[Removal Thread] PUP.Optional.OpenCandy Brings in More Items and Will Not Remove

What Is PUP.Optional.OpenCandy?

PUP.Optional.OpenCandy is an integrated part of OpenCandy pop-up ad. It is accurately defined as a PUP (potentially unwanted program) for the unpleasant scenes it triggers:

1. Ads pop up randomly during the surfing session.
2. Additional web applications will be detected on the target machine.
3. Other PUPs will also be detected, such as PUP.Optional.DoSearches.A and PUP.Optional.Conduit.A.
4. The appearance of PUP.Optional.OpenCandy slows down the page-loading speed.

PUP.Optional.OpenCandy cannot be removed by anti-virus program since it has no vicious attribute code; however, it can be flagged by security utilities informing some potential dangers to PC users. VilmaTech Online Support would suggest a continuous reading. Get the solution after knowing the dangers. Should you need any help, just start a live chat window here.

 

Count PUP.Optional.OpenCandy’s Potential Dangers

First of all, PUP.Optional.OpenCandy bundles with items with huge traffic so as to make itself popular. Practices show that PUP.Optional.OpenCandy doesn’t do filtering work to rule out some potentially dangerous access. What’s worse, to net as many PC users as possible, the PUP would co-operate as many online operators as possible. In return, PUP.Optional.OpenCandy would load in those applications. As a result, the limited resource will be taken up and little of it will be left to maintain normal operation.

Second, though OpenCandy claims to adopt advanced technology, it still give fact chances for infections to take advantage of it by bundling with dosearches, conduit search and the similar ones with loose structure. Bug will then be exploited readily.

Third, with slightly modified BHO and JS techniques (the two basic techniques to build a web page), OpenCandy manages to hook DOM (Document Object Model) of the current page and thus control navigation as well as stick to machine. Such modified techniques have been widely applied and they are safe unless loose structure is available. Once PUP.Optional.OpenCandy is captured by virus, the two techniques will be utilized to collect any in-put information, including log-in credentials.

It should be now clear than ever that PUP.Optional.OpenCandy should be removed as soon as possible manually. Below is the removal thread offered by VilmaTech Online Support. Be noted that certain level of computer knowledge and skills are required to carry out the following steps correctly so as to reach complete and through removal since the images, directories displayed in this article might differ from what you observe when following these instructions on your computer due to the OS installed.

 

Follow Thread to Remove PUP.Optional.OpenCandy

Step1
reset browser settings to clean up the items related to PUP.Optional.OpenCandy at once.

Internet Explorer

• Click on Tools menu to select Internet Options.
• Please then tap Advanced tab to press on Restore Defaults button there.
  

 
Firefox

• Hit Firefox button to select Help.
• Choose Troubleshooting information in the drop-down list.
• When you get another pop-up window, please press on ‘Reset Firefox’ button.
  

 
Chrome

• Click on ‘Customize and Control Google Chrome’ menu to select ‘Options’.
• Tap ‘Under the Hood’ tab to press on ‘Reset to Defaults’ button there.
  

 
Opera

• Show hidden files and folders (explicit instruction on this is shown below).
• Navigate to “C:\Users\user_name\AppData\Roaming\Opera\Opera\” and remove Operapref.ini file.
  

 
Safari

• Click on Safari menu to select ‘Reset Safari’.
• When you get another pop-up window, please tick all given options.
• Finally, press ‘Reset’ button.
  

 
 
Step2
modify Hosts file to block PUP.Optional.OpenCandy.

Windows users to follow up

• Go to C:\Windows\System32\drivers\etc and click open Hosts file.

 
Mac OS X users to follow up

• Access Utilities in Finder folder for Terminal.
  
• Type “etc” and hit Enter/Return key and then click open Hosts file.

When done, please add the followings to the Hosts file before saving it.
127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com

 
 
Step3
show all hidden items to remove temp files and the related ones to PUP.Optional.OpenCandy.

Windows 7/XP/Vista users to follow up

• Click on Start menu to select ‘Control Panel’.
• Please then access “user accounts and family safety” for ‘Folder Options’.
  
• Click on View tab to tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.

 
Windows 8 users to follow up

• Click open Windows Explorer on Start screen.
• Click on View tab to tick ‘File name extensions’ and ‘Hidden items’ options.
  

1. When done, please navigate to the following directories and remove all temp files.
   C:\WINDOWS\Temp
   C:\Documents and Settings\[user name]\Local Settings\Temp
   C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File 

 

2. Remove the following items:
   C:\Users\Username\Downloads\InternationalPrimoPDF.exe
   C:\Documents and Settings\New User\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab 

 

3. Navigate to the following directories to remove the items generated on the day when PUP.Optional.OpenCandy was firstly found:
   %Program Files%\Common Files\
   C:\Windows
   C:\Windows\System32
   C:\Users\[your username]\Documents\
   C:\users\user\appdata\local\
   C:\Program Files\

 
Mac OS X users to follow up

• Click on Finder launchpad icon to select Utilities.
  
• Please then access Terminal window and paste the following line in:
  

  defaults write com.apple.Finder AppleShowAllFiles YES

• Press Return key.
• When the flashing line reoccur, please paste the following line in the terminal window:
  

  killall Finder

• Press Return key will show you all the hidden items.

 

When done, please follow the below steps to remove the temp files.

1. type
   cd ~/Library/Logs
   sudo rm -rf ~/Library/Logs/*
   and press Return button.

 

2. type
   rm -rf ~/Library/Safari/Downloads.plist
   cd ~/Library/Caches
   sudo rm -rf ~/Library/Caches/*
   and press Return button.

 
 

Why PUP.Optional.OpenCandy Sticks to Computer?

As an advertising application, PUP.Optional.OpenCandy need more traffic to make itself more popular on one hand and direct traffic to its partners’ sites on the other. Besides, to know the surfing preference for better promotion, PUP.Optional.OpenCandy needs to track down the online whereabouts. By sticking to a target machine, the PUP manages to achieve all the purposes.
 

How PUP.Optional.OpenCandy Spreads?

Drive-by download is the major way for PUP.Optional.OpenCandy’s propagation. As the ads by OpenCandy promote products and applications, in return, those products will contain OpenCandy as one of the sub-options in the installation package. Besides, to generate more traffic, the PUP would cooperate with traffic exchanging sites which are the ones we usually called as browser hijacker. Therefore, PUP.Optional.OpenCandy could appear when your browsers are hijacked. However, some reports saying that OpenCandy comes embedded into software without any mention that it is there.

To eradicate the chance of OpenCandy installing along with third party software, it is recommended to use the command “ProgamName /NOCANDY”. If you don’t know how to proceed actually, please do feel free to contact VilmaTech Online Support by starting a live chat window.

 

Defrag after Removing PUP.Optional.OpenCandy Completely

It has been made clear that some more items would install via PUP.Optional.OpenCandy and they are probably web applications. In such case, random content will be loaded into the target machine to consume resource unreasonably. To regain a perfectly running machine, it is recommended to defrag after the removal. Here’s the video to show how:

 

Published & last updated on April 22, 2020 by Erik V. Miller