PUA

What is “PUABundler:Win32/CandyOpen”?

Malware Removal

The PUABundler:Win32/CandyOpen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What PUABundler:Win32/CandyOpen virus can do?

  • Presents an Authenticode digital signature
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Anomalous binary characteristics

How to determine PUABundler:Win32/CandyOpen?


File Info:

crc32: 99AE39DD
md5: a333888de341a66bde11c4d494d9309f
name: A333888DE341A66BDE11C4D494D9309F.mlw
sha1: 6ff0b15b26c42e64a08d84e32ccaaa6b1d8bfc73
sha256: e2b1812f88b47cbba74ee74fc7dd33e4c1954575259f30ab94fb63c7a952930d
sha512: aaec9e1439d6da8942b03e08c515df860b12da1284d8aae75b0553b0c09c76322a870324217ee721b2aecdecb002073110e8cfa00c8e4b7774a3d77506d7937c
ssdeep: 24576:IU98VDf1Nhqz6mmd11n1Wyw4J+Oyz+1dqeA:38VLPIVhCfqeA
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: xa92013 BitTorrent, Inc. All Rights Reserved.
InternalName: uTorrent.exe
FileVersion: 3.3.2.30100
CompanyName: BitTorrent Inc.
ProductName: xb5Torrent
ProductVersion: 3.3.2.30100
FileDescription: xb5Torrent
OriginalFilename: uTorrent.exe
Translation: 0x0409 0x04e4

PUABundler:Win32/CandyOpen also known as:

LionicRiskware.Win32.Generic.1!c
ZillyaDownloader.Upatre.Win32.59886
CyrenW32/Bunndle.A.gen!Eldorado
ESET-NOD32a variant of Win32/uTorrent.C potentially unwanted
CynetMalicious (score: 100)
FireEyeGeneric.mg.a333888de341a66b
SentinelOneStatic AI – Malicious PE
MicrosoftPUABundler:Win32/CandyOpen
GDataWin32.Application.OpenCandy.F
VBA32BScope.TrojanSpy.Zbot
MalwarebytesPUP.Optional.BundleInstaller
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/BitTorrent.PUP

How to remove PUABundler:Win32/CandyOpen?

PUABundler:Win32/CandyOpen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment