Open Candy & it's exploits 'fixed' but...

Hello and happ-e-trails to all,

Ref. my 32-bit, 2009 HP Pavilion, once Vista, but wiped and now using Windows 7 Pro.

Posting here, mostly because the help seen provided here appears exceptionally top notch.FBPGYT

Of note, my up to now freeware versions of freeware Avast AV didn’t detect my OS’s virus or it’s exploits, until I myself centered focus on problematic GOM Player (recently anytime a vid file was added), it’s player window overlaid with a white strip advising of a java script error (otherwise remanding me to select either yes or no to continue, and yes I clicked ‘only’ no but one time),

Having fallen for that ploy, still the ‘error’ prompts always reappeared every time I tried to play a vid file using GOM, and always the vid file then would play, even repeat as I’ve set it to, but any and all subsequent vids, the same ‘error’ prompt would appear.

I believe since I was very suspicious of the ‘error’ prompt, and I know that most app’s like to ‘phone home’ for updates and whatever (sometimes despite our opposing it), I don’t think I ever played a vid file while online, but I can’t be certain of that.

Nevertheless having at least fallen for the virus’s ploy, until I uninstalled the GOM Player, only then did Avast AV hit on the virus (Open Candy) and the ‘associated’ Win32 exploits.

Lastly, given the fact that I believe the AV and Malwarebytes were likely installed after infections had occurred, it’s understandable somewhat, that neither hit on it until I uninstalled the GOM Player.

And in as much as now I’m running a trial version of Avast (expiring in some 5 days unless I cough up some cash), it will I suppose revert to a freeware version, I don’t know yet, but bottom line seems to be…

Simply use one of my system images to restore the OS, as it’s likely (?) simpler and less time consuming than the expect-able cleanup that seems all but inevitable (as the laptop’s sluggish and numerous oddities are at the very least, nuisances.

Again, best regards and happ-e-trails to all,

yourweldguru

OpenCandy isn’t a virus, it’s a PUA/PUP and is used by many applications for data collection.

If you’ve uninstalled Gom player then OpenCandy will be removed with it.

OpenCandy >> https://en.wikipedia.org/wiki/OpenCandy

If you need help, follow instructions >> https://forum.avast.com/index.php?topic=194892.0

Many thanks,

Assumed it was viral as Avast, I believe indicated it was despite adding it’s name ended in PUP.

I always believed PUP’s led to virus and/or other malicious malware, if not viral in their nature., so I always scan for PUPs in boot-time scans.

As for the exploits, they seems resolved, however Malware bytes did soon after Avast’s hits on the PUP and Avast’s exploits, MBAM then hit on…

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\system32\vbscript.dll
URL:

…and web search for that on MBAM forum, lists a slough of app’s to run and hoops to jump through in order to completely eradicate that.

Again my initial post here may have omitted that aspect of my molasses running Windows Media Center and oddities like the near impossibility of using my mouse or touchpad to move the cursor arrow onto most any an open folder’s ‘file>open’ (because the ‘file’ drop down menu reverts to the edit’s drop down menu) such that until I try endless paths towards placing the cursor arrow to land on file>open. I say oddity as most every open folder’s file>open acts that way, except a re-named ‘My pics’ shortcut which I’ve housed in the default My Pictures folder (that My pics folder has no such difficulty in cursor placement).

Again, many thanks for both replies.

https://forum.avast.com/index.php?topic=194892.0

led me to page with numerous links to cleaning tools.

Thanks again All

Oops, my bad,

Links seem like maybe their not for cleaning tools, as they lead to Another Avast web page indicating I’m not allowed there, so maybe the links are for moderators.

Anyway, I’ve tried posting on the MBAM forum (after I succeeded in registering, responding to it’s confirmed registration e-mail) and yet I’m unable to detect any boxes or titles to boxes for adding the post.

Only thing seen by me, is the link to attach files (and even short text and Word docs), fail at being accepted.

Maybe something to do with my Windows themes and/or coloring preference settings, but I think i even tried setting Firefox 51’s page style (to no style), and still don’t/can’t find means to add a post there.

However there at a certain archived page, I can find numerous cleaning links that were meant to apply to someone with my exact same exploit, but their OS is Windows 10 and mine’s 7.

Thanks again for responding, greatly appreciated

The link so kindly afforded (while I failed to scroll it’s entirety past ‘moderator names’) does lists some instructions for MBAM, etc.

I ran MBAM again as instructed here (indeed I’d overlooked it’s setting for rootkits).

However it’s subsequent scan came up clean.

Indications I have malware are; Opening a blank Word doc, takes nearly 30 seconds, or at least 15 secs, Windows Media Center freezes for several minutes, especially if I refuse to use it in full screen and either way, it freezes for minutes when trying to say, stop a recording and trying to view the tv guide, forcing me to use task master to end the program.

Again other concerns lending to malware, are as mentioned, many-most opened folders balk at allowing me to cursor and click file>open, sometimes I’m forced to double click the highlighted file instead.

Most a nuisance, but I don’t think it’s simply MS ‘bug’ or my OEM mouse software, or even my settings for text size and coloring of opened windows, their fonts, pages or text coloring.

Although therein, I’ve yet to crack the nut for why my preferred scheme often prevents me from seeing many website’s search and/or dialog boxes. So I’ve relented to when befuddled, selecting “All” such that otherwise invisible boxes are made detectable.

Forgive that likely last ‘muddling’ of the real issues of sluggishness and freezes in certain app’s.

Best regards as always.

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

Click The link i posted. Scroll down to second picture. Farbar Recovery Scan Tool > Follow instructions and attach The two diagnostic logs

A expert will then assit you when online, He may not be online before tomorrow

https://forum.avast.com/index.php?topic=200390.msg1384699#msg1384699

Replies greatly appreciated, and again, apologies for delayed reply.

Best regards and happ-e-trails to all.