darkred Posted October 6, 2015 Report Share Posted October 6, 2015 (This thread is related to this one ) I clean installed 3.4.6 Beta (build 41182) (in win10 x64 build 10240) by running the installer .I pressed "Decline offer" for "Search Offer" during install.After the installation finished, scanned with latest Malwarebytes Antimalware.It found the following :Processes: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [7e3c3c17b5d6330345a1595d05fdcf31],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 2PUP.Optional.OpenCandy, C:\Users\Kostas\AppData\Local\Temp\HYD7976.tmp.1443870320\HTA\install.1443870320.zip, , [9129292a92f9a78f23c3c4f209f902fe],PUP.Optional.OpenCandy, C:\Users\Kostas\AppData\Local\Temp\HYD7976.tmp.1443870320\HTA\3rdparty\OCComSDK.dll, , [7e3c3c17b5d6330345a1595d05fdcf31]There's NO entry in "Programs & Features" in order the user to uninstall this. I even recreated the above procedure in virtual machine of win 10 x64and it happened the exactly same thing. I also did the following in a virtual machine:clean installed utorrent 3.4.5 build stable 41162, (there was NO Offer during install) ---> scan result: PUP.Optional.OpenCandy found Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.