Categories: PUA

About “PUA:Win32/CandyOpen” infection

The PUA:Win32/CandyOpen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/CandyOpen virus can do?

  • Presents an Authenticode digital signature
  • Starts servers listening on 0.0.0.0:53098, :0, 127.0.0.1:10000
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Detects the presence of Wine emulator via registry key
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Creates a copy of itself

Related domains:

router.bittorrent.com
update.utorrent.com
dishes.utorrent.com
bundles.bittorrent.com
update.bittorrent.com
bench.utorrent.com

How to determine PUA:Win32/CandyOpen?



File Info:

crc32: 7B362CAFmd5: 4e1d9c7e42283a9ad1703e9ffd326654name: utorrent_8_00_01_sweet211.ru.exesha1: e18a0f43c492161f08645bdcb76c2b2d6f2c5d16sha256: d37dfd4290c29d66f63a157be7ade4864162048f2cd1baec68e9c3b8490e1149sha512: d27ec051515ee4d657aac430a7d83578d6a0fe5f517ffdeeaa553d1cdcf1f69e929ae95b3067035eec418ed1e52bf8ef0c544280457706172819f86d6a50019assdeep: 24576:xTws1aCe2WKXXsMFE4MMe2oHSz2wFjBqDoOBGcEj4BH:yxwHLE4MMe2oy3BrO3EjUtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: xa92013 BitTorrent, Inc. All Rights Reserved.InternalName: uTorrent.exeFileVersion: 3.4.0.30242CompanyName: BitTorrent Inc.ProductName: xb5TorrentProductVersion: 3.4.0.30242FileDescription: xb5TorrentOriginalFilename: uTorrent.exeTranslation: 0x0409 0x04e4

PUA:Win32/CandyOpen also known as:

Bkav W32.HfsAdware.1073
APEX Malicious
GData Win32.Application.OpenCandy.R
Jiangmin Trojan.Agent.dvj
Microsoft PUA:Win32/CandyOpen
ESET-NOD32 a variant of Win32/uTorrent.C potentially unwanted
Fortinet Riskware/uTorrent

How to remove PUA:Win32/CandyOpen?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: bench.utorrent.combundles.bittorrent.comdishes.utorrent.comPUA:Win32/CandyOpenrouter.bittorrent.comupdate.bittorrent.comupdate.utorrent.comuTorrent.exe
4 years ago

Recent Posts

Lazy.280688 removal guide

The Lazy.280688 is considered dangerous by lots of security experts. When this infection is active,…

17 mins ago

Malware.AI.3454153382 information

The Malware.AI.3454153382 is considered dangerous by lots of security experts. When this infection is active,…

32 mins ago

Midie.100502 removal tips

The Midie.100502 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.3915743673 (file analysis)

The Malware.AI.3915743673 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.2034266737 removal

The Malware.AI.2034266737 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Trojan.Win32.Agent.xbmkmt removal tips

The Trojan.Win32.Agent.xbmkmt is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago