8/21/2013

How to remove PUP.Optional.OpenCandy virus completely

PUP.Optional.OpenCandy is detected by anti-virus programs

Malwarebytes or other anti-spyware applications can detect PUP.Optional.OpenCandy after doing a quick scan or a full scan, I can see 3 files pop up during the scanning, and the files have 2 separate names. First one is PUP.Optional, the other one is OpenCandy. In addition, the files are found onboard hard drive, and its location was found on C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll.

PUP. Optional.OpenCandy cannot remove by antivirus software

My antivirus software Malwarebytes picked up 3 files after doing a full scan and these 3 files related with PUP. Optional, and one of them called PUP.Optional.OpenCandy, and the other two named PUP.Optional.Conduit.A and PUP.Optional.CrossRider. I used my antivirus to remove these infections, It appeared to be deleted, but after rebooting my computer, I did another scan for I wanted make confirm to keep my computer safe, but the same 3 files pop up again. I removed it again, but when I opened my computer later, this infection came up again.

A story about PUP. Optional.OpenCandy infection

PUP. Optional.OpenCandy is categorized as an adware, for it will display nagging advertising on the attacked computers, and it will exhibit plenty of ads on your browsing behaviors. It means that you will get a bunch of ads which contain malicious links, tricky websites, or sponsored images. When visitors click those ads, it will inflate a site’s page ranking in search results. In the end, the creators of these ads will get increasing advertising revenue in the use of PUP.Optional.OpenCandy program. Otherwise, those malicious things always have functions like rootkit to sneak deep into the compromised system and then start to do a lot of horrible things on it. It can hijack your browser and change the settings of your default homepage and search engine, and then add the PUP. Optional.OpenCandy on your search box, so each time you open a new tab search, you will see these key words on the address bar. You cannot delete them, and every time you will get unwanted results if you search something by using your internet browsers.

Do not know how and when PUP. Optional.OpenCandy gets inside my computer

PUP. Optional.OpenCandy is an unwanted program that can be easily gotten with. This infection often is bundled with freeware software including video recording/streaming, download-managers or PDF creators. In addition, this virus is also bundled within the custom installer on many download sites such as CNET, Brothersoft or Softonic, after you installing an application from these websites, this threat will get into your system without your permission. Moreover, it distributes via spam email attachments, click of unknown links on websites, file network sharing, etc.
Potential damages caused by PUP. Optional.OpenCandy
(1)   Users will find that your search engine has replaced with Optional.OpenCandy Search Engine without your consent.
(2)   Victims can see a lot of ads popup from Optional.OpenCandy, and you cannot stop those ads, and you also cannot minimize the window of this virus.
(3) When search something by your default search engine, you will get a lot of redirections to Optional.OpenCandy its own site.
(4)  The default settings of Internet Explorer, Mozilla FireFox, Google Chrome, Yahoo and Sarafi will be changed automatically.
(5) You find that your recent browsers may corrupt, and you need to take a long time to open your browsers.

How to get rid of PUP. Optional.OpenCandy

Step 1. Show hidden folder from your computer
1). Click on the Start button and then on Control Panel
2). Click on the Appearance and Personalization link
3). Click on the Folder Options link
4). Click on the View tab in the Folder Options window
5). Choose the Show hidden files, folders, and drives under the Hidden files and folders category
6). Click OK at the bottom of the Folder Options window.
Step2. Stop malicious processes about this infection;
1. Open the Windows Task Manager
You can press Ctrl + Shift + ESC together or Ctrl + Alt + Delete together.
If it does not work, Click the Start button, and click the run option, type taskmgr and press OK. The Windows Task Manager should open.

2. In the Windows Task Manager, find out the process of THE Redirect by name random.exe. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button. This will end the process. 


Step 3. Delete PUP.Optional.OpenCandy creates the following files in the system:
%Desktopdir%\PUP.Optional.OpenCandy.lnk
%Programs%\PUP.Optional.OpenCandy\PUP.Optional.OpenCandy.lnk
PUP.Optional.OpenCandy creates the following registry entries:
Step4.Remove PUP.Optional.OpenCandy all added registry:   

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PUP.Optional.OpenCandy\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PUP.Optional.OpenCandy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PUP.Optional.OpenCandy\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PUP.Optional.OpenCandy\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PUP.Optional.OpenCandy\DisplayName PUP.Optional.OpenCandy

Hint point: It is important that you remove all other programs installed with this PUP.Optional.OpenCandy adware, for some of them may or reset back browser settings, and it can be come back again, you need to take care of finding programs which connected to PUP.Optional.OpenCandy.In addition, all above steps are related, so you need to deal with it step by step. And you must master quiet good computer skills, or it may delete the wrong files which lead to clash your system.

没有评论:

发表评论