PUA:Win32/OpenCandy (OpenCandy Adware) — Virus Removal Guide

Written by Wilbur Woodham
If you spectate the notification of PUA:Win32/OpenCandy detection, it looks like that your PC has a problem. All viruses are dangerous, without any exceptions. OpenCandy fills your PC with a variety of advertisements, opens your web browser without your intention and makes the system vulnerable to additional malware infiltration.
GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

Any malware exists with the only target – gain money on you1. And the programmers of these things are not thinking about morality – they utilize all available ways. Stealing your private data, receiving the payments for the advertisements you watch for them, exploiting your CPU and GPU to mine cryptocurrencies – that is not the complete list of what they do. Do you like to be a riding equine? That is a rhetorical question.

What does the pop-up with PUA:Win32/OpenCandy detection mean?

The PUA:Win32/OpenCandy detection you can see in the lower right side is shown to you by Microsoft Defender. That anti-malware application is quite OK at scanning, however, prone to be generally unstable. It is unprotected to malware invasions, it has a glitchy user interface and problematic malware clearing capabilities. Thus, the pop-up which says concerning the OpenCandy is just an alert that Defender has actually identified it. To remove it, you will likely need to use a separate anti-malware program.

PUA:Win32/OpenCandy found

Microsoft Defender: “PUA:Win32/OpenCandy”

The exact PUA:Win32/OpenCandy virus is a really nasty thing. This malware demonstrates to you an unprecedented amount of advertisements. Have you ever saw the doorway pages? They are filled up only with banners – blinking, improperly designed and with weird information. Adware does the same thing to all pages you open. That malware brings profit to its developers in a very tricky way. You check the banners – they get profit. Furthermore, these banners frequently have deceptive and explicit content. Penis enlargement, porn websites advertisements, Microsoft virus alertsall these things are usual for adware.

Adware Summary:

NameOpenCandy Adware
DetectionPUA:Win32/OpenCandy
DamageDisplay advertisements in the browser, which are not related to the sites the affected users are visiting.
SimilarFynservice Popup, Bestfunll, D0zi Popup, Didectiophy, Idea Shopping.xyz, Amarogitoribii, Mysmarterdeals Shop Popup, Adstop
Fix ToolSee If Your System Has Been Affected by OpenCandy adware

Is PUA:Win32/OpenCandy dangerous?

Adware like this one is not something contrasty, compared to other advertising malware. But as it was pointed out, the banners it shows to you are pretty often loaded with phony content. Even if you can distinguish scam from adware – do you truly like watching promotions for free? Specifically ones that cover your browser window and distract you from your working task? It looks that we already understand the answer.

How did I get this virus?

It is hard to trace the origins of malware on your computer. Nowadays, things are mixed, and spreading ways used by adware 5 years ago may be used by spyware these days. But if we abstract from the exact distribution tactic and will think about why it works, the reply will be pretty basic – low level of cybersecurity awareness. People click on promotions on weird sites, open the pop-ups they receive in their browsers, call the “Microsoft tech support” assuming that the scary banner that states about malware is true. It is necessary to know what is legit – to stay away from misunderstandings when trying to determine a virus.

Microsoft Tech Support Scam

Microsoft Tech Support Scam

Nowadays, there are two of the most extensive methods of malware distribution – bait e-mails and also injection into a hacked program. While the first one is not so easy to stay away from – you should know a lot to recognize a counterfeit – the 2nd one is very easy to address: just do not use hacked programs. Torrent-trackers and other sources of “free” applications (which are, actually, paid, but with a disabled license checking) are just a giveaway place of malware. And PUA:Win32/OpenCandy is just one of them.

How to remove the PUA:Win32/OpenCandy from my PC?

Adware like OpenCandy is quite easy to clear away manually. However, it is not so easy to turn back the system alterations it did in the process of the activity. Since a lot of various system components are touched, it is pretty easy to forget about something. That’s why I would certainly recommend you to utilize anti-malware tool. My choice for adware clearing is GridinSoft Anti-Malware.

Why GridinSoft Anti-Malware? It is very lightweight and has its detection databases updated nearly every hour. Additionally, it does not have such bugs and exposures as Microsoft Defender does. The combination of these details makes GridinSoft Anti-Malware suitable for eliminating malware of any kind.

Remove the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of OpenCandy the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Reset Browser settings after the adware attack

Adware makes a lot to keep annoying you even after being removed from your computer. It distorts the browser configurations, so it will not work correctly. Until you reset it, of course. Each browser has its own way to restore the default settings. Here are the guides for the most popular ones:

To reset Edge, do the following steps :
  1. Open “Settings and more” tab in upper right corner, then find here “Settings” button. In the appeared menu, choose “Reset settings” option :
  2. Reseting the Edge browser

  3. After picking the Reset Settings option, you will see the following menu, stating about the settings which will be reverted to original :
For Mozilla Firefox, do the next actions :
  1. Open Menu tab (three strips in upper right corner) and click the “Help” button. In the appeared menu choose “troubleshooting information” :
  2. The first step to revert Mozilla Firefox

  3. In the next screen, find the “Refresh Firefox” option :
  4. The second step of Firefox restoration
    After choosing this option, you will see the next message :
    The last step for Firefox
If you use Google Chrome
  1. Open Settings tab, find the “Advanced” button. In the extended tab choose the “Reset and clean up” button :
  2. In the appeared list, click on the “Restore settings to their original defaults” :
  3. Finally, you will see the window, where you can see all the settings which will be reset to default :
Opera can be reset in the next way
  1. Open Settings menu by pressing the gear icon in the toolbar (left side of the browser window), then click “Advanced” option, and choose “Browser” button in the drop-down list. Scroll down, to the bottom of the settings menu. Find there “Restore settings to their original defaults” option :

  2. After clicking the “Restore settings…” button, you will see the window, where all settings, which will be reset, are shown :

When the browsers are reset, you need to make sure that your browser will be connected the proper DNS while connecting to the web page you need. Make a text file named “hosts” on your desktop, after that open it and fill it with the following content2:


# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Find the hosts.txt file in C:/Windows/System32/drivers/etc directory. Rename this file to “hosts.old.txt” (to distinguish it from the new one), and then move the file you created on the desktop to this folder. Remove the hosts.old from this folder. Now you have your hosts file as good as new.

Reset Browser settings with GridinSoft Anti-Malware

GridinSoft Anti-Malware offers its own way to reset the browsers. With the help of this program, you can reset all your browsers in just several clicks. It also resets the HOSTS file automatically, so you don’t need to make any excessive actions. To reset your browser with GridinSoft Anti-Malware, open the Tools tab, and click the “Reset browser settings” button.

Tools tab in GridinSoft Anti-Malware

You can see the list of the options for each browser. By default, they are set up in the manner which fits the majority of users. Press the “Reset” button (lower right corner). In a minute your browser will be as good as new.

Reset Browser Settings tab in GridinSoft Anti-Malware

How to Remove PUA:Win32/OpenCandy Malware

Name: PUA:Win32/OpenCandy

Description: If you have seen a message showing the “PUA:Win32/OpenCandy found”, then it’s an item of excellent information! The pc virus OpenCandy was detected and, most likely, erased. Such messages do not mean that there was a truly active OpenCandy on your gadget. You could have simply downloaded and install a data that contained PUA:Win32/OpenCandy, so Microsoft Defender automatically removed it before it was released and created the troubles. Conversely, the destructive script on the infected internet site can have been discovered as well as prevented prior to triggering any kind of issues.

Operating System: Windows

Application Category: Adware

Sending
User Review
4 (11 votes)
Comments Rating 0 (0 reviews)

References

  1. Read about malware types on GridinSoft Threat encyclopedia.
  2. Official Microsoft guide for hosts file reset.

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply

Sending