Avast WEBforum

Other => General Topics => Topic started by: mchain on February 21, 2014, 11:26:50 PM

Title: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: mchain on February 21, 2014, 11:26:50 PM
See attached below:

Second .jpeg is from a routine uninstall of the previous version of Foxit Reader Free using Revo Uninstaller Free.

Scanned the downloaded .exe file gotten from the vendor's site (31.9 MB) with both avast! and Malwarebytes Free before running it.  Both reported file as clean.  Checked the EULA for evidence of any unwanted extensions or add-ons the user was agreeing to install before executing the file.  Found Open Candy present and noted that if the system was not connected to the Internet it would not download the components needed to install and run that, so out went the internet connection. 

No-opt out dialog box was ever presented during the new install of Foxit Reader.

Updated definitions for Malwarebytes and ran that after install was complete.  Did not allow Foxit Reader to run after installation was completed and the Finish window was open.  Scanned new install with Malwarebytes, and it found three instances of malware.  Rebooted the system after the Malwarebytes scan was completed and all were removed.

Newest version is 6.1.4.2017

Sneaky.  And very irritating.

Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: essexboy on February 21, 2014, 11:29:29 PM
I changed to Sumatra about a year ago http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: mchain on February 21, 2014, 11:36:17 PM
I changed to Sumatra about a year ago http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
Thank you for that.  What this really means is that user vigilance must be brought higher and higher levels, even with previously trusted software, when installing anything that is offered as free these days.  Free has become not free, as it were.

Got Open Candy?  It's your fault, as you did not read the EULA before you installed our free software.   ::)   >:(
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: Shiw Liang on February 22, 2014, 03:30:21 AM
Yeah Sumatra is a lot lighter than Foxit and doesn't install any toolbar on your system or you guys can still go back to Adobe because Sumatra had some trouble displaying some pdf pages with Chinese characters.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: SpeedyPC on February 22, 2014, 06:40:28 AM
Are you aware PDF-XChange Viewer Free doesn't have Open Candy and it far lighter than Foxit
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: Asyn on February 22, 2014, 06:55:07 AM
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?

I recommend free PDF-XChange Viewer.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: abruptum on February 22, 2014, 08:46:38 AM
Sometimes extracting the installer with 7-Zip is the way to get "clean" installer that doesn't install adwares.
It is working with KMPlayer,Advanced Codecs etc.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: CraigB on February 22, 2014, 11:44:13 AM
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?

I recommend free PDF-XChange Viewer.
Me too  :) http://www.tracker-software.com/product/pdf-xchange-viewer

Sumatra is also good but it doesn't allow online editing of forms, I never got it to work for me anyway.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: bob3160 on February 22, 2014, 04:00:58 PM
There's also NitroPDF (http://www.nitropdf.com/pdf-reader) and CutePDF (http://www.cutepdf.com/) for conversion to a PDF
You can also use the built in PDF reader in Chrome if that's your browser. :)
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: DavidR on February 22, 2014, 06:18:53 PM
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?

I recommend free PDF-XChange Viewer.

Another vote for PDF-XChange Viewer - I changed to this some time ago when Foxit PDF Reader Free got bloated and wanted to install a toolbar, etc.

CutePDF I used for some time, anything from the Cute range is likely to be good.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: maugrimx on February 23, 2014, 02:09:51 PM
cdburnerxp also installs opencandy, and izarc installs another unwanted program  http://forum.hosts-file.net/viewtopic.php?f=11&t=3603&hilit=izarc&start=10
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: AdrianH on February 23, 2014, 02:17:43 PM
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?

I recommend free PDF-XChange Viewer.

Another vote for PDF-XChange Viewer - I changed to this some time ago when Foxit PDF Reader Free got bloated and wanted to install a toolbar, etc.

CutePDF I used for some time, anything from the Cute range is likely to be good.

Been using PDF-XChange for many years now, excellent software.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: mchain on February 23, 2014, 10:17:53 PM
Thanks, everyone.

Will be making the change very soon.  Excellent support.  Thanks again to all.   ;D
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 24, 2014, 01:51:53 PM
AdwCleaner does a good job of getting rid of the Open Candy bundled-pest. Not irritating that developers bundle, because I fully understand  they also need a decent living, but irritating is that they are not up front about it and won't give you a chance to opt out or opt in even. You get these goodies delivered unwanted and mostly undesired, a classification term for a PUP. In the aftermath a lot of users even wonder where they got such an adware infection? So in this case it was a free reader that had it included.
MBAM also detects this Open Candy undesirable but cannot get rid of it completely and fails to reboot to do the final cleansing boot-bit of this pest.
We are entering days whenever you are not knowledgeable and  assertive enough your computer or peripheral is slowly taken out of your hands, where others decide what crap to silently install onto it. Good we have these forums here to at least get some users informed and wake them up to these new developments.

polonus
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: mchain on February 24, 2014, 06:44:39 PM
As long as we've got this topic going, add this free tool to the list; formerly clean and good, now not:  ImgBurn latest version 2.5.8.0 now also has unwanted adware installs [PUP's] w/o your explicit consent.  And this file is direct from the vendor's site.

Next oldest version is clean:  2.5.7.0    Sometimes it doesn't pay to upgrade to a newer version; you can open your system to unknown/unexpected new risks when you do.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: CraigB on February 24, 2014, 06:53:41 PM
As long as we've got this topic going, add this free tool to the list; formerly clean and good, now not:  ImgBurn latest version 2.5.8.0 now also has unwanted adware installs [PUP's] w/o your explicit consent.  And this file is direct from the vendor's site.

Next oldest version is clean:  2.5.7.0    Sometimes it doesn't pay to upgrade to a newer version; you can open your system to unknown/unexpected new risks when you do.
Also mentioned at FileHippo comments 8 months ago http://www.filehippo.com/download_imgburn/comments/
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 24, 2014, 06:59:10 PM
Hi mchain,

As the proverbial Mr. Scrooge is now chief of the board in many places and with many developers also - the actual amount of "crap to get money" will just grow.
The fabric is coming loose at the seams, I think. Look at what a sloppy site a big corp like Nividia is being hosted -> http://forum.avast.com/index.php?topic=146812.msg1065958#new 
Everybody wants those extra pennies, but at the same time wants to sit in the front row at minimal costs. One way or another you loose customers that way.
And in our example this is translated into dissatisfied users.

pol
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: CraigB on February 24, 2014, 07:12:15 PM
Off topic

Pol I don't see what an infected webpage has to do with adware included with installers ???

You also know as well as I do that any site can be hacked at any given time so I don't think I would go as far as to call NVidia sloppy, everyone including AV companies are always playing catch up to the malware guys.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 24, 2014, 07:28:11 PM
Hi craigb,

The common denominator here is "trying to burn the candle from both ends". And to have a cheap and insecure hoster and earn additional money from bundled downloads has the same underlying ideology. In that respect the policy is the same and it is wrong. Of course bundling software with crapware to get extra money and sloppy IT managment to save on cost is not the same, but the underlying principle is - that was what I wanted to point out. One is taking a penny on the side and the other one is saving it not having security as a first priority. Apples and pears compared, you are right there,  but both "brown and putrid on the interior"  ;D,

polonus

P.S. Nividia was not sloppy, those admins that hosted their site were ignoring basic security practices to deliver a secure ASP.site (the very basics were ignored and this led to the compromise, also that more than one domain were being hosted on the same IP and not on a dedicated server.
Sucuri did not see an attacked site because of any site that could be hacked, but this site was insecurely hosted.
D

Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: CraigB on February 24, 2014, 07:59:02 PM
P.S. Nividia was not sloppy, those admins that hosted their site were ignoring basic security practices to deliver a secure ASP.site (the very basics were ignored and this led to the compromise, also that more than one domain were being hosted on the same IP and not on a dedicated server.
Sucuri did not see an attacked site because of any site that could be hacked, but this site was insecurely hosted.
D
Thanks for the enlightenment :)

I liked your apples and pears comparison ;D
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: maugrimx on February 25, 2014, 02:45:45 PM
since cdburnerxp installs opencandy, does someone have another burning software to recommend?
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 25, 2014, 03:22:02 PM
Hi maugrimx,

Use the installer that omits OpenCandy.
Read here how to avoid: http://notestoneunturned.blogspot.nl/2012/12/how-to-install-cdburnerxp-and-winscp.html
link article author Tony Austin

polonus
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: maugrimx on February 25, 2014, 03:49:34 PM
thanks, but i will not use any program from that developer anymore.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 25, 2014, 04:10:54 PM
Hi maugrimx,

I can understand your mindset, "once bitten twice shy." That is how they are shooting themselves in the foot bundling what they think is just common innocent adware to earn a few bucks on the side. Later when these developers wake up to the real facts, and they realize they have been taken for a cheap ride, they will never ever even admit this. This crap is like sugar, at first sight it looks good and  tastes sweet, but all  it really is producing is decay in the aftermath!

polonus
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: bob3160 on February 25, 2014, 04:37:13 PM
Unchecky (http://unchecky.com/) takes care of a lot of these and the program gets better with each update.
It can't uncheck what's never pre checked and simply installed without warning.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: abruptum on February 25, 2014, 05:21:16 PM
Opening the installer with 7-Zip and extracting the clean installer worked for me with Advanced Codecs.
Anyway,I don't use codec packs anymore.I install only codecs that I need.
I think we need a topic about "bad" installers where users can report about installers that install crap even if you
uncheck all the checkboxes.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: mchain on February 25, 2014, 10:24:50 PM
Opening the installer with 7-Zip and extracting the clean installer worked for me with Advanced Codecs.
Anyway,I don't use codec packs anymore.I install only codecs that I need.
I think we need a topic about "bad" installers where users can report about installers that install crap even if you
uncheck all the checkboxes.
Agreed.  Sort of like the security update thread, eh?   ;D
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: polonus on February 25, 2014, 11:01:39 PM
Hi mchain,

A posting to my heart, thank you,

Such a list can already be found here: http://discuss.howtogeek.com/t/the-official-htg-list-of-software-that-bundles-crapware/1892
Common Program Offenders, All Offenders, How to commit some crapware

Nice site link for those that do not like crap.junk and foistware: http://ninite.com/   Just pick your apps and click Get Installer.

polonus

Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: SpeedyPC on February 26, 2014, 05:19:54 AM
@maugrimx,

You can still use CDBurnerXP without having OpenCandy all you have to do is just download Default installer (Without OpenCandy) from CDBurnerXP, I've been using CDBurnerXP for years without any issue and I don't have OpenCandy.

When you pick the downloads tab from CDBurnerXP website look for 'More download options' and select this link and it will take to this see screen below just choose the Default installer (Without OpenCandy) from CDBurnerXP.

(http://my.jetscreenshot.com/18514/m_20140226-llzg-63kb.jpg) (http://my.jetscreenshot.com/18514/20140226-llzg-63kb)
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: Hard_ROCKER on February 26, 2014, 01:16:06 PM
I use AnyBurn. Very simple to use, no bundled crap. http://www.anyburn.com/
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: maugrimx on February 26, 2014, 01:56:04 PM
have downloaded anyburn, thanks   :)
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: Hard_ROCKER on February 26, 2014, 02:05:37 PM
You're welcome.

As far as .pdf readers go i really like Sumatra PDF but i keep Adobe Reader installed as i have some .pdf files that are only displayed properly in Adobe Reader. I run both inside Sandboxie.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: JuninhoSlo on March 10, 2014, 08:08:13 AM
Thank you I switched to PDF-XChange Viewer,guys.

PS:
I scanned Foxit folder in PF with AIS and MBAM and results came out clean,no spyware/viruses.
Title: Re: Alert: Open Candy will install in latest version of Foxit Reader Free
Post by: Asyn on March 10, 2014, 08:22:21 AM
Thank you I switched to PDF-XChange Viewer,guys.

You're welcome. You won't regret it.