Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: winactive on June 16, 2014, 02:02:52 PM

Title: Software Updater and Open Candy
Post by: winactive on June 16, 2014, 02:02:52 PM
Really bad idea.  >:(
Title: Re: Software Updater and Open Candy
Post by: Pondus on June 16, 2014, 02:58:17 PM
Really bad idea.  >:(
more info....what are you trying to say

Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on June 16, 2014, 05:17:32 PM
Open Candy comes with a few 'free' software programs; one I know is the quite well regarded and recommended CDBurnerXP. There's no option NOT to install Open Candy (something I hate) with the main program but, unless it has changed recently, thankfully you can easily remove Open Candy in the usual way or, better, with a software uninstaller like Revo.

The problem with Open Candy, apart from its existence in general, is that Malwarebytes and I suspect some other AV/AMs flag Open Candy as a PUP (which it is) and so the whole updater/ installer may be flagged and quarantined depending on your settings.

How the more recent AVAST versions respond to it I don't know. A Malwarebytes scan flags up all updater/installers I have with Open Candy included. AVAST doesn't block either the updater/installer download or report it as a PUP in any scan, at least not v.8 with the settings I use. 
Title: Re: Software Updater and Open Candy
Post by: mchain on June 16, 2014, 05:38:30 PM
Which is why Malwarebytes is a good second malware scanner for any free software one may download.  If it flags a free download as having any malware, just discard it and find something else to use.

See filehippo here for versions, latest one has OpenCandy, older versions do not:  http://filehippo.com/download_imgburn/ (http://filehippo.com/download_imgburn/)

Just run Imgburn whilst not online and you will not be prompted to upgrade to the latest version, 2.5.8.0, that has OpenCandy installed, and you can run older versions without issue that do not have OpenCandy installed.  Unfortunately, whether OpenCandy is an optional install or is embedded within the free application (no opt-out option) is really beyond our control.  It's the vendor that is choosing to include such malware for advertising revenue, not us.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 16, 2014, 06:08:17 PM
http://www.ghacks.net/2012/08/06/opencandy-explained-what-you-need-to-know-about-the-technology/

You can bypass open candy with the /NOCANDY parameter, at least it worked a month ago when I tried it. 

Another option is a use an something like Ninite.com which will install stuff without crapware. 
Title: Re: Software Updater and Open Candy
Post by: RejZoR on June 16, 2014, 08:59:35 PM
Still not sure what OpenCandy has to do with Software Updater...
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 27, 2014, 12:53:10 AM
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Title: Re: Software Updater and Open Candy
Post by: mchain on June 27, 2014, 01:22:49 AM
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Think an omission (forgot to mention?) regarding where this source of information comes from is the real issue.

Are you running herdProtect? as that does (until today) detect this file as having OpenCandy within it.  Detection-based on two a/v's:
Heck, herdProtect forum was recommending complete removal/uninstall of avast! as recently as two weeks ago solely based on these two adware detections!   ???

Running a new fresh herdProtect scan only provides inconclusive results for this file as these false detections have been removed and the digital signature for OpenCandy is expired anyway.  Has been since April 2014.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 27, 2014, 09:55:35 AM
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Think an omission (forgot to mention?) regarding where this source of information comes from is the real issue.

Are you running herdProtect? as that does (until today) detect this file as having OpenCandy within it.  Detection-based on two a/v's:
  • Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware)
  • Reason Heuristics as PUP.OpenCandy.G (Adware)
Heck, herdProtect forum was recommending complete removal/uninstall of avast! as recently as two weeks ago solely based on these two adware detections!   ???

Running a new fresh herdProtect scan only provides inconclusive results for this file as these false detections have been removed and the digital signature for OpenCandy is expired anyway.  Has been since April 2014.

Well, to put it simply enough - go to the file in the Program files directory, find the file, right-click on it and tell me who has signed it digitally - Avast or Open Candy.
Title: Re: Software Updater and Open Candy
Post by: mchain on June 27, 2014, 11:50:36 AM
Still don't get how OpenCandy is connected to Software Updater.  The file you're talking about is digitally signed by OpenCandy, yes, but is invalid as of March 14, 2014.  See attached certificate below. 

You can verify the certificate by locating the file itself and clicking properties>digital signatures>certificate

How OpenCandy got to be the digital signer of this file is a question best directed to an avast! team member since we, as users like you, have nothing to do with building and constructing avast! programs.

Still leaves the original query unanswered:  How did you come across this anomaly?  Seems simple enough to answer. 

Newest scan by herdProtect does not flag this file anymore as adware; it is a false positive.  And Software Updater never flagged this file.  I don't see the connection between Software Updater and aswRec.dll and OpenCandy.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 27, 2014, 12:36:56 PM
Still don't get how OpenCandy is connected to Software Updater.  The file you're talking about is digitally signed by OpenCandy, yes, but is invalid as of March 14, 2014.  See attached certificate below. 

You can verify the certificate by locating the file itself and clicking properties>digital signatures>certificate

How OpenCandy got to be the digital signer of this file is a question best directed to an avast! team member since we, as users like you, have nothing to do with building and constructing avast! programs.

Still leaves the original query unanswered:  How did you come across this anomaly?  Seems simple enough to answer. 

Newest scan by herdProtect does not flag this file anymore as adware; it is a false positive.  And Software Updater never flagged this file.  I don't see the connection between Software Updater and aswRec.dll and OpenCandy.

There is a thread about that in Wilders Security forums. If you uninstall the Software updater, this file goes away, disappears. So it has to be somehow related to it. And why it is there at all if its digital signature has expired? Also why is it so important where I did get this info from - the fact is a fact. I'm not expecting an explanation from you or forum members, I just wanted any info why it is like that - anyone who knows or have any info on that. I'm not saying the file is malicious or adware. Still not here, not in the Wilders thread has anyone from Avast staff given any explanation.
Title: Re: Software Updater and Open Candy
Post by: Para-Noid on June 27, 2014, 03:38:06 PM
The "software updater" has nothing to do with Open Candy. Open Candy is piggy-backed
on the software that is downloaded. Open Candy is adware. Adware won't be detected
even as a PUP. The best way to remove Open Candy is, as mentioned above, is by using
MalwareBytes. Uninstalling the "software updater" won't stop Open Candy. The "software
updater" cannot stop piggy-backed software nor will it alert the user about the piggy-backed
file.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 27, 2014, 03:45:49 PM
The "software updater" has nothing to do with Open Candy. Open Candy is piggy-backed
on the software that is downloaded. Open Candy is adware. Adware won't be detected
even as a PUP. The best way to remove Open Candy is, as mentioned above, is by using
MalwareBytes. Uninstalling the "software updater" won't stop Open Candy. The "software
updater" cannot stop piggy-backed software nor will it alert the user about the piggy-backed
file.

I still don't understand how this Open Candy signed avast .dll file got in Avast folder in program files in my RC installation of Avast (and I'm talking about Internet Security version not the free one). And if Software Updater doesn't have anything to do with the file in question - then why does it disappear when you modify your installation and remove Software Updater?
Title: Re: Software Updater and Open Candy
Post by: Para-Noid on June 27, 2014, 03:59:39 PM
Could you supply a screenshot of the "avast" signed certificate?
If you offer proof, then I will believe you.
Title: Re: Software Updater and Open Candy
Post by: Gopher John on June 27, 2014, 04:06:14 PM
I still don't understand how this Open Candy signed avast .dll file got in Avast folder in program files in my RC installation of Avast (and I'm talking about Internet Security version not the free one). And if Software Updater doesn't have anything to do with the file in question - then why does it disappear when you modify your installation and remove Software Updater?

This is a valid question.  I have this file (signed by OpenCandy) in both my installs of Avast.  Avast Software Updater is still installed, but has been disabled since it was first installed.  Only Avast team can answer this question, so it should be done by one of the Avast staff.
Title: Re: Software Updater and Open Candy
Post by: tosal on June 27, 2014, 05:12:09 PM
OpenCandy is integrated into SoftwareUpdater since a couple of months. We use it to offer additional software to our customers in avast Free under some conditions. It helps us paying for the traffic caused by Software Updater in Avast Free.

Unfortunately some competitive AV vendors decided to flag the OC binary as PUP. We'll work on that and take either a decision on OC or take any other appropriate action to resolve the situation asap.
Title: Re: Software Updater and Open Candy
Post by: Gopher John on June 27, 2014, 05:50:22 PM
OpenCandy is integrated into SoftwareUpdater since a couple of months. We use it to offer additional software to our customers in avast Free under some conditions. It helps us paying for the traffic caused by Software Updater in Avast Free.

Unfortunately some competitive AV vendors decided to flag the OC binary as PUP. We'll work on that and take either a decision on OC or take any other appropriate action to resolve the situation asap.

Thanks for your explanation.

Could this DLL have to do with the complaint of some users being offered updates thru Avast Software Updater that contained tag-along programs that were questionable?
Title: Re: Software Updater and Open Candy
Post by: Para-Noid on June 27, 2014, 07:08:12 PM
OpenCandy is integrated into SoftwareUpdater since a couple of months. We use it to offer additional software to our customers in avast Free under some conditions. It helps us paying for the traffic caused by Software Updater in Avast Free.

Unfortunately some competitive AV vendors decided to flag the OC binary as PUP. We'll work on that and take either a decision on OC or take any other appropriate action to resolve the situation asap.

Thanks for your explanation.

Could this DLL have to do with the complaint of some users being offered updates thru Avast Software Updater that contained tag-along programs that were questionable?

+1
Title: Re: Software Updater and Open Candy
Post by: mchain on June 27, 2014, 10:34:17 PM
Still don't get how OpenCandy is connected to Software Updater.  The file you're talking about is digitally signed by OpenCandy, yes, but is invalid as of March 14, 2014.  See attached certificate below. 

You can verify the certificate by locating the file itself and clicking properties>digital signatures>certificate

How OpenCandy got to be the digital signer of this file is a question best directed to an avast! team member since we, as users like you, have nothing to do with building and constructing avast! programs.

Still leaves the original query unanswered:  How did you come across this anomaly?  Seems simple enough to answer. 

Newest scan by herdProtect does not flag this file anymore as adware; it is a false positive.  And Software Updater never flagged this file.  I don't see the connection between Software Updater and aswRec.dll and OpenCandy.

There is a thread about that in Wilders Security forums. If you uninstall the Software updater, this file goes away, disappears. So it has to be somehow related to it.  the fact is a fact. I'm not expecting an explanation from you or forum members, I just wanted any info why it is like that - anyone who knows or have any info on that. I'm not saying the file is malicious or adware.
Quote
And why it is there at all if its digital signature has expired? Also why is it so important where I did get this info from - the fact is a fact.
Thanks for the Wilders info.  Wasn't aware of it.  Possible to give a link to that thread?  Not that this thread is about FUD, it is not, but is a reasonable query as to how this came about.  What may be obvious to one is not necessarily obvious to another.
Quote
Still not here, not in the Wilders thread has anyone from Avast staff given any explanation.
OpenCandy is integrated into SoftwareUpdater since a couple of months. We use it to offer additional software to our customers in avast Free under some conditions. It helps us paying for the traffic caused by Software Updater in Avast Free.

Unfortunately some competitive AV vendors decided to flag the OC binary as PUP. We'll work on that and take either a decision on OC or take any other appropriate action to resolve the situation asap.
I think that is our answer.  This file is used to help pay for traffic for free versions of avast! Software Updater.  Free isn't free, really.

Any questions regarding why a digitally signed file is still there after the certificate is expired can be answered by four links below:
https://www.google.com/#q=digital+signature+expired+certificate (https://www.google.com/#q=digital+signature+expired+certificate)
http://en.wikipedia.org/wiki/Digital_signature (http://en.wikipedia.org/wiki/Digital_signature)
http://blogs.technet.com/b/office_resource_kit/archive/2008/12/02/can-a-digital-signature-remain-valid-even-after-the-certificate-expires.aspx (http://blogs.technet.com/b/office_resource_kit/archive/2008/12/02/can-a-digital-signature-remain-valid-even-after-the-certificate-expires.aspx)
http://superuser.com/questions/459985/need-a-solution-to-verifying-expired-digital-signatures (http://superuser.com/questions/459985/need-a-solution-to-verifying-expired-digital-signatures)
A valid and current certificate implies that the file is from who it says it is.  An expired certificate simply means that the digital signature is not legally verifiable anymore but does not mean it is not from who it says it is; it is possible to have an expired certificate and have the file actually be from where it says it is from.  In this case a file is still valid and is unchanged. 

Maybe it is not be legally valid anymore, but also the expiration of the certificate will not make it disappear or be automatically removed from your system.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 27, 2014, 11:04:21 PM
I used Avast in the past but stopped because of lots of ads.
Just downloaded avast and the update and now I see under settings/appearance "show popups offers for other Avast products" ticked by default and it cannot be unchecked unless you upgrade. Is that a new thing with this update? Does anyone know how often ads are going to be shown now? Thanks.
Title: Re: Software Updater and Open Candy
Post by: igor on June 27, 2014, 11:14:19 PM
A valid and current certificate implies that the file is from who it says it is.  An expired certificate simply means that the digital signature is not legally verifiable anymore but does not mean it is not from who it says it is; it is possible to have an expired certificate and have the file actually be from where it says it is from.

If the file wasn't verifiable, then Windows would tell you (on the Digital Signatures page) that the verification failed. The file is correctly signed (i.e. the digital signature is valid, without any issues whatsoever) - because of the timestamp. The timestamp verifies that the file was signed when the certificate had still been valid - therefore the whole signature is valid.

It would be rather impractical if every signed file expired every few years (because that's the usual validity of and end-user signing certificate). So you can include a timestamp that verifies when the signature was created - which prolongs the validity of the signature... well, not indefinitely, but at least for as long as the timestamping chain is valid.
(The timestamp is optional - but if you don't include it, then the digital signature indeed becomes invalid at the moment your signing certificate expires).
Title: Re: Software Updater and Open Candy
Post by: Para-Noid on June 27, 2014, 11:39:20 PM
I used Avast in the past but stopped because of lots of ads.
Just downloaded avast and the update and now I see under settings/appearance "show popups offers for other Avast products" ticked by default and it cannot be unchecked unless you upgrade. Is that a new thing with this update? Does anyone know how often ads are going to be shown now? Thanks.

That function is available in the "paid" products.
One way to get away from some of those ads is...
GUI>Settings>Updates>scroll down to and click "details">untick the box.
The downside is by doing this is you do not receive pop-ups when you receive a vps update.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on June 28, 2014, 12:00:14 AM
Yeah I have that unchecked. Thanks Para-Noid.
Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on July 06, 2014, 02:18:08 PM
By a bit of coincidence, having avoided getting Open Candy installed against my wishes, when doing my regular monthly updates of various other programs and blow me down if it didn't get onto my computer again anyway.

It was one of four updates/installers that must have had it and I'm pretty sure I know which as CCleaner, Burnaware and IRFan are clear about what they are installing in any update. So the culprit looks to have been a 'free' program I originally installed from a PC magazine cover disc: Driver Booster, a driver search tool.   

It appeared better than most of the other 'free' similar programs I've come across which all seem to scan your computer for outdated drivers for free then direct you an expensive paid for version if you actually want to find/installl them.  At the time I had no problems with installing Driver Booster, it came with the usual type of unwanted 'free' extra: a system optimiser which could be and was refused.

This update though was forced through automatically (no opt out option in the settings that I can see) and it temporarily messed up the other stuff I was doing at the time. Still it all looked OK and before finishing gave me the option of that unwanted system optimiser again, which I of course declined - again.

It was only later that day when I was doing my weekly AV/AM scans that Spybot found Open Candy had been installed a few hours earlier in one of Windows 'Hidden' All Users folder.

Glad it was spotted so quickly and easily removed but it just shows you how sneakily this sort of PUP can get onto your machine. As said likely from a program updating automatically without any indication it was being included. In fact the optional system optimiser could well be regarded as a clever distraction, giving you the impression you have controll over the program update options whilst willfully not telling you about something you'd want to avoid installing even more.   
       
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 06, 2014, 03:40:45 PM
A bit of beating around the bush in this thread...

What I'd like to see answered plainly and clearly is: 


Thanks.

-Noel
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 06, 2014, 04:38:43 PM
@ Cluster-Lizard2014,You didn't get OC from DriverBooster. I've used the program for about 1 year.I don't have OC on my system.I would also like a clearer explanation about the connection or lack of any connection,  between OC and avast!.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 06, 2014, 04:43:54 PM
The more I think about it, the more I find a component inside Avast being signed by a 3rd party disturbing

Technically, it means Avast received the file in binary form, did not modify it, and sent it on to all of us. 
By definition, since it's a binary, the Avast developers can't really know what's inside aswRec.dll any more than we can

The implication is that Avast does not have the source code.

There is some small possibility that Avast may have de-compiled the binary to check it but even then it's practically impossible to understand the working of software of significant size by doing that.

Our trust relationship with Avast has been extended to a (possibly questionable) 3rd party by Avast's unilateral business decision.

Given that this is a security product, shouldn't Avast avoid including binary components from other companies that they cannot have fully vetted

-Noel
Title: Re: Software Updater and Open Candy
Post by: abruptum on July 06, 2014, 05:35:26 PM
@bob3160
I think Cluster-Lizard2014 is talking about folder and files created during Driver Booster installation
in AppData/Local/Temp folder.
They are detected as Open Candy by MBAM,but since they are temp files it is safe to delete them.
Same thing is with Zoom Player installation.
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 06, 2014, 05:37:54 PM
@bob3160
I think Cluster-Lizard2014 is talking about folder and files created during Driver Booster installation
in AppData/Local/Temp folder.
They are detected as Open Candy by MBAM,but since they are temp files it is safe to delete them.
Same thing is with Zoom Player installation.
Since Ccleaner gets rid of these temp files they aren't anything I ever see. :)
Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on July 07, 2014, 12:37:30 AM
Yes, the Open Candy file was in just the place described ^.

I use CCleaner religiously at the end of each session but on this occasion I'd done a manual Windows update but not restarted the computer.  As I understand it if I'd used CCleaner I would have deleted those update files before they were installed and had to have downloaded them again. So on this occasion I specifically didn't use CCleaner and went straight to my post updates/maintenance AV/AM scans where the Open Candy file was quickly reported as a PUP.

Also as said, I had no problem with Driver Booster when I first installed it from disc but unless this was something to do with AVAST's unwelcome flirtation with Open Candy it can only have come from the automatic Driver Booster update.  It certainly wasn't there the last time I did a quick scan with MBAM the previous day and all the other manual updaters were, like everything I download, demand scanned by MBAM and AVAST immediately after downloading/before use.

The time of installation, earlier that day, also coincided with when I'd booted Driver Booster intending to update it manually and finding it had been set up to do so automatically when the program was running. By choice I switch off all automatic updates and only allow AVAST that privilege. I'm not even comfortable with that.   

Driver Booster's automatic updater and not using CCleaner, for the reason described, was almost certainly the reason Open Candy sneaked onto my computer. If I'd had the control and followed my usual regime it wouldn't have happened. 




 
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 07, 2014, 02:34:53 PM
Just for your information, DriverBoosters auto update simply takes you to their website
when a new version is available. You still need to do the actual update by downloading and installing the new version.
The latest version of Unchecky (http://unchecky.com/) has also updated it's detection for the Iobit installer. You might want to install that program. :)
Title: Re: Software Updater and Open Candy
Post by: abruptum on July 07, 2014, 03:46:20 PM
@bob3160
In the last few days in Driver Booster GUI, I see that "Cloud is not connected".
Can you confirm this ?
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 07, 2014, 04:23:02 PM
@bob3160
In the last few days in Driver Booster GUI, I see that "Cloud is not connected".
Can you confirm this ?
Where do I find that information ???
I have the program set to not start at boot time.

Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 07, 2014, 04:28:56 PM
Why ramble on about some unrelated 3rd party software, which clouds the real issue here - that Avast side loads a 3rd party Open Candy binary that they cannot possibly have vetted thoroughly?

-Noel
Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on July 07, 2014, 04:56:44 PM
Just for your information, DriverBoosters auto update simply takes you to their website
when a new version is available. You still need to do the actual update by downloading and installing the new version.
The latest version of Unchecky (http://unchecky.com/) has also updated it's detection for the Iobit installer. You might want to install that program. :)

The only option I had was checking/unchecking the unwanted system cleanup software the update also included. There was no update installer to scan all I saw was the option to  "Finish" which suggests to me that whatever update there was had already been installed (along with Open Candy). After I clicked there was no significant HDD activity either. 

Point is Open Candy was, so it seems, integrated with the update but NOT optional, so would Unchecky have helped avoid it?

I've not made any mistakes or had any problem with manual unchecking ever. I'm very careful when installing updates or anything else. But what can you do when stuff you definitely don't want is apparently hidden like this in otherwise useful software?   
Title: Re: Software Updater and Open Candy
Post by: abruptum on July 07, 2014, 05:07:33 PM
@bob3160
In the last few days in Driver Booster GUI, I see that "Cloud is not connected".
Can you confirm this ?
Where do I find that information ???
I have the program set to not start at boot time.
Also, Driver Booster doesn't start at boot time and I deleted update task with CCleaner.

  http://oi61.tinypic.com/21deych.jpg

Just hover mouse pointer where arrow is pointing.
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 07, 2014, 11:54:16 PM
@bob3160
In the last few days in Driver Booster GUI, I see that "Cloud is not connected".
Can you confirm this ?
Where do I find that information<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
I have the program set to not start at boot time.
Also, Driver Booster doesn't start at boot time and I deleted update task with CCleaner.

  http://oi61.tinypic.com/21deych.jpg (http://oi61.tinypic.com/21deych.jpg)

Just hover mouse pointer where arrow is pointing.
I use the Pro version (Free giveaway of 1 year license) and mine connects when I start the program.
Title: Re: Software Updater and Open Candy
Post by: MartinZ on July 15, 2014, 12:17:02 PM
Hi all,

the OpenCandy offers have been removed. It was running in one month pilot test and we decided to stop it.
Thank you for your feedback.

Martin
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 15, 2014, 03:17:10 PM
Hi all,

the OpenCandy offers have been removed. It was running in one month pilot test and we decided to stop it.
Thank you for your feedback.

Martin
Sorry but IMHO, avast! and OpenCandy make for a terrible mix.  :o
Title: Re: Software Updater and Open Candy
Post by: Para-Noid on July 15, 2014, 03:59:35 PM
IMHO anything and Open Candy make a bad mix. Period.
Title: Re: Software Updater and Open Candy
Post by: Gopher John on July 15, 2014, 04:08:18 PM
Hi all,

the OpenCandy offers have been removed. It was running in one month pilot test and we decided to stop it.
Thank you for your feedback.

Martin

Wise decision.  It should never have been included.
Title: Re: Software Updater and Open Candy
Post by: Asyn on July 15, 2014, 04:09:54 PM
Wise decision.  It should never have been included.
+1
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 15, 2014, 04:11:58 PM
Open Candy
1. Hard to swallow
2. Always leaves a bitter taste in your mouth
3. Gives your computer the pup up runs
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 15, 2014, 10:07:45 PM
the OpenCandy offers have been removed. It was running in one month pilot test and we decided to stop it.

Thank you, Martin.

When and how can we remove aswRec.dll from our systems? 

Can we just delete the DLL?

-Noel
Title: Re: Software Updater and Open Candy
Post by: igor on July 15, 2014, 10:10:58 PM
The DLL itself doesn't do anything, i.e. there's no need to remove it (or care).
I don't think you can remove it, the installer would probably put it back sooner or later.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 15, 2014, 10:22:11 PM
Thank you, Igor.

But, with all due respect, how can you really know for sure?  It's a signed binary - that implies you didn't build it from source and packaged the binary file just as given to you by OpenCandy.  Therefore only they know what's in there.  Are you saying that no part of the existing installation of Avast calls into it any more?

I assume this DLL will be absent from the next update.  Will the updater remove old DLLs such as this one that are no longer a part of the current package?

And by the way, it appears to be protected against direct deletion.

-Noel
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 15, 2014, 11:11:17 PM
Thank you, Igor.

But, with all due respect, how can you really know for sure?  It's a signed binary - that implies you didn't build it from source and packaged the binary file just as given to you by OpenCandy.  Therefore only they know what's in there.  Are you saying that no part of the existing installation of Avast calls into it any more?

I assume this DLL will be absent from the next update.  Will the updater remove old DLLs such as this one that are no longer a part of the current package?

And by the way, it appears to be protected against direct deletion.

-Noel
Removal is easy enough and avast! seems to run just fine without it.
https://drive.google.com/file/d/0B-vSic0iJgyeRXd6WTdZZVlyV1k/edit?usp=sharing (https://drive.google.com/file/d/0B-vSic0iJgyeRXd6WTdZZVlyV1k/edit?usp=sharing)
I'll see if it returns after a program update or a VPS update. :)
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 16, 2014, 06:14:40 AM
Seems to me that disabling self defense would reduce security overall in other ways, but thanks.

-Noel
Title: Re: Software Updater and Open Candy
Post by: mchain on July 16, 2014, 06:31:52 AM
@ NoelC,

True.

Just re-tick the box for the self-defense option (re-enable it) when done with the operation.  When self-defense is active is when you will get the access denied errors, otherwise you won't when you disable it first, when one attempts to modify, move, or delete an avast! file.
Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 16, 2014, 11:57:57 AM
Seems to me that disabling self defense would reduce security overall in other ways, but thanks.

-Noel
The suggestion was never to disable self defense on a permanent basis.  :o
As mentioned, if you need to make any changes to anything avast! related,
the self defense module will stop you and the cyber crook from doing so.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on July 17, 2014, 04:52:03 AM
Did you miss the part where the Avast employee said the file would come back on its own?

And do we know the implications of their software trying to call a module that's not there?  We would hope the code is defensive and handles the error of a missing library okay, but we just don't know.  I'll bet it wasn't tested much that way.

Thanks, but I'll just wait for it to be eliminated in due time.

-Noel
Title: Re: Software Updater and Open Candy
Post by: mchain on July 17, 2014, 05:10:38 AM
Maybe.

I've removed it and so far, it's gone. 

[EDIT:]  There have been no errors or alerts or info boxes since this file was removed.
Title: Re: Software Updater and Open Candy
Post by: MartinZ on July 17, 2014, 02:21:05 PM
Hi,

the aswRec.dll will be fixed via micro-update during next week.

Title: Re: Software Updater and Open Candy
Post by: bob3160 on July 17, 2014, 04:33:05 PM
Hi,

the aswRec.dll will be fixed via micro-update during next week.
Thanks Martin,
Does that mean it will be removed ???
Title: Re: Software Updater and Open Candy
Post by: Gopher John on July 17, 2014, 05:28:27 PM
Hi,

the aswRec.dll will be fixed via micro-update during next week.
Thanks Martin,
Does that mean it will be removed ???

+1
Title: Re: Software Updater and Open Candy
Post by: REDACTED on August 18, 2016, 01:26:02 PM
Sorry for replying on this old post but I wasn't sure whether would be a good idea in duplicating topics.
Issue I have noticed today is that the file detection is triggered by Avast itself other than third party AV.
The detection is triggered while performing a Boot-time scan as per picture uploaded.
Is that normal? Anyone knows anything?
I have also another pc with avast and when I scan the file from within windows explorer with Avast or MalwareBytes there is no detection triggered.

Thanks
Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 01:38:57 PM

It's never a good idea to re-open an ancient thread. :)
Many things change in this long a time frame.
Remember that there are different settings and parameters for different types of scans. Something "detected" by one need not be detected by a different type of scan.
Also note that a PUP is a possible unwanted program that's different than an infection.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on August 18, 2016, 01:59:13 PM
I kind of agree with that although as a forum admin perhaps the topic should be just locked out after a certain amount of inactivity.
I understand this is a PUP detection but do you know more on why this is triggered anyway as it sounds a bit strange that an AV product detects a DLL of their own?
Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:05:22 PM
I kind of agree with that although as a forum admin perhaps the topic should be just locked out after a certain amount of inactivity.
I understand this is a PUP detection but do you know more on why this is triggered anyway as it sounds a bit strange that an AV product detects a DLL of their own?
Deciding if a pup is dangerous or unwanted is a decision made by the user and depends on where it's found.
The scan simply informs you of what it's found. It's up to the user or, the person instructing you to run this scan, to make the decision. It's also one of the reasons why in most instances,
a boot scan is only run when asked and usually any changes made from detections are supervised.
A boot time scan isn't meant to be run by a novice. :)
Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on August 18, 2016, 02:10:58 PM
The cause of the anomaly between the Boot Time AVAST scan report and an ordinary AVAST scan is probably simply because, by default, all AVAST's AV scan setting options have PUP detection turned off. Unless you enable it AVAST doesn't scan for PUPs.

However  the Boot Time option scans for everything and by default PUP detection is turned on. It can be turned off in the Boot Time scan Settings.

To get rid of Open Candy I'd do a manual scan with free Malwarebytes or Spybot. When I last had Open Candy sneak onto my computer both picked it up during my regular weekly scans.

How it got on to my system when I have AVAST set to include PUPs and everything I download manually is scanned with Malwarebytes as well suggests it was integrated into some otherwise trustworthy installer or update software.
Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:15:34 PM
The cause of the anomaly between the Boot Time AVAST scan report and an ordinary AVAST scan is probably simply because, by default, all AVAST's AV scan setting options have PUP detection turned off. Unless you enable it AVAST doesn't scan for PUPs.

However  the Boot Time option scans for everything and by default PUP detection is turned on. It can be turned off in the Boot Time scan Settings.

To get rid of Open Candy I'd do a manual scan with free Malwarebytes or Spybot. When I last had Open Candy sneak onto my computer both picked it up during my regular weekly scans.

How it got on to my system when I have AVAST set to include PUPs and everything I download manually is scanned with Malwarebytes as well suggests it was integrated into some otherwise trustworthy installer or update software.
Read the entire post, this has nothing to do with installing open candy through an installer. :)
Title: Re: Software Updater and Open Candy
Post by: Pondus on August 18, 2016, 02:20:29 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result

Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:22:53 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
Title: Re: Software Updater and Open Candy
Post by: Pondus on August 18, 2016, 02:23:46 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
So avast detecting a avast file as PUP is not strange?  >  aswRec.dll



Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:27:03 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
So avast detecting a avast file as PUP is not strange?  >  aswRec.dll
No, open candy is a PUP.
What is strange is that it's contained within Avast. It was to have been removed some time ago.
That's strange that it has re-appeared.
Title: Re: Software Updater and Open Candy
Post by: REDACTED on August 18, 2016, 02:32:55 PM
 A boot time scan isn't meant to be run by a novice. :)
[/quote]
But if this is the case since most of Avast users are novices an option as boot time scan then should not be advised so easily or at least should be remarked with due warnings which is not the case.
Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:39:09 PM
A boot time scan isn't meant to be run by a novice. :)
But if this is the case since most of Avast users are novices an option as boot time scan then should not be advised so easily or at least should be remarked with due warnings which is not the case.
No argument from me. But, that's up to Avast and would probably be a good idea. :)
Title: Re: Software Updater and Open Candy
Post by: REDACTED on August 18, 2016, 02:44:25 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
So avast detecting a avast file as PUP is not strange?  >  aswRec.dll

This is exactly why I have even mentions this today, FP are everyday issues but for an AV Software vendor to FP their own program structure is a bit concerning in my opinion
;)
Title: Re: Software Updater and Open Candy
Post by: bob3160 on August 18, 2016, 02:52:13 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
So avast detecting a avast file as PUP is not strange?  >  aswRec.dll

This is exactly why I have even mentions this today, FP are everyday issues but for an AV Software vendor to FP their own program structure is a bit concerning in my opinion
 ;)
The detection was for Open Candy which isn't a false detection. Open Candy is a PUP.
Title: Re: Software Updater and Open Candy
Post by: Cluster-Lizard2014 on August 18, 2016, 05:14:21 PM
The cause of the anomaly between the Boot Time AVAST scan report and an ordinary AVAST scan is probably simply because, by default, all AVAST's AV scan setting options have PUP detection turned off. Unless you enable it AVAST doesn't scan for PUPs.

However  the Boot Time option scans for everything and by default PUP detection is turned on. It can be turned off in the Boot Time scan Settings.

To get rid of Open Candy I'd do a manual scan with free Malwarebytes or Spybot. When I last had Open Candy sneak onto my computer both picked it up during my regular weekly scans.

How it got on to my system when I have AVAST set to include PUPs and everything I download manually is scanned with Malwarebytes as well suggests it was integrated into some otherwise trustworthy installer or update software.
Read the entire post, this has nothing to do with installing open candy through an installer. :)

I did read the posts and I didn't mean my later comments to imply that's how Open Candy got onto his system although who does know how it got there? Assuming it is OC and it is there, isn't it? Is that not of some importance?

The concern was twofold: 1). it being there and 2). why the Boot Time scan flagged up this problem but manual scans by AVAST and Malwarebytes didn't. I was just suggesting a possible reason for the latter; surely it's worth checking the simple things first. 

Malwarebytes not picking it up is more problematic but that too has the PUP detection setting: "Do Not Show In Results List" which may have been enabled. It also doesn't always get everything which is why a second scan by something else might be worth doing, if not Spybot then maybe AdwCleaner.

I keep on reading here that the Boot Time scan is a big boys tool and shouldn't be used by novices. But if AVAST finds anything on your computer and you remove it or send it to the Virus Chest it automatically recommends you do a boot time scan and and gives you the option to start it immediately.

Would many novices having just been told something nasty has been removed from their system think twice about that? They'd go ahead because AVAST has told them to do it.

So, IMHO, AVAST has to take much of the responsibility for them doing what they've been told to do if something then goes wrong or the scan flags up more problems prompting posts in this forum.           
Title: Re: Software Updater and Open Candy
Post by: Pondus on August 18, 2016, 06:51:27 PM
Quote
as it sounds a bit strange that an AV product detects a DLL of their own?
That is strange, have reported your post to avast as possible FP

you may upload the file to virustotal.com and check .... remeber to click rescan if scanned before to get a fresh result
Not really strange, it was a boot time scan so it checks for PUP's :)
So avast detecting a avast file as PUP is not strange?  >  aswRec.dll

This is exactly why I have even mentions this today, FP are everyday issues but for an AV Software vendor to FP their own program structure is a bit concerning in my opinion
 ;)
The detection was for Open Candy which isn't a false detection. Open Candy is a PUP.
It is a FP if the file does not contain OpenCandy .... something that can be checked at VT


Title: Re: Software Updater and Open Candy
Post by: MartinZ on August 19, 2016, 04:55:16 PM
Yep Open Candy is PUP but the situation is really weird as it isn't included in the DLL. We had OC integrated for few months but that was approx 2 years ago...What avast version you have? and what file version is the aswRec.dll, please?
Thanks