OpenCandy ads (Removal Guide) - Oct 2020 update

OpenCandy ads Removal Guide

What is OpenCandy ads?

OpenCandy is an application that injects computers with unwanted programs

OpenCandy virusOpenCandy unwanted program may install browser hijackers, toolbars, extensions, etc.

Adware OpenCandy is a dubious application created by SweetLabs which infiltrates machines with other unwanted software, including browser hijackers,[1] browser add-ons or toolbars, other adware programs, system optimizers, questionable security software, etc. Adware comes bundled together with most popular Windows programs, such as uTorrent, Flvto YouTube Downloader, Freemake Video Converter, and many others. The suspicious app also spies on users by gathering a certain type of information without their knowledge and sends it out to third-parties for marketing purposes.

Unlike many other adware apps that are easy to get rid of, OpenCandy acts more like a virus during the installation – it forcefully changes DNS settings, appends local proxy, modifies boot configuration data, stops Windows updates. injects processes into system, etc. With the help of these modifications, it is capable of hijacking Google Chrome, Mozilla Firefox, MS Edge, or another browser, redirect traffic, inject ads, and render a Windows computer vulnerable[2] to cyber attacks.

Due to its deceptive distribution, operation and persistence techniques, OpenCandy is detected by multiple security vendors under the following names: PUA:Win32/CandyOpen, OpenCandy (PUA), PotentialRisk.PUA/OpenCandy.Gen, A Variant Of Win32/OpenCandy.A Potentially Unsafe, Adware.OpenCandy.137, Win32:OpenCandy-D [PUP], and others.[3]

Name OpenCandy
Type Adware
Developed by SweetLabs
First seen 29.11.2010
Processes spidentifier.exe and rundll32.exe
Distribution Software bundling, deceptive ads, fake update prompts
Symptoms Changed homepage, extra apps installed without consent, advertisements, redirects, etc.
Elimination You can delete potentially unwanted programs manually, although not all elements might be deleted this way – you should employ anti-malware and use it to delete PUPs automatically instead
System fix PUA:Win32/CandyOpen performs a variety of unwanted changes on the system – these might not be reverted/fixed by security software. Thus, we recommend using FortectIntego for the purpose

OpenCandy can change startup page by modifying Google Chrome, Internet Explorer, Mozilla Firefox, Safari or other browser's settings, install additional components without permission (such as Pokki), which can ultimately lead to intrusive advertisement and rerouting practices. It is not a secret that adware dramatically diminishes web surfing experience and is never welcomed on any PC. Nevertheless, the app enters machines legally, as users technically (although most likely unintentionally) accept the installation.

Open Candy is a Windows executable file which was first noticed in November 2010. The software module consists of a Microsoft Windows library, that can be hidden in any Windows installer. The Task Manager usually shows the following processes running: spidentifier.exe and rundll32.exe, although other processes used by unintentionally installed programs may run as well. Users should remove OpenCandy virus to stop these processes, as well as prevent the infiltration of additional unwanted programs.

PUA:Win32/CandyOpen also modifies Windows registry to launch with every system boot for persistence reasons. As a result, users who want to uninstall the app from their systems might not be able to. Additionally, possibly the most dangerous trait of this adware is that it prevents Windows from automatically download system updates and disables User Account Control – both of these features are used for security and cyberattack prevention.

PUA:Win32/CandyOpen detectionMany Windows Defenders users spotted that PUA:Win32/CandyOpen is still active years after its release

Some of the applications that distribute OpenCandy adware are well-known and reputable. One might ask why respected developers would include such dubious app in their installers? The answer is quite simple – revenue. Software development often costs a lot of money and authors simply want to gain extra cash by bundling unwanted programs. It has been publicized minimally before, and developers do not like to speak about it. Nevertheless, it is slowly coming to light: we all know that Java popularized the notorious Ask toolbar, which is now considered malware by Microsoft.[4]

Be careful when installing one of these applications, as they might include Open Candy bundled:

  • DivX
  • Avast Antivirus Free
  • FileZilla
  • uTorrent
  • PDFCreator
  • mIRC, etc.

As we already mentioned, OpenCandy is adware program which seeks to gain monetary benefit by injecting additional programs into as many users' PCs as possible. Every install results in revenue, therefore, it is the biggest developers' interest. Ultimately, installed programs clutter and bloat the system, resulting in a frustrating experience for users. Thus, even though it might seem like some programs are “free” – they are not.

To further increase the benefit for themselves, Open Candy creators gather data about users' browsing activities and share it with third parties. This is widely practiced across many platforms; however, it is done without users' consent, which is highly controversial practice.

Adware programs do not bring any benefit and only flood the PC with unnecessary software. Thus, we suggest performing OpenCandy removal as soon as possible. The easiest way to terminate potentially unwanted apps along with the invisible malware is to scan the device with SpyHunter 5Combo Cleaner, Malwarebytes, or other reputable security software. In case the anti-virus does not fix the changes made by the infection, we recommend using FortectIntego as an automatic solution.

OpenCandy unwanted programOpenCandy is a questionable application which may install additional unwanted apps without users' consent

Adware slips in into machines undetected due to software bundling

Seemingly, unwanted apps may show up entirely out of nowhere. It is not true, however, and you did give your permission to install these applications (even without noticing it). Next, Next, Next, Next… done! That is what most people do during the installation of software. Do we need to mention Term and Conditions? Nobody reads that. Right? Well, it is a bad practice, as these documents can provide vital information on what you agree to.

Unfortunately, not many of us do that, as we all want to be done with the installation as soon as possible. It is a wrong way to approach it, as this behavior can compromise your virtual safety and computer security. Thus, be attentive and do not rush. Carefully look at each of the installation steps, and always pick Advanced settings when prompted. Then, eliminate all the pre-ticked components before the process is complete. Naturally, Recommended or Quick method should be avoided at all times – it might hinder the option to opt out of unwanted programs.

OpenCandy PUPOpenCandy can offer a variety of toolbars and other apps, although most of them are useless and simply clutter the browser

Best strategies to remove OpenCandy virus from the infected computer

Technically, OpenCandy virus belongs to the category of potentially unwanted programs and is, mostly, harmless. However, security experts[5] note that it may also cause a bunch of various inconveniences during your browsing sessions, such as system slowdowns, suspicious redirects, the appearance of annoying advertisements and so on.

If you want to prevent all that, we recommend you remove OpenCandy right away. For that, you can either follow a guide provided below and get rid of this adware manually or install one of the anti-spyware programs to perform automatic elimination on your computer. In fact, we highly recommend you to select automatic OpenCandy removal option to make sure that every component related to this adware is gone.

Additionally, since PUA:Win32/CandyOpen also modifies the DNS settings, you should ensure that you reset them to default. Here's how to do that:

  • Right-click on Start and select Settings
  • Go to Network & Internet and select Ethernet on the left
  • On the right, pick Change adapter options
  • Right-click on your connection and select Properties
  • Select Internet Protocol Version 4 (TCP/IPv4) and pick Properties
  • Check Obtain DNS server automatically and click OK.

After the app is gone, ensure that you check for the latest Windows updates via the settings panel and install them as required.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of OpenCandy ads. Follow these steps

Uninstall from Windows

To delete OpenCandy adware from Windows OS, follow these steps:

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

If you want to get rid of the PUP from Mac, follow these instructions:

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

You have to manually reset Google Chrome after uninstallation of the PUP is complete:

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of OpenCandy registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting adware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

Removal guides in other languages