Spyware, Viruses, & Security forum

General discussion

CNET TechTracker-Adware:Win32/opencandy

by bhringer / February 22, 2011 10:19 AM PST
Post a reply
Discussion is locked
You are posting a reply to: CNET TechTracker-Adware:Win32/opencandy
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: CNET TechTracker-Adware:Win32/opencandy
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
MSE/TechTracker .. False Positive?
by Carol~ Forum moderator / February 22, 2011 1:05 PM PST


It would help to know which file/s it was, and where it was located. I suggest you open a support ticket with Microsoft. They will confirm (or deny) whether it's a false positive. You can do so here:


Additionally, we have a CNET TechTracker Forum. Another member posted at the forum, stating MSE detected a couple of his files as Adware:Win32/opencandy.

I strongly urge you to open a ticket with the MSE Team, and have them analyze the file/s. There have been quite a few instances where MSE, detected Adware:Win32/opencandy in error. In the meantime, you can also upload the file to VirusTotal. It's a free online scanning service, which analyzes suspicious files. My guess would be, it's a false reading.

Let us know how you make out..

Collapse -
CNET TechTracker setup.exe
by bhringer / February 22, 2011 4:57 PM PST

After reviewing the link in the other frum thread and others at MSE forums it has been submitted to both MS for review and virustotal and numerous others sites. According to virustotal MSE was the only one to detect this. I submitted the setup file to virustotal and got these results,


As you can Ikarus also detcted it and the first file submission to them was 2010.12.17.

Personaly I'm not a big fan of any software that phones home and am pretty diligent about doing my own updating.

Collapse -
VirusTotal Results..
by Carol~ Forum moderator / February 22, 2011 11:26 PM PST

For the most part, when a file is submitted to VT (or VirSCAN, Jotti, etc) and only one or two A/V's consider them suspicious (out of 43), it leads to a false positive reading. Not always, but most of the time. These type services will make you aware of that fact.

VirSCAN for instance, writes "Some anti-virus engines may define the files you will upload as malware, but it may turn out to be a false positive."

With ALL of the above said, I don't mean to imply it is a false positive. Only that it could be.

I have made the "powers that be" at CNET, aware of MSE's detection of TechTracker as Adware:Win32/OpenCandy.

IF this does turn out to be a false positive, the MSE Team will not address/correct the issue, if they haven't been made aware of it. It's one of the reasons, I always submit a file to vendors, and suggest other's do the same.

And personally speaking on my end, I'm NOT a big fan of software which phones home, either. I first find out the facts. If I have a problem with the software, I uninstall it.

Hope this helps..

Collapse -
Same issue
by sflesch1 / February 22, 2011 9:29 PM PST

FWIW I'm also getting Essentials detecting this. Open Candy is considered Adware and, if it exists in the setup file, CNET should give you the option to opt out (It should actually opt you out by default)

Collapse -
CNET TechTracker and adware detection...
by Aaron.Smith / February 23, 2011 9:43 AM PST

Hello TechTracker Users!

We've recently become aware of an issue with part of the TechTracker installer that is causing the software to be detected by some security applications as adware.

This error is caused by the inclusion of an OpenCandy offer for additional software that's part of our installer. We are working with our partners at OpenCandy on a resolution.

We take the privacy and security of our users very seriously and will provide additional information about this issue as it becomes available.

- CNET TechTracker Support

Collapse -
Update: CNET TechTracker and adware detection...
by Aaron.Smith / March 9, 2011 3:15 AM PST

Hello TechTracker Users!

I just wanted to post an update to this issue that was raised recently here in the forums. As I stated previously, we have worked with OpenCandy to address the issue of our installer being flagged as adware by some security software. We have also updated our installer so this will no longer occur. The OpenCandy component in the installer should no longer trigger adware warnings.

If you're interested in reading additional information about what happened and how the issue was resolved, you can read OpenCandy's post about it here: http://www.opencandy.com/2011/03/04/the-story-behind-the-opencandy-and-microsoft-adware-debacle/

We apologize for any confusion or inconvenience this may have caused. Thanks for your patience as we resolved the issue, and your continued use of CNET TechTracker.

- CNET TechTracker Support

Collapse -
by R. Proffitt Forum moderator / March 9, 2011 6:25 AM PST

Anonymous. I disagree. It's best removed.

Collapse -
OpenCandy still installing with CNET Tech Tracker
by jandrwright / March 28, 2011 9:35 AM PDT

March 28, 2011 Just installed CNET Tech Tracker - I stopped and deleted OpenCandy 3-4 times when Microsoft Essentials Adware detector appeared, listing OpenCandy as Adware, low threat. The last time, I left the "Adware detected" window open and continued with the installation, then had the Adware detector remove OpenCandy. I came to the following conclusions: Tech Tracker will not install without OpenCandy and will not work without OpenCandy. I will uninstall immediately. This shakes my faith in the integrity of CNET.

Collapse -
Hmm, according to Aaron's note above this should've...
by Lee Koo (ADMIN) CNET staff/forum admin / March 29, 2011 1:35 AM PDT

been fixed. Thanks for letting us know. I have forwarded this to the appropriate party to look into.

Thank you!

Collapse -
It's close to two months...
by suirauqa / May 23, 2011 10:15 AM PDT

...Mr Koo, since you indicated that it has been forwarded to the "appropriate party". OpenCandy still exists as of today in the Techtracker installer.

Collapse -
cnet.aaron is misleading users.
by suirauqa / May 23, 2011 10:12 AM PDT

On March 9, 2011, Cnet.Aaron said: " As I stated previously, we have worked with OpenCandy to address the issue of our installer being flagged as adware by some security software. We have also updated our installer so this will no longer occur."

Collapse -
One. It's not malware.
by R. Proffitt Forum moderator / May 24, 2011 1:40 AM PDT

At worst, today it could be called ADVERTISING WARE.

If you continue to call it malware you may not get the attention you want.

Collapse -
by bhringer / May 24, 2011 6:23 AM PDT
In reply to: One. It's not malware.
Collapse -
by R. Proffitt Forum moderator / May 24, 2011 6:26 AM PDT
In reply to: ADVETISING WARE=adware

If you research it, it's so low on the ad ware effect it's not funny.

Didn't AVG move this to a false positive or clarify it?

PS. Remember I'm leaving the research up to you so you can catch up.

Collapse -
(NT) No one's laughing
by bhringer / May 24, 2011 5:47 PM PDT
In reply to: And?
Collapse -
Make the choice.
by R. Proffitt Forum moderator / May 25, 2011 2:44 AM PDT
In reply to: No one's laughing

If you don't like it, don't use it.

At least we covered that it's not malware in its current form.

Collapse -
So, R. Proffitt...
by suirauqa / May 24, 2011 8:32 AM PDT
In reply to: One. It's not malware.

... rechristening it as Adware makes it all fine? Multiple antivirus programs are still flagging it as a threat - as of yesterday. And all you basically say is, "Deal with it!"

Collapse -
No reasoning here.
by R. Proffitt Forum moderator / May 24, 2011 8:36 AM PDT
In reply to: So, R. Proffitt...

Just trying to help you give the threat level right.

Today, as it stands you will have to make a choice about Open Candy. I can't make that choice for you but hope you can get some feedback about it from those that use it.

With that out of the way I have a question,

-> Since the Open Source project Media Info uses it, you would think the the Open Source zealots would have put up quite a stink about this?

Why didn't they?

Collapse -
Which antivirus programs?
by Aaron.Smith / May 25, 2011 7:27 AM PDT
In reply to: So, R. Proffitt...

Hi suirauqa,

Collapse -
Thank you, Aaron...
by suirauqa / May 25, 2011 12:06 PM PDT

The two AV programs that I have had this problem with are VIPRE and ESET Nod32. I believe, other users here have also indicated MSE.

Collapse -
Sorry, Aaron...
by suirauqa / May 25, 2011 12:11 PM PDT
In reply to: Thank you, Aaron...

... I forgot AVG, which flagged OpenCandy in the installer in my home desktop PC.

Collapse -
Thanks for the additional info...
by Mixotic / May 25, 2011 11:39 PM PDT
In reply to: Sorry, Aaron...

We were aware of a previous problem with ESET, which should have been resolved, but may have resurfaced as a result of our recent update. I'll add VIPRE to our list for internal testing.

Collapse -
Thanks suirauqa
by vriss / July 7, 2011 2:26 PM PDT
In reply to: Thank you, Aaron...

Yes, ESET NOD32 thinks it is ADWARE.

Collapse -
Now being reported in CutePDF.
by R. Proffitt Forum moderator / February 24, 2011 4:51 AM PST

OpenCandy's days may be numbered.

Collapse -
That makes 37 or more
by rhabdomantist / February 24, 2011 2:46 PM PST
Collapse -
Another statistic!
by hikergirl / March 3, 2011 8:39 AM PST
In reply to: That makes 37 or more

I, too, was downloading techtracker, when Microsoft Security Essentials (MSE) opened a warning window. As with others, I had: Adware: Win32/OpenCandy. It may be rated Low risk, but on my system, techtracker is history!

Collapse -
Open Candy is now in MEDIAINFO (open source!)
by R. Proffitt Forum moderator / May 24, 2011 1:41 AM PDT

It's not malware (today).

Collapse -
No to OpenCandy
by SMStallings48b / March 2, 2011 12:39 PM PST

I have counted on CNET Download for software "tested spyware free". Now I learn that CNET's own product contains spyware. I am concerned that CNET would be using OpenCandy's products.

Collapse -
Keep in mind.
by R. Proffitt Forum moderator / March 2, 2011 2:08 PM PST
In reply to: No to OpenCandy

That it's a recent find and that many are being caught with this one. CutePDF which is a fav was found with it.

Let's see how long it takes for OpenCandy to be removed or fixed.

Collapse -
No to OpenCandy.
by SMStallings48b / March 2, 2011 3:14 PM PST
In reply to: Keep in mind.

Please refer to cnet.aaron's above post which states intent to use OpenCandy's services. From other readings, I had already decided that OpenCandy is not a service that I want to have anything to do with, by my own doings or someone else's. I am angry at what malware is doing and condemn anything that falls into that category, including spyware and adware, both of which this is. Here's a nice blog post that reveals what OpenCandy is: http://cranialsoup.blogspot.com/2009/05/opencandy-new-kind-of-adwarespyware.html.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


$16,000 used SUVs

Whether you like your SUVs cute or capable, or some blend of the two, we've got a wide variety of choices in Roadshow's first collection of Editors' Used Picks.