opencandy - false positive?

Just done the weekly full scan. Had nothing for weeks, but this time avast threw up FOUR instances of opencandy in four different stored .exe files. Three of them I’ve never used but the fourth has been up and running since I got the PC years ago.
The question is - WHY NOW? they’ve been there for ages. I also do weekly scans with MBAM,SAS and Spybot and none of them has spotted opencandy either.

Is Avast being too picky this time? An explanation would put my mind at rest.

upload and test files at www.virustotal.com if tested before, click rescan for a fresh result
Post link to scan result here

Like every other software being downloaded from the official website, once you open up the installation file it puts you through the installation process and along in that process it offers you some/few optional programs which isn’t required for a typical user(s). The best way to avoid this situation is to use custom install and also install a excellent program called Unchecky. This program automatically deselects those unwanted optional programs for you so you don’t have to unselect it or install it.

As for not using the custom install you have also installed those unwanted programs. As always not every antivirus (avast, mcafee, and etc) and MBAM and SuperAntiSpyware is not 100%. Some detect some don’t. As Pondus suggested go to the provided link to test it. After testing you can install that program it’s up to you.

You can untick all the features you like and it wont stop Opencandy being detected as it’s in the exe file, MBAM should have detected Opencandy also if the OP had PUP detection enabled.

Programs such as UTorrent - YTD ( You Tube Downloader ) and many other programs contain Opencandy.

https://www.virustotal.com/en/file/fb82fdc78f4fd6fd884173989902dee6ae3367b0fc04604edc449ca32cdfe2b8/analysis/

More confused than ever now!! AVG (and four other out of 55) say there’s opencandy there, but avast, who threw up the problem themselves yesterday (and mcafee and 49 others) now claim it’s clean according to the VT results!!

100% with you there. I use Unchecky every time. But the point is that the one program I HAVE installed (three years ago - Sigil 0.4.2.exe) has been in my .exe files storage folder (in case of disasters…) AND the program in use on the PC with nothing coming to light till now… the program itself has never been flagged up by anything ever!

That’s the whole point of my OP - MBAM hasn’t found it in (about) 250 full system scans!!! Hence my muddle and request for advice from the real experts :D.

your scan >> Analysis date: 2015-10-27 12:02:22 UTC ( 4 months, 2 weeks ago )

as i said above “if tested before, click rescan for a fresh result”

I (or somebody) must be going mad - I’ve NEVER scanned that file before -not on 2015-10-27 12:02:22 UTC or EVER!!!

However, I did a rescan and got 9 this time:

https://www.virustotal.com/en/file/fb82fdc78f4fd6fd884173989902dee6ae3367b0fc04604edc449ca32cdfe2b8/analysis/1457947779/

including Avast this time - but STILL not MBAM!!.

Thanks for the help so far but I seem to be going backwards; Avast has changed its mind, VT seems to think it’s scanned it before (at a time, checked, when I wasn’t even in the house let alone on the PC!!) and the up-to-now totally reliable MBAM still can’t find anything wrong!!

??? [size=14pt]HELP!!! PLEASE!![/size] :-\

(I think I’m losing it…)

including Avast this time - but STILL not MBAM!!.
Malwarebytes usually dont want/target old samples

https://forums.malwarebytes.org/index.php?/topic/31067-purpose-of-this-forum/

Disclaimer: We apologize, [b]but we will not be adding[/b] corrupted files, archived/collections(Old sample(s) 3months + since file creation) or file infectors. Secondly, we will not add key generators, hacking tools, Joke applications, Casino applications or game cheats unless they contain malicious trojan code.
I (or somebody) must be going mad - [b]I've NEVER scanned that file before[/b] -not on 2015-10-27 12:02:22 UTC or EVER!!!!!
You are not the only one to upload and scan files at VT If i uploaded same file now (MD5 c9064a3e542870eef41c8e7238b703ad) i would now see that it was scanned before Under additional tab you can see first and last scan time

Aahh… that’s a new one on me. I wasn’t expecting that!

Any logician would have thought that a full scan was exactly that, as in a full Macrium backup is full, not incremental: it seems that MBAM have a different definitiion for “full” than the rest of us: closer to differential/incremental than full…ho hum!!!

And it means that ‘scan ALL files/folders’ doesn’t actually do that either. We live and learn (linguistically as well as technologically…).

Dont follow you, what does a full scan have to do with not adding / removing detection for old samples?

AIUI, MBAM should have detected it in its first scan when I got the PC. MBAM got installed first, then I copied the .exe file from the backup of the previous failed PC. But MBAM didn’t detect it then or since, even though one or other of the full scans should have found it…

Or am I up a gum-tree??

click additional info tab on VT and scroll down > First submission 2011-09-06 16:30:32 UTC ( 4 years, 6 months ago )

Very old sample, so probaly removed from MBAM detection long before you got that file

Thanks Pondus - not spotted that! (still learning…)

Now makes sense!!

Thanks Pondus - not spotted that! (still learning......)
additional info ;)

Malwarebytes only target executable files, so there is lots of stuff it dont detect as explaine by David H. Lipman here
https://forums.malwarebytes.org/index.php?/topic/179355-new-sample/?p=1021906