OpenCandy was an Adware module classified as malware by many anti-virus vendors. They flag OpenCandy due to its undesirable side-effects. It is designed to be installed on a personal computer during installation of other desired software. Produced by SweetLabs, it consists of a Microsoft Windows library incorporated in a Windows Installer. When a user installs an application that has bundled the OpenCandy library, an option appears to install software it recommends based on a scan of the user's system and geolocation. Both the option and offers it generates are selected by default if the user simply clicks "Next" through the installation.
OpenCandy's various undesirable side-effects include changing the user's homepage, desktop background or search provider, and inserting unwanted toolbars, plug-ins and extension add-ons in the browser. It also collects and transmits various information about the user and their surfing habits to third parties without notification or consent.
OpenCandy was shut down in June, 2016.
The software was originally developed for the DivX installation, by CEO Darrius Thompson. When installing DivX, the user was prompted to optionally install the Yahoo! Toolbar. DivX received $15.7 million during the first nine months of 2008 from Yahoo and other software developers, after 250 million downloads.
Components of the program may have differing but similar names based on version.
Note that files dropped by this program usually have the 'hidden' and 'system' attributes set. In order to see or search for them, folder settings for "hide operating system files" will need to be unchecked, and "show hidden files and folders" will need to be checked.
Note: additional processes associated with any accepted offers may also run.
Registry keys have varying names, so that a search of the registry for "*opencandy*" will need to be done to find and delete them.
DNS and HTTP queries
- Select "Custom installation (advanced)" and uncheck all option boxes.
- Run the software installer offline, or from command line with option /NOCANDY.
- Block OpenCandy IP addresses in the Windows hosts file with entries like: 0.0.0.0 api.opencandy.com
- Run anti-malware such as Malwarebytes after the software installation to clean the system.
- Use an active anti-virus to detect and block adware/malware on-the-fly
Software known to have included OpenCandy
- Auslogics Disk Defrag
- CDBurnerXP (depending on version) (confirmed on website, alternate download without OpenCandy available; confirmed 2015-10-24) 
- CDex (depending on version) (confirmed on AVG site)
- Cheat Engine
- CrystalDiskInfo (except Portable Edition or Shizuku edition. Confirmed 2015-10-24. Dropped 10 Feb 2016.) 
- Darkwave Studio
- DVDVideoSoft Confirmed 2016-5-30.
- EaseUS Partition Master Free 10.1
- FileMenu Tools free version
- Foxit Reader (6.1.4 – 6.2.1)
- Format Factory
- GOM Player
- ImgBurn (from version 220.127.116.11,)
- IZarc 
- MP3 Rocket
- MyPhoneExplorer (dropped March 2015)
- Orbit Downloader (confirmed 2015-10-24) 
- RIOT (except portable version)
- Sigil (dropped in version 0.5.0 and later)
- Trillian (dropped 5 May 2011)
- Veetle (Not affect on Linux package)
- WinSCP (through August 2012)
- VirusTotal file checking Web page on the OpenCandy file ocsetuphlp.dll: 26 out of 56 virus scanners identified it as malware on 21 May 2016
- ADW_OPENCANDY: Trend Micro page, 30 April 2016
- Needleman, Rafe (11 November 2008), OpenCandy brings ad market to software installs. What?, CNET news, retrieved 2009-08-18
- Marshall, Matt (10 November 2008), OpenCandy inserts recommendations when you install software, retrieved 2009-08-18
- "Safely install ImgBurn without OpenCandy malware". www.jdhodges.com. Retrieved 2016-01-06.
- "To those who are unhappy about 18.104.22.168 being bundled with OpenCandy - ImgBurn General". ImgBurn Support Forum. Retrieved 2016-01-06.
- "Blocking Unwanted Connections with a Hosts File". winhelp2002.mvps.org. Retrieved 2016-01-06.
- "Free Anti-Malware & Internet Security Software". Malwarebytes. Retrieved 2016-01-06.
- "Inquiry about detection of Auslogics Defrag Free Edition - ESET NOD32 Antivirus".
-  (click "More download options")
-  Multiple Packages available
- "DarkWave Studio v5.5.5 for Windows 7/Vista/XP".
- End User License Agreement, retrieved September 2014
- User, Super. "FileMenu Tools".
- "Does Foxit Reader free 6.1.4.0217 have malware? - Foxit Corporation Forums". horizontal tab character in
|title=at position 52 (help)
- "Format Factory - Free media file format converter".
- Zenju. "FreeFileSync".
- "FrostWire: Downloader, BitTorrent Client and Media Player".
- "GOMlab.com include technical information and download link of GOM Player, GOM Audio, GOM Video Converter and GOM Remote.".
- "Change log". ImgBurn. LIGHTNING UK!. 2013-06-16. Archived from the original on 2014-08-08. Retrieved 2014-08-30.
Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation.
- "Free Zip/Unzip Files Utility".
- "MP3 Support Analysis - herdProtect".
- gizmo, richards (2014-02-08). "Controversial Advertising Program Now Being Embedded in More Software". Gizmo's Freeware. Archived from the original on 2014-08-07. Retrieved 2014-08-30.
OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more.
- SEMU-Design. "FJ Software Development".
- "Malware scan of novaroma.v0.9.9.2.setup.exe (Novaroma) 56f9cfa760427a24ee21473cb547d77674184250 - Reason Core Security Labs".
-  On the Help/Facts page
- Discussions on pdfforge Forums
- "PowerISO - Create, Burn, Mount, Edit, Compress, Encrypt, Split, Extract ISO file, ISO/BIN converter, Virtual Drive".
- "RIOT - Radical Image Optimization Tool Alternatives and Similar Software - AlternativeTo.net".
- Schember, John (21 January 2012). "Sigil 0.5.0 Released". Retrieved 2012-03-17.
- "Malware on Install".
- "Antivirus scan for c5a31520f167138d88df23475fc85881b19f48b076419cc3f6b3c92d71482809 at 2016-06-24 09:43:13 UTC - VirusTotal". line feed character in
|title=at position 87 (help)
- "WinSCP - OpenCandy". Retrieved 2014-04-03.