Exterminate It! Antimalware

malpedia

Known threats:640,469 Last Update:May 25, 11:41

Testimonials

I have had major computer issues in the last week. I was infected with the Darksma and Vundo downloader trojans. After researching the net for possible solutions, i found they are extremely difficult to remove. I tried a variety of spyware removal tools to no avail. To do it manually is near on impossible.
The symptoms are, computer runs slow, constant ad pop ups, hijacking of emails, theft of information and locking of a variety of functions.
I then found buried deep in a google search a link to Exterminate It. After reading it, I downloaded to do a free scan and a lot of stuff no other spyware had found showed up. So i went searching the locations and sure enough the files where there on my system. I tried removing them with no luck. So i spent the $25 usa to activate.
http://www.exterminate-it.com/
It removed all but 4. I was disappointed that the Trojans once again reloaded and my problems continued. So, i used the SUBMIT STATE service. I supplied all the info i could gather, pop up addys and what they were for , what others programs had found and Exterminate had missed etc. Within 24 hours i received and email telling me they had updated there system and to download it. I rescanned the system and it deleted all the previous locked files.
Darksma and Vundo downloader trojans have not done their re appearing act since and my comp is running normal again.

It's worth remembering the addy or downloading it to see what it finds. I had no problems doing so in anyway with this program. They done what they said they would on there web site in under the time frame.

Source

Administrator of Horse Racing Forums

OpenCandy

How to Remove OpenCandy from Your Computer

To completely purge OpenCandy from your computer, you need to delete the files, folders, Windows registry keys and registry values associated with OpenCandy. These files, folders and registry elements are respectively listed in the Files, Folders, Registry Keys and Registry Values sections on this page.

For instructions on deleting the OpenCandy registry keys and registry values,
see How to Remove OpenCandy from the Windows Registry.

For instructions on deleting the OpenCandy files and folders,
see How to Delete OpenCandy Files (.exe, .dll, etc.)

How to Delete OpenCandy Files (.exe, .dll, etc.)^

The files and folders associated with OpenCandy are listed in the Files and Folders sections on this page.

To delete the OpenCandy files and folders:

  1. Using your file explorer, browse to each file and folder listed in the Folders and Files sections.
  2. Note: The paths use certain special folders (conventions) such as [%PROGRAM_FILES%]. Please note that these conventions are depending on Windows Version / Language. These conventions are explained here.
  3. Select the file or folder and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. IMPORTANT: If a file is locked (in use by some application), its deletion will fail (the Windows will display a corresponding message).You can delete such locked files with the RemoveOnReboot utility. To delete a locked file, right-click on the file, select Send To->Remove on Next Reboot on the menu and restart your computer. You can install the RemoveOnReboot utility from here.
[%APPDATA%]\OpenCandy

How to Remove OpenCandy from the Windows Registry^

The Windows registry stores important system information such as system preferences, user settings and installed programs details as well as the information about the applications that are automatically run at start-up. Because of this, spyware, malware and adware often store references to their own files in your Windows registry so that they can automatically launch every time you start up your computer.

To effectively remove OpenCandy from your Windows registry, you must delete all the registry keys and values associated with OpenCandy, which are listed in the Registry Keys and Registry Values sections on this page.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.

To remove the OpenCandy registry keys and values:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK.
    The Registry Editor window opens. This window consists of two panes. The left pane displays folders that represent the registry keys arranged in hierarchical order. The right one lists the registry values of the currently selected registry key.
  3. To delete each registry key listed in the Registry Keys section, do the following:
    • Locate the key in the left pane of the Registry Editor window by sequentially expanding the folders according to the path indicated in the Registry Keys section. For example, if the path of a registry key is
      HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName1
      sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA and FolderB folders.
    • Select the key name indicated at the end of the path (KeyName1 in the example above).
    • Right-click the key name and select Delete on the menu.
    • Click Yes in the Confirm Key Delete dialog box.
  4. To delete each registry value listed in the Registry Values section, do the following:
    • Display the value in the right pane of the Registry Editor window by sequentially expanding the folders in the left pane according to the path indicated in the Registry Values section and selecting the specified key name. For example, if the path of a registry value is
      HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName2,valueC=
      sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA and FolderB folders and select the KeyName2 key to display the valueC value in the right pane.
    • In the right pane, select the value name indicated after a comma at the end of the path (valueC in the example above).
    • Right-click the value name and select Delete on the menu.
    • Click Yes in the Confirm Value Delete dialog box.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceCDEBF422423845C587B3D5923998A89D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceC9C969460B2042EC802BF6A84B8FBB85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserD2D49E5D865048E5806BFA51ED45EDA7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserD81982620FCE490B9D3FB4ED5ED34FA4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser5D2D869340FC4A138BCB590CEA45465F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceF96F20A4F51042268D68AED242AA85EC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceDAF9376A63164F6FB10EB3FFF0D92207
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceF169FB8C7DD141A490398570EFDED704
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserAC129017199F41C19A211408D587FABC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce2B7352283A164187A46EB5C07AC46396
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser03B86252BF074EAE8540E97E1362FC91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce0CFE2E3F2E324A3A99F57803C4F2BB31
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserE08F1E2FA2544FA6B3B6EE52E6C6C7B7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceEE541228FCC54EFBB7A70A1E3B18B06A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser0D45553A416E4F339CA5259F0F739281
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceC7FDD91ECBB34930AFAAF503CC22BD39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser1CDA5597358243E6BF525FAA3A4507BE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce3A635694E196474D8A871CA0FBADCF08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser8F7A42071D2E4B399E8B238217CFF82C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce7499750A968845E1910EFD6DE3BE0A75
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce387209EFB902404CA3ABB8AEECE999DF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserB0EC46BDD0974B2395945889FBBB84E8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser41A8A9F9510F467192ECB57292A11C56
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce5CC010E7A3F94722AFE81A9E9A4C0608
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser8C8CFA13C2F146D69EED26225519A94D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceE38C1EB2F0EC4C3F9629358B8D14B231
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserAF8FAEBA54EF4E0F94B44711600654EE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce900BA193EFBD4E4E81B4668841B22839
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserEE625A54DE1747A6BF5F7201CB6A6C20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceDF73F941C0FD43049603583457E2997B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser72D721224FEC4CE9B4688C6B2D2444C1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce58232261317F40F0895FAC6D8E38EC07
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser8699F716726C40148A4A9D8E2C33186A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce9F6AF3E464A04409B40D1E1DF9BFA1BC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser1DC364DA7A864421BE63710A0D7A2AC4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce5F7B97D1777F4E5492DF6101AF0E029F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserA9311A0AA6B04D97BAC47837BDFAFC37
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce7809BCBF531D449595E8990381B0828F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser3B7D9334C0974DC99491ED9CFD3DB7E9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce8223B6237797464CA7DF21EE7264305F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserCB88AD2F8D3F48DE85CF2BF0022348CD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceE3CFDA66992747D2BEBDB33BBE28AFA3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser0885E6F8B6F4467EA9F6A318AFA0B641
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce5A48036077DB48CE88CA1C5218BCA73B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser0EA5F3D29EA94614B34BD0B44A53C5BC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceDC7D2E4238C64DC98CDB7CBA9EC24951
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser4449C039962A43FCA70F6DEB85BC0A00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceA6BB84C3FD36412D9EE8A93B73F89C32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce25E2C7A598B84BB0A94DA533B1457C28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser57F4FEC515154067B681839F8AD62FF4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce05DEC1B2475A4D89AC418FFE3662B93A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser136D79D0EA574D97B80D2C4E5E6181F7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce1945FB6FE00E44A7BC5A450C4DBD9C43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserDDF7EA69F57D4B6DAF68803E7F330434
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceD32EA62360F4470886034A4E3F5F19F7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser41D4ACB8899C422A89778E493958475E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce03966FB4B2AE4F2287F47608705D1094
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser351FF4EA7D044A93B87CF300387E383E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceF134B5B798724FD6B54314681DBD7F58
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceEF4519A6FD0E4A6DAD7A7736C8038A88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser9379AD5B21CD4136BB49D94D84461FE7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce0E633736A61B46F8B13983AEF34EC8D8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserC8E0B2C864B74D7B9CF5D4A6F0BA752F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceF5A19A99C5AA4458B79BBEC58D946432
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser3DC016AFF5684BDE9832C6DB4B10001B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce7B59D8FB2AF140D7BF83E6067540E938
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser13920354EEDB4A2BBB2A2CD628D0A1DE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceFFCCAA54BF9C4702A157DC580EFA06C6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser03078A929B0341308C02C0ED586E8111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce7EA8FB2C50ED42778AD9FC49436C6F59
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser3C68D9B10ACE4FEC919B4D691852CB73
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce81F1BB9463AC407FBA8D6665E82FF2CF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce7DE5C55238C94D8E8B0D20A2854D1BA9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserAD2F2D880A6C4E19A5CFBC4E676CE00D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceE3A6838FBAED4E20829DC2A6581D541E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser3FE86B047AD74C78B7E87290A2165E96
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce0F86FDCFB870426BAD7299CD0BB1564A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser717825FF2E6243CAACFA293E1BAE2EAE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce074DDF3FAA7A46DBBCB8CD003E18A11A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserC9118E959D9143AE91E2236A316AB7E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce57A1724835694087BC9E5CEDF8D97A1F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce5917ECA07E9F404F9920063D2852A20D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser91D250DE36F04F598E83DFE08331B33F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceB8ACD58815E04B519009659075284958
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser46A7DF7DA7AF410FA56C6BF71BAB12D1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce14EF119168F643B9A8E3987C65E6989A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserAA321EAE127D4192B3F5674696D3F9DF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce5EC5E9296CFF4DEBA5BFDEB19A6FC52C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser4A3407744C214EAFB2F597770FD93E6F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce82AD6AF59E334D8D961E01BACBD3988C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce22E4851A8979495390E6C752A7259B58
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser7C12D11F3F90464985E54C6EA9890D76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceDBCF4643181649A8994491A812E5A01C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser26238C1369E549F68815ACC8E7E3BE84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce614E947B13F94572BCA289945E724BB6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser15D639440BB544E293D819B56F2F714F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnceAD96EA44EEFF41BCB632B823812639DF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser2453B55F26BB4BCDA306AB85910241B0

PUA

These are programs that are being installed on the system often without a user's knowledge or approval.

Be Aware of the Following PUA Threats:

AnyAngle, UnfriendReview, AppsHatMini, WordShark, DesktopTemperature.

How Did My PC Get Infected with OpenCandy?^

The following are the most likely reasons why your computer got infected with OpenCandy:

  • Your operating system and Web browser's security settings are too lax.
  • You are not following safe Internet surfing and PC practices.

Downloading and Installing Freeware or Shareware

Small-charge or free software applications may come bundled with spyware, adware, or programs like OpenCandy. Sometimes adware is attached to free software to enable the developers to cover the overhead involved in created the software. Spyware frequently piggybacks on free software into your computer to damage it and steal valuable private information.

Using Peer-to-Peer Software

The use of peer-to-peer (P2P) programs or other applications using a shared network exposes your system to the risk of unwittingly downloading infected files, including malicious programs like OpenCandy.

Visiting Questionable Web Sites

When you visit sites with dubious or objectionable content, trojans-including OpenCandy, spyware and adware, may well be automatically downloaded and installed onto your computer.

Detecting OpenCandy^

The following symptoms signal that your computer is very likely to be infected with OpenCandy:

PC is working very slowly

OpenCandy can seriously slow down your computer. If your PC takes a lot longer than normal to restart or your Internet connection is extremely slow, your computer may well be infected with OpenCandy.

New desktop shortcuts have appeared or the home page has changed

OpenCandy can tamper with your Internet settings or redirect your default home page to unwanted web sites. OpenCandy may even add new shortcuts to your PC desktop.

Annoying popups keep appearing on your PC

OpenCandy may swamp your computer with pestering popup ads, even when you're not connected to the Internet, while secretly tracking your browsing habits and gathering your personal information.

E-mails that you didn't write are being sent from your mailbox

OpenCandy may gain complete control of your mailbox to generate and send e-mail with virus attachments, e-mail hoaxes, spam and other types of unsolicited e-mail to other people.