Malware

Win32/OpenCandy potentially unsafe removal tips

Malware Removal

The Win32/OpenCandy potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/OpenCandy potentially unsafe virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
api.opencandy.com
a.tomx.xyz

How to determine Win32/OpenCandy potentially unsafe?



File Info:

crc32: 373CF116
md5: 2c29f92204d8fe08c6c69e753f541a5e
name: CheatEngine62.exe
sha1: 9fa14ee4b93b0f6f4a24623325f7ad56f7c1d55f
sha256: 871cb25c5324029111491fdc37cd428f29437c809728df50b5a86b99d283876f
sha512: 2bc049fdb43924c5b3b493975349399b3be89d402e62cfeed05a33dd7e9ffb885c15a9d70f78854164f8834fc78ea75056c231f3284067e5fcdab88968ad3853
ssdeep: 98304:QX00NANfP+3cpfujfAPtc0dNaAZiksWIW6+C7k0VrvDl0odrrf2g14WBeCMnnjm+:gDq+s54u5d4AZi9WINkEl1dugWmtWd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Dark Byte                                                   
Comments: This installation was built with Inno Setup.
ProductName: Cheat Engine 6.2                                            
ProductVersion:                     
FileDescription: Cheat Engine 6.2 Setup                                      
Translation: 0x0000 0x04b0

Win32/OpenCandy potentially unsafe also known as:

CMCAdWare.Win32.Agent!O
CylanceUnsafe
K7AntiVirusUnwanted-Program ( 004d38111 )
K7GWUnwanted-Program ( 004d38111 )
ESET-NOD32Win32/OpenCandy potentially unsafe
Kasperskynot-a-virus:Downloader.Win32.OpenCandy.lc
AlibabaDownloader:Win32/OpenCandy.edb6c3d8
NANO-AntivirusRiskware.Win32.OpenCandy.dqxwev
ViRobotAdware.Opencandy.7171633
AvastWin32:OpenCandy-D [PUP]
RisingPUF.OpenCandy!1.9DE5 (CLASSIC)
EmsisoftApplication.AdInstall (A)
ComodoApplicUnwnt@#1p2i6bf8j9p3
F-SecurePotentialRisk.PUA/OpenCandy.Gen
DrWebAdware.OpenCandy.238
ZillyaAdware.OpenCandy.Win32.2380
FortinetRiskware/OpenCandy
SophosOpenCandy (PUA)
CyrenW32/Adware.ECKM-3307
AviraPUA/OpenCandy.Gen
Endgamemalicious (high confidence)
ZoneAlarmnot-a-virus:Downloader.Win32.OpenCandy.lc
MicrosoftPUA:Win32/CandyOpen
VBA32Adware.OpenCandy
YandexRiskware.OpenCandy!
GDataWin32.Riskware.Hacktool.D
AVGWin32:OpenCandy-D [PUP]

How to remove Win32/OpenCandy potentially unsafe?

Win32/OpenCandy potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment