About “OpenCandy (PUA)” infection

The OpenCandy (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What OpenCandy (PUA) virus can do?

Dynamic (imported) function loading detected
Reads data out of its own binary image
Authenticode signature is invalid

How to determine OpenCandy (PUA)?


File Info:
name: 53A186616C3807E98B26.mlw
path: /opt/CAPEv2/storage/binaries/b59a4cbef11d8cc4cb9b6f8c088c3647fca517a9f188bb7d4e10959202b29f4c
crc32: 57FEE843
md5: 53a186616c3807e98b26381bfb91bc86
sha1: dc8fb8d6ec5dae44afccddcfa1f6f576d7b0bb69
sha256: b59a4cbef11d8cc4cb9b6f8c088c3647fca517a9f188bb7d4e10959202b29f4c
sha512: 1360b107513afedf485eddbc1bd2474d21cad36bf0319cde263ab4713a7822b4378a0fd628ffc21428a42ea582fbaebf47875aed3c3c0191b2a06936919ce918
ssdeep: 98304:z4nZ+D5cZ1vn3bwAvVBwcPwPVHWyGaeCVsd2KPskq5PUpk2eEiHZ/:oZ+KT0YvcZWWVlSQOm1N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15536332139D32862E63D31B05E971B1E8E36DBC4ED608A267B7434FEBC74101A7A7265
sha3_384: 47e8ca848d31c4fd1d76abfa553e1832cd75544d504d726b5eac66a0a749a9dfc6866efd6f5c1bd2fbf92430ad038c24
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46

Version Info:
Comments: The most advanced file sharing program on the planet.
CompanyName: FrostWire Team
FileDescription: The Fastest File Sharing Application on Earth
FileVersion: 4.21.3.0
InternalName: FrostWire
LegalCopyright: FrostWire Team 2008
OriginalFilename: frostwire-4.21.3.windows.exe
PrivateBuild: 0.0.0.0
ProductName: FrostWire
ProductVersion: 4.21.3.0
SpecialBuild: 0.0.0.0
Translation: 0x0409 0x04e4

OpenCandy (PUA) also known as:

McAfee	Adware-OpenCandy.b.dll
Cylance	Unsafe
Cyren	W32/OpenCandy.J.gen!Eldorado
ESET-NOD32	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe
APEX	Malicious
Kaspersky	not-a-virus:HEUR:AdWare.Win32.OpenCandy.gen
NANO-Antivirus	Riskware.Win32.OpenCandy.dyxdre
Sophos	OpenCandy (PUA)
McAfee-GW-Edition	Adware-OpenCandy.b.dll
Emsisoft	Application.AdInstall (A)
GData	Win32.Adware.OpenCandy.D
eGambit	Unsafe.AI_Score_99%
Avira	PUA/OpenCandy.Gen
Antiy-AVL	Trojan/Generic.ASMalwNS.2937
Arcabit	PUP.Adware.OpenCandy
ZoneAlarm	not-a-virus:HEUR:WebToolbar.Win32.Asparnet.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	SigAdware.Ask.com
Malwarebytes	PUP.Optional.ASK
Rising	Malware.Undefined!8.C (C64:YzY0OuWRd0L//Jhg)
Fortinet	Riskware/Asparnet

How to remove OpenCandy (PUA)?

OpenCandy (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X