Alert: Open Candy will install in latest version of Foxit Reader Free

See attached below:

Second .jpeg is from a routine uninstall of the previous version of Foxit Reader Free using Revo Uninstaller Free.

Scanned the downloaded .exe file gotten from the vendor’s site (31.9 MB) with both avast! and Malwarebytes Free before running it. Both reported file as clean. Checked the EULA for evidence of any unwanted extensions or add-ons the user was agreeing to install before executing the file. Found Open Candy present and noted that if the system was not connected to the Internet it would not download the components needed to install and run that, so out went the internet connection.

No-opt out dialog box was ever presented during the new install of Foxit Reader.

Updated definitions for Malwarebytes and ran that after install was complete. Did not allow Foxit Reader to run after installation was completed and the Finish window was open. Scanned new install with Malwarebytes, and it found three instances of malware. Rebooted the system after the Malwarebytes scan was completed and all were removed.

Newest version is 6.1.4.2017

Sneaky. And very irritating.

Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?

I changed to Sumatra about a year ago http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html

Thank you for that. What this really means is that user vigilance must be brought higher and higher levels, even with previously trusted software, when installing anything that is offered as free these days. Free has become not free, as it were.

Got Open Candy? It’s your fault, as you did not read the EULA before you installed our free software. ::slight_smile: >:(

Yeah Sumatra is a lot lighter than Foxit and doesn’t install any toolbar on your system or you guys can still go back to Adobe because Sumatra had some trouble displaying some pdf pages with Chinese characters.

Are you aware PDF-XChange Viewer Free doesn’t have Open Candy and it far lighter than Foxit

I recommend free PDF-XChange Viewer.

Sometimes extracting the installer with 7-Zip is the way to get “clean” installer that doesn’t install adwares.
It is working with KMPlayer,Advanced Codecs etc.

Me too :slight_smile: http://www.tracker-software.com/product/pdf-xchange-viewer

Sumatra is also good but it doesn’t allow online editing of forms, I never got it to work for me anyway.

There’s also NitroPDF and CutePDF for conversion to a PDF
You can also use the built in PDF reader in Chrome if that’s your browser. :slight_smile:

Another vote for PDF-XChange Viewer - I changed to this some time ago when Foxit PDF Reader Free got bloated and wanted to install a toolbar, etc.

CutePDF I used for some time, anything from the Cute range is likely to be good.

cdburnerxp also installs opencandy, and izarc installs another unwanted program http://forum.hosts-file.net/viewtopic.php?f=11&t=3603&hilit=izarc&start=10

Been using PDF-XChange for many years now, excellent software.

Thanks, everyone.

Will be making the change very soon. Excellent support. Thanks again to all. ;D

AdwCleaner does a good job of getting rid of the Open Candy bundled-pest. Not irritating that developers bundle, because I fully understand they also need a decent living, but irritating is that they are not up front about it and won’t give you a chance to opt out or opt in even. You get these goodies delivered unwanted and mostly undesired, a classification term for a PUP. In the aftermath a lot of users even wonder where they got such an adware infection? So in this case it was a free reader that had it included.
MBAM also detects this Open Candy undesirable but cannot get rid of it completely and fails to reboot to do the final cleansing boot-bit of this pest.
We are entering days whenever you are not knowledgeable and assertive enough your computer or peripheral is slowly taken out of your hands, where others decide what crap to silently install onto it. Good we have these forums here to at least get some users informed and wake them up to these new developments.

polonus

As long as we’ve got this topic going, add this free tool to the list; formerly clean and good, now not: ImgBurn latest version 2.5.8.0 now also has unwanted adware installs [PUP’s] w/o your explicit consent. And this file is direct from the vendor’s site.

Next oldest version is clean: 2.5.7.0 Sometimes it doesn’t pay to upgrade to a newer version; you can open your system to unknown/unexpected new risks when you do.

Also mentioned at FileHippo comments 8 months ago http://www.filehippo.com/download_imgburn/comments/

Hi mchain,

As the proverbial Mr. Scrooge is now chief of the board in many places and with many developers also - the actual amount of “crap to get money” will just grow.
The fabric is coming loose at the seams, I think. Look at what a sloppy site a big corp like Nividia is being hosted → http://forum.avast.com/index.php?topic=146812.msg1065958#new
Everybody wants those extra pennies, but at the same time wants to sit in the front row at minimal costs. One way or another you loose customers that way.
And in our example this is translated into dissatisfied users.

pol

Off topic

Pol I don’t see what an infected webpage has to do with adware included with installers ???

You also know as well as I do that any site can be hacked at any given time so I don’t think I would go as far as to call NVidia sloppy, everyone including AV companies are always playing catch up to the malware guys.

Hi craigb,

The common denominator here is “trying to burn the candle from both ends”. And to have a cheap and insecure hoster and earn additional money from bundled downloads has the same underlying ideology. In that respect the policy is the same and it is wrong. Of course bundling software with crapware to get extra money and sloppy IT managment to save on cost is not the same, but the underlying principle is - that was what I wanted to point out. One is taking a penny on the side and the other one is saving it not having security as a first priority. Apples and pears compared, you are right there, but both “brown and putrid on the interior” ;D,

polonus

P.S. Nividia was not sloppy, those admins that hosted their site were ignoring basic security practices to deliver a secure ASP.site (the very basics were ignored and this led to the compromise, also that more than one domain were being hosted on the same IP and not on a dedicated server.
Sucuri did not see an attacked site because of any site that could be hacked, but this site was insecurely hosted.
D

Thanks for the enlightenment :slight_smile:

I liked your apples and pears comparison ;D