Author Topic: Software Updater and Open Candy  (Read 32386 times)

0 Members and 1 Guest are viewing this topic.

Offline winactive

  • Jr. Member
  • **
  • Posts: 34
Software Updater and Open Candy
« on: June 16, 2014, 02:02:52 PM »
Really bad idea.  >:(

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37060
Re: Software Updater and Open Candy
« Reply #1 on: June 16, 2014, 02:58:17 PM »
Really bad idea.  >:(
more info....what are you trying to say


Offline Cluster-Lizard2014

  • Sr. Member
  • ****
  • Posts: 307
Re: Software Updater and Open Candy
« Reply #2 on: June 16, 2014, 05:17:32 PM »
Open Candy comes with a few 'free' software programs; one I know is the quite well regarded and recommended CDBurnerXP. There's no option NOT to install Open Candy (something I hate) with the main program but, unless it has changed recently, thankfully you can easily remove Open Candy in the usual way or, better, with a software uninstaller like Revo.

The problem with Open Candy, apart from its existence in general, is that Malwarebytes and I suspect some other AV/AMs flag Open Candy as a PUP (which it is) and so the whole updater/ installer may be flagged and quarantined depending on your settings.

How the more recent AVAST versions respond to it I don't know. A Malwarebytes scan flags up all updater/installers I have with Open Candy included. AVAST doesn't block either the updater/installer download or report it as a PUP in any scan, at least not v.8 with the settings I use. 

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Software Updater and Open Candy
« Reply #3 on: June 16, 2014, 05:38:30 PM »
Which is why Malwarebytes is a good second malware scanner for any free software one may download.  If it flags a free download as having any malware, just discard it and find something else to use.

See filehippo here for versions, latest one has OpenCandy, older versions do not:  http://filehippo.com/download_imgburn/

Just run Imgburn whilst not online and you will not be prompted to upgrade to the latest version, 2.5.8.0, that has OpenCandy installed, and you can run older versions without issue that do not have OpenCandy installed.  Unfortunately, whether OpenCandy is an optional install or is embedded within the free application (no opt-out option) is really beyond our control.  It's the vendor that is choosing to include such malware for advertising revenue, not us.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline Alievitan

  • Full Member
  • ***
  • Posts: 166
Re: Software Updater and Open Candy
« Reply #4 on: June 16, 2014, 06:08:17 PM »
http://www.ghacks.net/2012/08/06/opencandy-explained-what-you-need-to-know-about-the-technology/

You can bypass open candy with the /NOCANDY parameter, at least it worked a month ago when I tried it. 

Another option is a use an something like Ninite.com which will install stuff without crapware. 
Latest Avast Stable, Windows 8.1 64 bit

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9369
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Software Updater and Open Candy
« Reply #5 on: June 16, 2014, 08:59:35 PM »
Still not sure what OpenCandy has to do with Software Updater...
Visit my webpage Angry Sheep Blog

Offline zerotox

  • Jr. Member
  • **
  • Posts: 49
Re: Software Updater and Open Candy
« Reply #6 on: June 27, 2014, 12:53:10 AM »
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Windows 8.1 with Media Center 32 bit
Windows Firewall on; UAC maxed out; SRP disallowed
Real time: Avast IS 2015

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Software Updater and Open Candy
« Reply #7 on: June 27, 2014, 01:22:49 AM »
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Think an omission (forgot to mention?) regarding where this source of information comes from is the real issue.

Are you running herdProtect? as that does (until today) detect this file as having OpenCandy within it.  Detection-based on two a/v's:
  • Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware)
  • Reason Heuristics as PUP.OpenCandy.G (Adware)
Heck, herdProtect forum was recommending complete removal/uninstall of avast! as recently as two weeks ago solely based on these two adware detections!   ???

Running a new fresh herdProtect scan only provides inconclusive results for this file as these false detections have been removed and the digital signature for OpenCandy is expired anyway.  Has been since April 2014.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline zerotox

  • Jr. Member
  • **
  • Posts: 49
Re: Software Updater and Open Candy
« Reply #8 on: June 27, 2014, 09:55:35 AM »
Still not sure what OpenCandy has to do with Software Updater...

The following file: Program Files/Avast Software/Avast/aswRec.dll is signed by: OpenCandy, Inc.
Think an omission (forgot to mention?) regarding where this source of information comes from is the real issue.

Are you running herdProtect? as that does (until today) detect this file as having OpenCandy within it.  Detection-based on two a/v's:
  • Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware)
  • Reason Heuristics as PUP.OpenCandy.G (Adware)
Heck, herdProtect forum was recommending complete removal/uninstall of avast! as recently as two weeks ago solely based on these two adware detections!   ???

Running a new fresh herdProtect scan only provides inconclusive results for this file as these false detections have been removed and the digital signature for OpenCandy is expired anyway.  Has been since April 2014.

Well, to put it simply enough - go to the file in the Program files directory, find the file, right-click on it and tell me who has signed it digitally - Avast or Open Candy.
Windows 8.1 with Media Center 32 bit
Windows Firewall on; UAC maxed out; SRP disallowed
Real time: Avast IS 2015

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Software Updater and Open Candy
« Reply #9 on: June 27, 2014, 11:50:36 AM »
Still don't get how OpenCandy is connected to Software Updater.  The file you're talking about is digitally signed by OpenCandy, yes, but is invalid as of March 14, 2014.  See attached certificate below. 

You can verify the certificate by locating the file itself and clicking properties>digital signatures>certificate

How OpenCandy got to be the digital signer of this file is a question best directed to an avast! team member since we, as users like you, have nothing to do with building and constructing avast! programs.

Still leaves the original query unanswered:  How did you come across this anomaly?  Seems simple enough to answer. 

Newest scan by herdProtect does not flag this file anymore as adware; it is a false positive.  And Software Updater never flagged this file.  I don't see the connection between Software Updater and aswRec.dll and OpenCandy.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline zerotox

  • Jr. Member
  • **
  • Posts: 49
Re: Software Updater and Open Candy
« Reply #10 on: June 27, 2014, 12:36:56 PM »
Still don't get how OpenCandy is connected to Software Updater.  The file you're talking about is digitally signed by OpenCandy, yes, but is invalid as of March 14, 2014.  See attached certificate below. 

You can verify the certificate by locating the file itself and clicking properties>digital signatures>certificate

How OpenCandy got to be the digital signer of this file is a question best directed to an avast! team member since we, as users like you, have nothing to do with building and constructing avast! programs.

Still leaves the original query unanswered:  How did you come across this anomaly?  Seems simple enough to answer. 

Newest scan by herdProtect does not flag this file anymore as adware; it is a false positive.  And Software Updater never flagged this file.  I don't see the connection between Software Updater and aswRec.dll and OpenCandy.

There is a thread about that in Wilders Security forums. If you uninstall the Software updater, this file goes away, disappears. So it has to be somehow related to it. And why it is there at all if its digital signature has expired? Also why is it so important where I did get this info from - the fact is a fact. I'm not expecting an explanation from you or forum members, I just wanted any info why it is like that - anyone who knows or have any info on that. I'm not saying the file is malicious or adware. Still not here, not in the Wilders thread has anyone from Avast staff given any explanation.
Windows 8.1 with Media Center 32 bit
Windows Firewall on; UAC maxed out; SRP disallowed
Real time: Avast IS 2015

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: Software Updater and Open Candy
« Reply #11 on: June 27, 2014, 03:38:06 PM »
The "software updater" has nothing to do with Open Candy. Open Candy is piggy-backed
on the software that is downloaded. Open Candy is adware. Adware won't be detected
even as a PUP. The best way to remove Open Candy is, as mentioned above, is by using
MalwareBytes. Uninstalling the "software updater" won't stop Open Candy. The "software
updater" cannot stop piggy-backed software nor will it alert the user about the piggy-backed
file.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline zerotox

  • Jr. Member
  • **
  • Posts: 49
Re: Software Updater and Open Candy
« Reply #12 on: June 27, 2014, 03:45:49 PM »
The "software updater" has nothing to do with Open Candy. Open Candy is piggy-backed
on the software that is downloaded. Open Candy is adware. Adware won't be detected
even as a PUP. The best way to remove Open Candy is, as mentioned above, is by using
MalwareBytes. Uninstalling the "software updater" won't stop Open Candy. The "software
updater" cannot stop piggy-backed software nor will it alert the user about the piggy-backed
file.

I still don't understand how this Open Candy signed avast .dll file got in Avast folder in program files in my RC installation of Avast (and I'm talking about Internet Security version not the free one). And if Software Updater doesn't have anything to do with the file in question - then why does it disappear when you modify your installation and remove Software Updater?
Windows 8.1 with Media Center 32 bit
Windows Firewall on; UAC maxed out; SRP disallowed
Real time: Avast IS 2015

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: Software Updater and Open Candy
« Reply #13 on: June 27, 2014, 03:59:39 PM »
Could you supply a screenshot of the "avast" signed certificate?
If you offer proof, then I will believe you.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Software Updater and Open Candy
« Reply #14 on: June 27, 2014, 04:06:14 PM »
I still don't understand how this Open Candy signed avast .dll file got in Avast folder in program files in my RC installation of Avast (and I'm talking about Internet Security version not the free one). And if Software Updater doesn't have anything to do with the file in question - then why does it disappear when you modify your installation and remove Software Updater?

This is a valid question.  I have this file (signed by OpenCandy) in both my installs of Avast.  Avast Software Updater is still installed, but has been disabled since it was first installed.  Only Avast team can answer this question, so it should be done by one of the Avast staff.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner