c627627 Posted November 16, 2015 Posted November 16, 2015 (edited) [0] Archive type: NSIS --> [PluginsDir]/OCSetupHlp.dll [DETECTION] Contains patterns of software PUA/OpenCandy.Gen [WARNING] Infected files in archives cannot be repaired I immediately submitted this as a false positive and requested Avira remove this designation immediately. I just got a reply this morning. They are not removing the virus designation. I have the Setup file in way too many places to zip and password protect them all, thereby not allowing them to be scanned by antivirus engines. I will eventually do that but if you guys wanted to do something about this, Avira has one of the best freeeware antivirus engines, it is a *very* popular freeware antivirus program, I post in multiple computer forums and base my opinion on its popularity on that. Good luck, I hope you figure this out, this just started happening recently.... Dear Sir or Madam,Thank you for your email to Avira's virus lab. A listing of files alongside their results can be found below: File ID Filename Size (Byte) Result 28656078 SetupImgBurn_2580.exe 3.31 MB RISK Please find a detailed report concerning each individual sample below: Filename Result SetupImgBurn_2580.exe RISK The file 'SetupImgBurn_2580.exe' has been determined to be 'RISK'. Our analysts named the threat PUA/OpenCandy.Gen. This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user’s privacy and the security of the local system.These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted.A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications.This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user’s privacy or system secur ity might be compromised.Disabling this detection is only recommended for advanced users that understand the risks and how to use these applications. This file is detected by a special detection routine from the engine module. Alternatively you can see the analysis result here:https://analysis.avira.com/en/status?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx&incidentid=1949650An overview of all your submissions can be found here:https://analysis.avira.com/en/overview?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details.Kind regardsAvira Virus Lab ---------------------------------------------Avira Operations GmbH & Co. KGKaplaneiweg 1, 88069 Tettnang, GermanyPhone: +49 (0) 7542-500 0Fax: +49 (0) 7542-500 3000Internet: http://www.avira.comCEO: Travis WitteveenHeadquarter: TettnangCommercial register: AG Ulm HRB 630992 Edited November 16, 2015 by c627627
strachan Posted December 16, 2015 Posted December 16, 2015 Never got a notice from Norton or Avast about a virus.
drumphil Posted December 16, 2015 Posted December 16, 2015 (edited) The reason they wont remove the virus designation is because opencandy is indeed malware, that deliberately uses deceptive tactics (like greyed out boxes, designed to look like you can't click on them) to trick people into installing software they don't want. Lightning UK, the author of Imgburn, knows this, but refuses to do anything about it, or even admit that he is now helping distribute malware. He is apparently happy to take a cut of the money made by deceiving people. From the response you recieved: "These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted.A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties." http://www.avira.com/en/potentially-unwanted-applications Tell me, what possible reason can you think of to grey out the boxes people need to click to avoid the instalation of software they don't want, other than to decieve them into thinking they have no choice? They do this so that they can trick as many people as possible, while deflecting criticizm by saying "hey, technically you could opt out, if you realized you could click the options we greyed out so you would think you couldn't click them" Their business is to trick as many people as possible, while avoiding prosecution, and having a bunch of clueless people defend them on the basis of the fact that you can technically avoid their offers. Edited December 16, 2015 by drumphil
Gim Posted December 22, 2015 Posted December 22, 2015 Opencandy is crap and they are telling the truth. It seems OP has trouble reading, as they clearly state as much in the reply he posted. If imgburn would STOP bundling their software with UTTER SHIT then perhaps they'd have a more favourable review. I'd rather pay than have a malware installer...like a lot of folk.
Recommended Posts