip, primarily utilities and media tools downloaded from third-party sites like Softonic or CNET.^[31] Adoption peaked from 2010 to 2015, coinciding with widespread criticism of bundled adware, leading to removals such as FreeFileSync's discontinuation of OpenCandy in 2016 following user feedback and antivirus flagging.^[32] Verification of these bundlings stems from developer disclosures, forum discussions, and direct installer examinations by security researchers.^[38]^[39]

User Impact and Revenue Model

OpenCandy's bundling mechanism often led to unintended consequences for users, including alterations to browser settings such as the installation of toolbars, extensions, or changes to default homepages and search providers without explicit consent.^[40]^[41] These modifications could prolong installation times, as users encountered additional prompts or screens requiring interaction to decline optional offers, potentially disrupting the software acquisition process.^[16] Furthermore, OpenCandy collected anonymous user data, including operating system details, language preferences, and geographic information, to tailor recommendations, raising privacy concerns despite claims of no personally identifiable information being gathered.^[16]^[3] The revenue model of OpenCandy relied on a pay-per-install (PPI) affiliate system, where software developers integrated the module into their installers to display contextual advertisements for third-party applications, earning commissions only when users accepted and installed the recommended software.^[29] Advertisers typically paid between $0.10 and $1.50 per successful install, with higher rates in regions like the United States (up to $1.50) compared to others such as the United Kingdom ($0.80), enabling developers to monetize freeware distributions as an alternative to traditional advertising or paid support models.^[29] This approach allowed publishers to receive a share of the revenue from accepted offers, providing an economic incentive for bundling while positioning OpenCandy as a bridge between free software maintenance and advertiser ROI.^[6]^[42] At scale, OpenCandy facilitated tens of millions of installations annually, powering recommendations in hundreds of popular programs and with one of the largest PPI networks reporting $460 million in revenue in 2014, though this widespread adoption often eroded user trust in free software ecosystems by associating legitimate downloads with potentially unwanted additions.^[29]^[16] For instance, it was integrated into installers for applications like CCleaner and uTorrent, amplifying its reach but highlighting the tension between developer revenue needs and user experience.^[16] OpenCandy was discontinued around 2016, though its components continued to be detected in some software installers, such as Photoscape, as late as 2024.^[43]

Classification and Reception

As Potentially Unwanted Program

OpenCandy has been classified as a potentially unwanted program (PUP), also known as a potentially unwanted application (PUA), due to its bundling practices that often occur without explicit user consent during the installation of third-party software.^[2] This classification stems from its mechanism of integrating adware modules into legitimate installers, which can lead to the unintended installation of additional software components without clear disclosure or opt-in mechanisms.^[41] Security experts define PUP criteria based on behaviors such as unauthorized system modifications, intrusive advertising, and data collection practices that compromise user privacy or system performance.^[44] In the case of OpenCandy, these include altering browser settings like homepages or search engines, injecting processes into running applications, and delivering targeted advertisements during software setup, all of which can make the program difficult to detect and remove without specialized tools.^[41] Unlike full malware, PUPs like OpenCandy lack destructive intent, such as data theft or system damage, but are considered grayware because of their deceptive bundling that exploits user trust in legitimate downloads.^[45] Major security vendors have formalized this classification through specific detection names and warnings. Microsoft identifies it as PUA:Win32/CandyOpen, noting its potential to degrade computing experience via bundled installations and system changes.^[41] Malwarebytes labels it PUP.Optional.OpenCandy, categorizing it as a bundler family that promotes adware without overt malice.^[2] ESET issues "potential threat found" warnings for programs containing OpenCandy, treating it as a potentially unsafe application that warrants user caution during downloads.^[4]

Criticism and Antivirus Detections

OpenCandy faced significant criticism for its bundling practices with legitimate software, often without clear user consent, leading to unwanted installations during the setup of trusted applications such as download managers and utilities.^[46] This approach was seen as deceptive, as opt-out options were not always prominently displayed or easily accessible, resulting in users inadvertently enabling adware functionality.^[47] Privacy concerns arose from its transmission of user-specific data, including machine codes, operating system details, and locale information, to remote servers without adequate notification or permission.^[46] Between 2011 and 2015, OpenCandy drew backlash through widespread user reports highlighting its role in adware proliferation, particularly as a pay-per-install network distributing bundled offers that evaded typical user protections.^[47] Security analyses during this period noted that OpenCandy was part of pay-per-install networks that together generated over 60 million weekly download attempts, often alongside other unwanted programs like browser hijackers, amplifying concerns about deceptive distribution tactics such as fake update prompts.^[47] These incidents contributed to its classification as a low-threat adware but underscored broader issues with consent in software ecosystems.^[46] Antivirus vendors responded with real-time detections targeting OpenCandy's components. Microsoft Defender classified it as PUA:Win32/CandyOpen, a potentially unwanted application capable of process injection and browser modifications. Trend Micro identified variants like Adware.Win32.OpenCandy.GISGB, which arrives via bundled downloads and promotes additional software.^[48] Sophos detected it under generic adware or PUA labels, focusing on its adware behaviors. These tools often blocked installations proactively, reflecting its status as a grayware threat. Following OpenCandy's discontinuation, detections persisted as false positives in legacy bundled files from older software installers.^[4] Vendors like ESET continued to flag remnants in 2022, triggering warnings for harmless but outdated components in third-party downloads.^[4] Trend Micro reported ongoing alerts for PUA.Win32.OpenCandy.PCE in 2023, primarily from historical distributions rather than active threats.^[5] Detections continued into 2024 and 2025 primarily as false positives in outdated installers, such as those from legacy versions of software like PDFCreator.^[49]^[50] This lingering scrutiny highlighted the challenges of cleaning up adware ecosystems post-shutdown.

Removal and Mitigation

Installation Workarounds

Users can prevent OpenCandy from being installed by utilizing command-line flags supported by certain software installers that bundled it. The /NOCANDY flag, when appended to the installer executable (e.g., setup.exe /NOCANDY), disables the OpenCandy module during the installation process for compatible programs such as ImgBurn.^[51]^[52]^[53] Although OpenCandy integrations have largely ceased since the mid-2010s, these methods remain relevant for legacy software or remaining bundled installers as of 2025.^[2] During the installation of software known to bundle OpenCandy, selecting the custom or advanced installation option allows users to review and uncheck any checkboxes offering additional software or advertisements. This opt-out mechanism is typically presented on intermediate screens before the final installation steps, ensuring OpenCandy is not selected if users actively decline the offer.^[54] Before running any installer, users should scan the executable file using online tools like VirusTotal to detect OpenCandy signatures or related potentially unwanted programs. VirusTotal aggregates detections from multiple antivirus engines, many of which flag OpenCandy components in bundled installers, providing an early warning to avoid execution.^[40] Software developers who bundled OpenCandy often included disclosures in their release notes or changelogs, particularly between 2008 and 2016 when the practice was prevalent, allowing users to identify potential bundling in advance. Checking official download pages or version histories for such mentions enables informed decisions prior to installation.^[2]

Post-Installation Removal

To detect OpenCandy components after installation, users can employ specialized security tools that identify it as a potentially unwanted program (PUP). Malwarebytes Anti-Malware scans for and flags instances as PUP.Optional.OpenCandy, allowing quarantine and removal through its interface.^[2] AdwCleaner, a free tool from Malwarebytes, performs targeted scans for adware remnants, including OpenCandy-related files and registry entries, and automates their deletion.^[55] Windows Defender, built into Windows, detects OpenCandy variants such as PUABundler:Win32/CandyOpen during full system scans and prompts for removal actions.^[56] For automated removal, initiate a full system scan using one of the aforementioned tools, followed by a reboot if required to finalize the process. Malwarebytes and AdwCleaner handle most persistence mechanisms without manual intervention, including temporary files and browser hijacks associated with OpenCandy.^[2] To verify thoroughness, run Autoruns from Microsoft Sysinternals, which lists startup entries and can highlight any lingering OpenCandy-related autorun keys or services for selective disabling.^[57] Manual removal involves targeting specific files, browser configurations, and registry entries, though this requires caution to avoid system instability. Delete OpenCandy-linked DLLs such as OCComSDK.dll, typically found in temporary folders like %TEMP% or application directories from bundled installers.^[25] Reset affected browsers to default settings: for Google Chrome, navigate to Settings > Advanced > Reset and restore settings; similar processes apply to Firefox via Help > More Troubleshooting Information > Refresh Firefox, and Edge via Settings > Reset settings.^[40] Clear relevant registry entries under HKEY_LOCAL_MACHINE\SOFTWARE\OpenCandy using the Registry Editor (regedit.exe), after backing up the registry, to eliminate configuration remnants.^[20] Post-removal verification ensures no residual activity by monitoring Task Manager for suspicious processes like rundll32.exe instances tied to OpenCandy and reviewing network logs in tools such as Wireshark or Windows Event Viewer for outbound connections to OpenCandy domains.^[40] If activity persists, repeat scans with multiple tools to address any overlooked components.^[58]

References

[1]
OpenCandy brings the bucks to desktop software - CNET
Jan 10, 2013 · OpenCandy has hit more than 1 billion installs of Windows freeware, and month-over-month volume increased by 63 percent in 2012. Payment rates ...
[2]
PUP.Optional.OpenCandy - Malwarebytes
OpenCandy hijacks a browser's home page, installs unwanted toolbars, plug-ins, and extensions to the web browser, and collects information about a user's ...
[3]
Adware.Win32.OpenCandy - Kaspersky Threats
Adware covers programs designed to display advertisements (usually in the form of banners), redirect search requests to advertising websites, and collect ...
[4]
[KB2677] Why does OpenCandy trigger a threat warning?
Mar 3, 2022 · OpenCandy will trigger a "Potential threat found" warning (see Figure 1-1) after an ESET user downloads any program bundled with OpenCandy.
[5]
PUA.Win32.OpenCandy.PCE - Threat Encyclopedia - Trend Micro
Jan 4, 2023 · This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users ...
[6]
Interview with Darrius Thompson, OpenCandy - socaltech.com
Nov 18, 2008 · What's the idea behind OpenCandy? Darrius Thompson: We came from a company called DivX, where we had built a business primarily around consumer ...
[7]
San Diego Startups — OpenCandy - Brant Cooper
OpenCandy [one of two products offered by SweetLabs] inserts recommendations for other software into software installation routines. This isn't just an ad ...Missing: history | Show results with:history
[8]
OpenCandy: The Power of the Team - Forbes
Feb 23, 2011 · I talked to one of the founders, Chester Ng. And yes, he said the partners are still working together! True, they often have heated ...
[9]
San Diego startup SweetLabs picks Seattle for new office - GeekWire
Oct 4, 2011 · Prior to co-founding SweetLabs, Chweh served as vice president of engineering for ZenGarden/Stage6.com. That was a spin-out of DivX, a San Diego ...
[10]
https://venturebeat.com/ai/sweetlabs-raises-13m-for-desktop-apps-interface/
[11]
How do I bundle an exe with OpenCandy's offer platform?
Feb 22, 2011 · You can download our SDK at http://media.opencandy.com/sdk/OpenCandyPublisherKit.zip, which includes instructions for integrating OpenCandy.Missing: third- party
[12]
Riskware/OpenCandy - Virus | FortiGuard Labs - Fortinet
Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software.
[13]
SweetLabs
Feb 14, 2023 · This website uses essential cookies to provide you the best online experience. ... SweetLabs is a leading app developer and partner for ...
[14]
Ongoing notifications for win32:pup-gen / win32:OpenCandy threats ...
Oct 6, 2025 · This PUA, like OpenCandy, often comes bundled with other freeware and performs potentially unwanted actions, such as installing toolbars or ...
[15]
Adware.OpenCandy Removal Report - Enigma Software
Adware.OpenCandy is a dangerous adware software package, which proliferates without user's consent and awareness.
[16]
OpenCandy explained: what you need to know about the technology
Aug 6, 2012 · OpenCandy is a technology that software companies can add to installers to earn money from optional software offers that are based on a system scan and the ...Missing: history | Show results with:history
[17]
Tempted By The Dark Side, OpenCandy's Bundled App Installs Now ...
Sep 11, 2010 · Developers add a small piece of code provided by OpenCandy to their install process. Then, when a user installs the developer's software ...
[18]
PUA:Win32/CandyOpen threat description - Microsoft Security Intelligence
### Summary of OpenCandy's Windows Components
[19]
OpenCandy | Wilders Security Forums
May 23, 2011 · A more general reply from the CEO of the OpenCandy company at the OpenCandy site : The Story Behind the OpenCandy and Microsoft Adware Debacle.Missing: official | Show results with:official
[20]
Manual Removal Guide for OpenCandy - Spybot Anti-Malware and ...
Jan 30, 2017 · The following instructions have been created to help you to get rid of "OpenCandy" manually. Use this guide at your own risk.
[21]
OCComSDK.dll: What is it & How to Get Rid of it? - Windows Report
Oct 22, 2024 · If you ever notice occomsdk.dll on your PC, it is likely that you're infected by malware, and this guide will show you how to remove it.Missing: analysis | Show results with:analysis
[22]
What is OCSetupHlp.dll? - FreeFixer
OCSetupHlp. dll is digitally signed by OpenCandy. OCSetupHlp. dll is usually located in the 'c:\docume~1\%USERNAME%\locals~1\temp\is-3cvn8.Missing: size | Show results with:size
[23]
OCSETUPHLP.DLL Download Version 1.6.4.114 32bit
OpenCandy recommendation engine p39. Version. 1.6.4.114. Architecture. 32 bit. Threat Score. 0 %. Original size. 807.3 Kb. Download size. 415.1 Kb.<|separator|>
[24]
OCSetupHlp.dll - Malwarebytes for Windows Support Forum
Feb 24, 2016 · I have just discovered this dll is pressent in my 'Malware exclusion' list. Can this really be true? I have not placed it there myself.Missing: dropped OCComSDK. Fusion. behaviors
[25]
What is OCComSDK.dll? - FreeFixer
5 of the 55 anti-virus programs at VirusTotal detected the OCComSDK.dll file. That's a 9% detection rate. Scanner, Detection Name. AVG, OpenCandy.37B.Missing: analysis | Show results with:analysis
[26]
Remove Adware.OpenCandy (Removal Guide)
... OpenCandy\CA02AB1E46B74E309B9F21012D53833D\dlm.exe.vir File name: dlm.exe.vir. Size: 302.88 KB (302888 bytes) MD5: 1cb3a1365543e07611a90ef9f1c9a3f3. Detection ...
[27]
All about dlm.exe (Download Manager) - File.Info
The dlm.exe process is also known as Download Manager or, as the case may be, OpenCandy recommendation downloader (Version p46) and is a part of Download ...
[28]
Riskware/OpenCandy - Virus | FortiGuard Labs
Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic ...
[29]
[PDF] Investigating Commercial Pay-Per-Install and the Distribution of ...
Jan 7, 2016 · We develop an analysis pipeline to track the business relationships underpinning four of the largest commercial PPI networks and clas- sify the ...
[30]
OpenCandy brings ad market to software installs. What? - CNET
Nov 11, 2008 · He says that the program generated millions of dollars a month for DivX, as a ride-along to the company's consumer software. And that's just one ...
[31]
How to Avoid OpenCandy - - - Britec How-to Videos
Nov 24, 2015 · OpenCandy programs. Here is a list of applications that may be bundled with OpenCandy: ApexDC++. ATI Tray Tools aTube Catcher avast! Free ...
[32]
OpenCandy - FreeFileSync Forum
May 14, 2018 · FreeFileSync is not using OpenCandy anymore since 2016. Meanwhile the "OpenCandy" business has been cancelled anyway.
[33]
Is 2.5.8.0 still bundled with OpenCandy? - ImgBurn Forum
Jan 21, 2021 · Read on the Wikipedia page that the final version still included OpenCandy, I reluctantly installed it using the file hosted here and no adware confirmations.
[34]
New FrostWire 4.21.8
May 6, 2011 · 6 AVG wipes out FrostWire because of a malware known as OpenCandy. As soon as I load it the Resident Shield grabs it and wipes it out ...
[35]
Remove OpenCandy from your Windows PC - gHacks Tech News
Rating 5.0 (2) Jun 23, 2014 · Foxit Reader's download manager tried installing this after they were done updating, Malwarebytes stop it right in it's tracks. Thanks for ...
[36]
Malware on Install - Bug Reports - µTorrent Community Forums
Mar 29, 2014 · Main Problem is Malware. During install the `PUP.Optional.OpenCandy` malware was detected along with some other cleanup utility. Both were killed during the ...
[37]
OpenCandy Suggests Apps You Might Actually Want During Installs ...
Sep 30, 2009 · And today it's announcing that it's been integrated with the latest version of PrimoPDF by Nitro PDF, the most popular freeware PDF creator. We' ...
[38]
To those who are unhappy about 2.5.8.0 being bundled with ...
Jun 18, 2013 · Simply decline any OpenCandy recommendation(s), and OpenCandy will disable and delete itself when the main installer you are running completes.Missing: process | Show results with:process
[39]
uTorrent update installer detected as PUP.Optional.OpenCandy
Dec 26, 2014 · MBAM isn't the only product detecting this old uTorrent installer as OpenCandy, however it's only hit by a total of 4 including Malwarebytes and ...Utorrent false detection !!! - File Detections - Malwarebytes ForumsOpenCandy detected in uTorrent executable - Malwarebytes ForumsMore results from forums.malwarebytes.com
[40]
OpenCandy Adware - Easy removal steps (updated) - PCrisk.com
Aug 14, 2022 · OpenCandy is classified as adware because it generates annoying pop-ups, banners, surveys, coupons, and other advertisements.
[41]
PUA:Win32/CandyOpen threat description - Microsoft
Mar 11, 2015 · This application was stopped from running on your network because it has a poor reputation. This application can also affect the quality of your computing ...
[42]
SIW - System Information for Windows by Gabriel Topala
### OpenCandy Revenue Model, Share with Developers, Commissions
[43]
PUP: Potentially unwanted program / PUA - Kaspersky
PUP criteria include web violations such as altered search results, download violations or bookmark entries, as well as advertising no-gos such as intrusive pop ...
[44]
Detect and block potentially unwanted applications - Microsoft Learn
Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install ...
[45]
[PDF] Microsoft Security Intelligence Report
Apr 12, 2011 · Malware can hide inside a legitimate process as a DLL, using a technique called. DLL injection. Process Explorer's lower pane (which can be ...
[46]
[PDF] Investigating Commercial Pay-Per-Install and the Distribution of ...
Aug 10, 2016 · Users may have no knowledge of the behaviors of the bundled offers. sells access to compromised hosts, deceptive commercial. PPI outfits rely on ...
[47]
Adware.Win32.OpenCandy.GISGB - Threat Encyclopedia
Nov 9, 2020 · This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users ...
[48]
installer - Does /NOCANDY avoid any adware-related activities with ...
Apr 20, 2010 · OpenCandy claims that using the /NOCANDY switch when using a OpenCandy-affiliated installer allows you to avoid opencandy.Missing: workarounds DivX
[49]
OpenCandy - Adware or not? - Security - Spiceworks Community
Aug 26, 2011 · A: When you run an installer powered by OpenCandy, it asks our servers for a list of applications that the developer of the software you're ...
[50]
OpenCandy ads (Removal Guide) - Oct 2020 update - 2-Spyware.com
Oct 7, 2020 · Select Internet Protocol Version 4 (TCP/IPv4) and pick Properties; Check Obtain DNS server automatically and click OK. After the app is gone ...
[51]
Avoiding The OpenCandy Installer - TweakHound
Aug 19, 2013 · In a nutshell OpenCandy is a way for freeware developers to make a dollar or two by offering to install 3rd party software. At times the ...Missing: SDK third-
[52]
How To Remove PUP.Optional.OpenCandy (Removal Guide)
Aug 21, 2013 · This page contains step by step instructions on how to remove PUP.Optional.OpenCandy virus from Windows XP, Vista, 7 and 8.
[53]
Remove opencandy virus - Microsoft Q&A
May 10, 2023 · I think my windows 7 laptop have opencandy virus because I downloaded imgburn and my laptop sometimes open chrome until my laptop freeze.pup.opencandy/variant - Microsoft Q&ACandy Open detected. Unable to clean with Windows Security ...More results from learn.microsoft.com
[54]
Autoruns - Sysinternals - Microsoft Learn
Feb 6, 2024 · Autoruns shows programs configured to run during bootup or login, including startup folder, Run, RunOnce, and other Registry keys.
[55]
Remove Riskware.OpenCandy Virus (Easy Removal Guide)
Dec 16, 2014 · This page contains step by step instructions on how to remove Riskware.OpenCandy virus from any Windows PC.