the latest version of unchecky failed to pickup open candy which was bundled with imageburn
Closing as it's not clear whether there's an issue. If you have more questions, feel free to leave a reply.
It seems they don't have the decency to reply? Have they done away with blocking opencandy? Also I find it hardly blocks anything now just look at the list it adds to the host file no open candy on it!!
Unchecky should block OpenCandy with the rules in the hosts file. I have just tested ImgBurn on my PC, and it didn't display the OpenCandy offer. The offer was shown when I disabled Unchecky.
You've mentioned that you don't have an OpenCandy rule in your hosts file. Can you post your hosts file contents? Here's how it should look with Unchecky installed:
# Copyright (c) 1993-1999 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 18.104.22.168 rhino.acme.com # source server# 22.214.171.124 x.acme.com # x client host127.0.0.1 localhost# unchecky_begin# These rules were added by the Unchecky program in order to block advertising software modules0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly0.0.0.0 tracking.opencandy.com.s3.amazonaws.com0.0.0.0 media.opencandy.com0.0.0.0 cdn.opencandy.com0.0.0.0 tracking.opencandy.com0.0.0.0 api.opencandy.com0.0.0.0 api.recommendedsw.com0.0.0.0 installer.betterinstaller.com0.0.0.0 installer.filebulldog.com0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net0.0.0.0 inno.bisrv.com0.0.0.0 nsis.bisrv.com0.0.0.0 cdn.file2desktop.com0.0.0.0 cdn.goateastcach.us0.0.0.0 cdn.guttastatdk.us0.0.0.0 cdn.inskinmedia.com0.0.0.0 cdn.insta.oibundles2.com0.0.0.0 cdn.insta.playbryte.com0.0.0.0 cdn.llogetfastcach.us0.0.0.0 cdn.montiera.com0.0.0.0 cdn.msdwnld.com0.0.0.0 cdn.mypcbackup.com0.0.0.0 cdn.ppdownload.com0.0.0.0 cdn.riceateastcach.us0.0.0.0 cdn.shyapotato.us0.0.0.0 cdn.solimba.com0.0.0.0 cdn.tuto4pc.com0.0.0.0 cdn.appround.biz0.0.0.0 cdn.bigspeedpro.com0.0.0.0 cdn.bispd.com0.0.0.0 cdn.bisrv.com0.0.0.0 cdn.cdndp.com0.0.0.0 cdn.download.sweetpacks.com0.0.0.0 cdn.dpdownload.com0.0.0.0 cdn.visualbee.net# unchecky_end
Recently installed Axcrypt on my pc which has Unchecky installed . On opening downloaded exe file had an alert from MBam Pro that it had blocked Open Candy (which apparently bundled with Axcrypt ), then had Win Patrol alert that Open Candy was attempting to start and I clicked the decline option and it was gone. Does this mean that Unchecky is not now removing Open Candy or its variants as surely it should have been unselected etc by Unchecky before Mbam & Win Patrol were activated ? Or was it because there was no unselect option ,which im sure there wasnt.
My son now had similar result .With Unchecky running on his Win7 Pc & after downloading some freeware Mbam Premium alerted it had blocked Open Candy ,he then had UAC alert that Open Candy attempting to reinstall which he rejected. Why is unchecky not stopping this notorious adware ?
Unchecky does stop OpenCandy. Our guess is that the following is happening:
Mbam Premium scans the file that is about to run, and detects that it's bundled with OpenCandy. Mbam isn't aware of the fact that Unchecky is running, and that OpenCandy is being blocked. Therefore, it just blocks the file from running.
Our suggestion: allow the installer to run, and install the program step-by-step, while making sure that OpenCandy is indeed blocked. Let us know the results.
thanks for response, installed Unchecky on an old xp pc with no Mbam Pro nor UAC installed to pre-empt Unchecky's actions . Downloaded Free Video converter from Softonic -known to bundle Open candy. Opened FVC exe file and Unchecky did give alert that malicious bundled offer included and gave option to remove which I took. I assumed successfully blocked but ran Immunet Cloud Antivirus scan afterwards and it found Open Candy file OCSetupHlp.dll in my Local settings Temp folder which apparently connects with api.opencandy.com and media.opencandy.com domains thus flooding my browsers and toolbars with adwares etc. Immunet was however unable to quarantine or delete it. It therefore seems that Unchecky fails to stop open candy installing ?
Having the OpenCandy dll file residing in the Temp (temporary) folder does no harm. That's how OpenCandy works: it extracts dll (and maybe other) files to the temporary folder, and uses them to download, display, and install offers. Unchecky prevents from the dll to connect to the OpenCandy servers, therefore it cannot proceed with displaying or installing the offers.
Customer support service by UserEcho