Jump to content

PUP.Optional.OpenCandy was installed with 3.4.6 Beta build 41182 even though I had pressed "Decline Offer" -- the same with 3.4.5 build stable 41162


darkred

Recommended Posts

(This thread is related to this one )

 

 

I clean installed 3.4.6 Beta (build 41182) (in win10 x64 build 10240) by running the installer .

I pressed "Decline offer" for "Search Offer" during install.

After the installation finished, scanned with latest Malwarebytes Antimalware.

It found the following :

Processes: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [7e3c3c17b5d6330345a1595d05fdcf31],PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [7e3c3c17b5d6330345a1595d05fdcf31],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 2PUP.Optional.OpenCandy, C:\Users\Kostas\AppData\Local\Temp\HYD7976.tmp.1443870320\HTA\install.1443870320.zip, , [9129292a92f9a78f23c3c4f209f902fe],PUP.Optional.OpenCandy, C:\Users\Kostas\AppData\Local\Temp\HYD7976.tmp.1443870320\HTA\3rdparty\OCComSDK.dll, , [7e3c3c17b5d6330345a1595d05fdcf31]

There's NO entry in "Programs & Features" in order the user to uninstall this.

 

 

I even recreated the above procedure in virtual machine of win 10 x64

and it happened the exactly same thing.

 

 

 

I also did the following in a virtual machine:

clean installed utorrent 3.4.5 build stable 41162, (there was NO Offer during install)  ---> scan result: PUP.Optional.OpenCandy found

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...