Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, June 29, 2014

MalSign.OpenCandy.7AF Removal Guide

Tell your friends:
MalSign.OpenCandy.7AF is a generic AVG detection for malicious programs that may display ads and pop-ups on your computer. This threat is also detected as PUP.Optional.OpenCandy. MalSig means malicious signature. OpenCandy is the adware family. And 7AF the specific variant of this adware. The funny thing is that AVG detects Avast's file aswRec.dll as malware as well. This will probably be fixed soon. It's a false positive. If you keep getting notifications about this threat in Avast's folder, simply reboot your computer in SAFE MODE, go to Program files folder and remove the malicious file. Full path: Program Files/Avast Software/Avast/aswRec.dll. Or you could just delete the entire Avast software folder. However, other threats that you may get are likely to be real and not false positives. Please note that they start with the same indicator but have different identifier at the end which means that it's either a new variant of the same malware family or slightly modified version that may use additional features for example. Please use this guide to remove MalSign.OpenCandy.7AF and any associated malware.

What is MalSign.OpenCandy.7AF and how does one infect your computer?

Well, firstly it might come as quite a surprise to learn that you actually play a part in the process. This is because for this malware to attack your machine you need to install the server part of the application. Cyber crooks use social engineering to trick users into installing malicious software and adware. The good news is that it won't steel your passwords and credit card details but it's still a threat. Besides, it usually comes bundled with adware malicious programs, including malicious browser extensions, PUPs and sometimes even spyware that may gather information about your browsing habits.

In another scenario, the author might send you the malicious code as a file in an email, hoping that you open the attachment and then execute the malware by running the .exe file to install it. This is because, unlike a virus, it doesn't multiply of its own accord; it needs you to execute and install it instead. Once this has been done the malware server will automatically run every time you log in to your PC. What is more, you may get infected by visiting an infected website.

Why have I been targeted by this malware?

As mentioned, such malware infections are commonly spread via email attachments and infected websites. The author will attach the file containing the malware to a mail and then spam hundreds or even thousands of people. And if you're unlucky enough that your name is on the list – one of them could be you.

Likewise if you've been sucked in to downloading something less than reputable – i.e. through social engineering – you may also find yourself on the receiving end of MalSign.OpenCandy.7AF. As I said, it is being actively promoted using various pay-per-install networks.

Is it a threat?

MalSign.OpenCandy.7AF can be particularly nasty. Although not technically a virus, they are still a very unpleasant strain of malware and they can download and install additional malware on your computer. They can corrupt data on your system and make it inaccessible – and you probably don't need me to tell you how much of a nuisance that will be. Not to mention that such infections usually make computers run slower.

What can I do to protect myself from such threats?

Luckily there are a few steps you can take to protect yourself from MalSign.OpenCandy.7AF. Probably the most obvious one being to never open emails from an unknown sender. And if you do open one in error – definitely do NOT open any attachments. All you need to do in this situation is to delete the message. You should, it goes without saying, also install a reputable anti-malware on your system as this will scan any files you download – even those that are sent by someone in your contact list.

If you do find you've been infected by MalSign.OpenCandy.7AF, scan your computer with anti-malware software and delete the questionable files. If you are unlucky enough, you may have to reinstall your operating system too, which is not fun. Therefore, it makes all the sense in the world to have a decent anti-malware installed and to exercise a little caution when opening emails.

If you have questions, leave a down comment below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur,

MalSign.OpenCandy.7AF Removal Guide:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.

2. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use an automatic software update tool to scan for vulnerable programs on your computer.

3. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

4. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.


Anonymous said...

The MalSign.OpenCandy.7AF was detected by AVG when I clicked on a RealPlayer Cloud update button that popped up on my computer. I had AVG remove the threat and I cancelled the RealPlayer update. Now I'm considering uninstalling RealPlayer.

Anonymous said...

I ran ccleaner first and then run tdskiller and it seems to have done the trick

Nancy Davis said...

I ran CCleaner, two antivirus, did rebooting after each. AVG showed it was still there. Closed AVG, ran tdskiller. Rebooted. AVG showed virus was still there.