OpenCandy

---

title: "OpenCandy" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["windows-adware", "windows-malware", "defunct-software-companies-of-the-united-states"] description: "Adware module classified as malware" topic_path: "technology/operating-systems" source: "https://en.wikipedia.org/wiki/OpenCandy" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Adware module classified as malware ::

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors.{{citation |title=PUP.Optional.OpenCandy |publisher=Malwarebytes |url=https://blog.malwarebytes.com/detections/pup-optional-opencandy/ |access-date= 3 February 2018}}{{citation |title=OpenCandy |publisher=Sophos |url=https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OpenCandy/detailed-analysis.aspx |access-date= 3 February 2018}}{{citation |title=ADW_OPENCANDY |publisher=Trend Micro |url=https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adw_opencandy |access-date= 3 February 2018}}{{citation |title=Virustotal analyses of OpenCandy |publisher=Virus Total |url=https://virustotal.com/en/file/81196839f19269ce807e43c8b9669459dc833d6fd2d510646fc0bebc0e0ef2eb/analysis/#comments |access-date= 3 February 2018}} They flagged OpenCandy due to its undesirable side-effects.{{citation |date=16 April 2017 |title=Controversial Advertising Program Now Being Embedded in More Software |last=Richards |first=Gizmo |publisher=Tech Support Alert |url=https://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm |access-date=2 February 2018 |archive-date=12 July 2021 |archive-url=https://web.archive.org/web/20210712042359/https://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm |url-status=dead |date=11 November 2008 |title=OpenCandy brings ad market to software installs. What? |last=Needleman |first=Rafe |publisher=CNET news |url=http://www.cnet.com/tech/services-and-software/opencandy-brings-ad-market-to-software-installs-what/ |access-date=2009-08-18}}

OpenCandy's various undesirable side-effects included changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collected and transmitted various information about the user and their Web usage without notification or consent. After massive criticism of the software occurred, it was eventually discontinued in August of 2016.

Development

The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2007 from Yahoo and other software developers, after 250 million downloads.{{citation |title=OpenCandy inserts recommendations when you install software |date=10 November 2008 |last=Marshall |first=Matt |url=https://venturebeat.com/2008/11/10/opencandy-recommends-software-when-youre-installing-stuff/ |access-date = 2009-08-18}}

Chester Ng, the former DivX business development director, is chief business officer and Mark Chweh, former DivX engineering director, is chief technology officer.

Windows components

Components that the program used may have differed but here are some similar names based on versions of the software.

Files dropped

• OCComSDK.dll
• OCSetupHlp.dll
• Fusion.dll

Processes

• spidentifier.exe
• rundll32.exe

DNS and HTTP queries

• tracking.opencandy.com.s3.amazonaws.com
• media.opencandy.com (website not available)
• cdn.opencandy.com
• cdn.putono5.com
• tracking.opencandy.com
• api.opencandy.com
• www.arcadefrontier.com

Software known to have included OpenCandy

• AC3Filter
• Auslogics Disk Defrag
• CamStudio (since version 2.7 r316)
• CDBurnerXP (depending on version; alternate download without OpenCandy available; confirmed 2017-03-01)
• FileZilla (present in 2013)
• Format Factory
• Foxit Reader (6.1.4 – 6.2.1)
• FreeFileSync (dropped April 2018)
• FrostWire
• GOM Player
• ImgBurn (since version 2.5.8.0, though only on the version of the installer distributed directly from imgburn.com; the version distributed from the official mirror sites is adware-free)
• mIRC
• MP3 Rocket
• Orbit Downloader (confirmed 2015-10-24)
• PDFCreator
• PhotoScape
• PrimoPDF
• Sigil (dropped in version 0.5.0 and later)
• Trillian (dropped 5 May 2011)
• μTorrent
• WinSCP (through August 2012)
• FL Studio Installer

Workarounds

There were workarounds to bypass OpenCandy by running some installers with a /NOCANDY parameter on the command line, which was up to the installer to support or not.

References

References

1. [http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ADW_OPENCANDY ADW_OPENCANDY:] [[Trend Micro]] page, 30 April 2016
2. (2016-01-24). "What is OpenCandy and How to remove it?".
3. (7 December 2023). "OpenCandy".
4. (7 December 2023). "Antivirus notes".
5. (22 January 2014). "Inquiry about detection of Auslogics Defrag Free Edition – ESET NOD32 Antivirus".
6. "Complete Version history / Release notes / Changelog".
7. "CDBurnerXP: FAQ".
8. "FileZilla OpenCandy".
9. "Format Factory – Free media file format converter".
10. "Does Foxit Reader free 6.1.4.0217 have malware?". Foxit Corporation Forums.
11. Zenju. "FreeFileSync".
12. "FrostWire: Downloader, BitTorrent Client and Media Player".
13. "GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote.".
14. LIGHTNING UK!. (2013-06-16). "The Official ImgBurn Website: Change log".
15. LIGHTNING UK!. (2013-06-16). "The Official ImgBurn Website: Download".
16. (2016-10-29). "MD5 doesn't match any downloadable installers – ImgBurn General".
17. (2016-06-23). "Wrong hash? – ImgBurn Support".
18. (2017-01-31). "Wrong Hash 2 – ImgBurn Support".
19. (2013-06-17). "ImgBurn".
20. (2017-03-31). "ImgBurn Download: Changelog".
21. (2016-06-20). "Codecs.com {{!}} Downloads for ImgBurn 2.5.8".
22. (2016-06-23). "ImgBurn".
23. gizmo, richards. (2014-02-08). "Controversial Advertising Program Now Being Embedded in More Software". Gizmo's Freeware.
24. "MP3 Support Analysis – herdProtect".
25. [http://www.orbitdownloader.com/what-is-opencandy.htm] {{Webarchive. link. (9 April 2016 On the Help/Facts page)
26. [http://forums.pdfforge.org/discussion/comment/19987#Comment_19987 Discussions on pdfforge Forums] {{webarchive. link. (4 March 2016)
27. [https://photoscape.en.lo4d.com/virus-malware-tests] PhotoScape – Virus and Malware
28. Schember, John (21 January 2012). "Sigil 0.5.0 Released".
29. (29 March 2014). "Malware on Install".
30. "WinSCP – OpenCandy".
31. Found in FL Studio 12.1.2 Installer – By Windows Defender: PUA:Win32/CandyOpen / OCSetupHlp.dll
32. (2021-08-06). "OpenCandy explained: what you need to know about the technology".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::