...dealing with issues and problems in Windows 10. And this is with a
clean install of the OS. This morning it's the fact that Windows
Security has blocked several applications and won't allow me to install
them because they have things like OpenCandy or the Babylon Toolbar,
things which can easily by bypassed during the program's setup by
unchecking an option to use either of those bundlewares.
Microsoft: "We know what's good for you"
Me: "But I've been installing and using the programs you've blocked for literally DECADES!"
Microsoft: "We know what's good for you, and to prove it, we've now
removed the ability to select an "allow" action or any other action in
fact."
...dealing with issues and problems in Windows 10. And this is with a
clean install of the OS. This morning it's the fact that Windows
Security has blocked several applications and won't allow me to install
them because they have things like OpenCandy or the Babylon Toolbar,
things which can easily by bypassed during the program's setup by
unchecking an option to use either of those bundlewares.
"John C." <r9jmg0@yahoo.com> wrote:
...dealing with issues and problems in Windows 10. And this is with a
clean install of the OS. This morning it's the fact that Windows
Security has blocked several applications and won't allow me to install
them because they have things like OpenCandy or the Babylon Toolbar,
things which can easily by bypassed during the program's setup by
unchecking an option to use either of those bundlewares.
While you are vague as to just what is stopping you from installing,
I'll assume you are talking about Windows Defender. You can override
those protections. Sometimes when alerting, Defender will let you
choose to Allow. Else, go into Windows Security, Protection History,
click the item, and check if there is an Actions button that lets you
Allow. Or, go into Windows Security -> Manage Settings (for Virus &
threat protection), and add an exclusion.
OpenCandy is adware which connects to an ad server to deliver ads to
you. It is bundled with freeware or shareware but dishonest authors
that want to acquire revenue subvertly. The easiest way to thwart its install is to download the install (had not be a web stub installer, but
a full install program), disconnect from the Internet (yank the cable, disable wifi, turn off the modem, etc), and install the software. When OpenCandy can't phone home, it doesn't install. Although there are LOTS
of online articles on how to remove it (assuming you weren't proactive
to thwart it in the first place, or dump that software to get something
more respectable), like:
https://www.malwarebytes.com/blog/detections/pup-optional-opencandy
which have you install anti-malware to remove the adware crap, manual
removal is not difficult.
Babylon Toolbar is a web browser extension, so easy to remove. You also
need to reset your web browser's home page since Babylon has it point to their search page.
https://en.wikipedia.org/wiki/Babylon_(software)
While some of this bundled crapware is surreptitiously installed (i.e., without informing the user), much of it is by user choice. If there is
a custom install where you select what to install, always choose that
install mode. However, most Windows users are lazy and impatient, and
click on anything to proceeds through an install as fast as possible
with as little cognitive effort by the user.
On 25/02/15 03:24 PM, VanguardLH wrote:
"John C." <r9jmg0@yahoo.com> wrote:
...dealing with issues and problems in Windows 10. And this is with a
clean install of the OS. This morning it's the fact that Windows
Security has blocked several applications and won't allow me to install
them because they have things like OpenCandy or the Babylon Toolbar,
things which can easily by bypassed during the program's setup by
unchecking an option to use either of those bundlewares.
While you are vague as to just what is stopping you from installing,
I'll assume you are talking about Windows Defender. You can override
those protections. Sometimes when alerting, Defender will let you
choose to Allow. Else, go into Windows Security, Protection History,
click the item, and check if there is an Actions button that lets you
Allow. Or, go into Windows Security -> Manage Settings (for Virus &
threat protection), and add an exclusion.
OpenCandy is adware which connects to an ad server to deliver ads to
you. It is bundled with freeware or shareware but dishonest authors
that want to acquire revenue subvertly. The easiest way to thwart its
install is to download the install (had not be a web stub installer, but
a full install program), disconnect from the Internet (yank the cable,
disable wifi, turn off the modem, etc), and install the software. When
OpenCandy can't phone home, it doesn't install. Although there are LOTS
of online articles on how to remove it (assuming you weren't proactive
to thwart it in the first place, or dump that software to get something
more respectable), like:
https://www.malwarebytes.com/blog/detections/pup-optional-opencandy
which have you install anti-malware to remove the adware crap, manual
removal is not difficult.
Babylon Toolbar is a web browser extension, so easy to remove. You also
need to reset your web browser's home page since Babylon has it point to
their search page.
https://en.wikipedia.org/wiki/Babylon_(software)
While some of this bundled crapware is surreptitiously installed (i.e.,
without informing the user), much of it is by user choice. If there is
a custom install where you select what to install, always choose that
install mode. However, most Windows users are lazy and impatient, and
click on anything to proceeds through an install as fast as possible
with as little cognitive effort by the user.
I know all about OpenCandy and the Babylon Toolbar. The problem is that
two programs I like are:
Photoscape 3.7 (comes with OpenCandy)
and:
Unlocker 1.9.2 (comes with the Babylon Toolbar)
And OF COURSE I know how to avoid having either of those crappy
bundlewares from polluting my computer during setup of either program. Windows Security has blocked both of those programs. I as able to get Unlocker installed before WS blocked it, but not Photoscape. I will be offline and temporarily disable WS the next time I try to install it.
I know all about OpenCandy and the Babylon Toolbar. The problem is that
two programs I like are:
Photoscape 3.7 (comes with OpenCandy)
and:
Unlocker 1.9.2 (comes with the Babylon Toolbar)
And OF COURSE I know how to avoid having either of those crappy
bundlewares from polluting my computer during setup of either program. Windows Security has blocked both of those programs. I as able to get Unlocker installed before WS blocked it, but not Photoscape. I will be offline and temporarily disable WS the next time I try to install it.
On Sun, 16 Feb 2025 08:47:03 -0600, John C. <r9jmg0@yahoo.com> wrote:
On 25/02/15 03:24 PM, VanguardLH wrote:
"John C." <r9jmg0@yahoo.com> wrote:
...dealing with issues and problems in Windows 10. And this is with a
clean install of the OS. This morning it's the fact that Windows
Security has blocked several applications and won't allow me to install >>>> them because they have things like OpenCandy or the Babylon Toolbar,
things which can easily by bypassed during the program's setup by
unchecking an option to use either of those bundlewares.
While you are vague as to just what is stopping you from installing,
I'll assume you are talking about Windows Defender. You can override
those protections. Sometimes when alerting, Defender will let you
choose to Allow. Else, go into Windows Security, Protection History,
click the item, and check if there is an Actions button that lets you
Allow. Or, go into Windows Security -> Manage Settings (for Virus &
threat protection), and add an exclusion.
OpenCandy is adware which connects to an ad server to deliver ads to
you. It is bundled with freeware or shareware but dishonest authors
that want to acquire revenue subvertly. The easiest way to thwart its
install is to download the install (had not be a web stub installer, but >>> a full install program), disconnect from the Internet (yank the cable,
disable wifi, turn off the modem, etc), and install the software. When >>> OpenCandy can't phone home, it doesn't install. Although there are LOTS >>> of online articles on how to remove it (assuming you weren't proactive
to thwart it in the first place, or dump that software to get something
more respectable), like:
https://www.malwarebytes.com/blog/detections/pup-optional-opencandy
which have you install anti-malware to remove the adware crap, manual
removal is not difficult.
Babylon Toolbar is a web browser extension, so easy to remove. You also >>> need to reset your web browser's home page since Babylon has it point to >>> their search page.
https://en.wikipedia.org/wiki/Babylon_(software)
While some of this bundled crapware is surreptitiously installed (i.e.,
without informing the user), much of it is by user choice. If there is >>> a custom install where you select what to install, always choose that
install mode. However, most Windows users are lazy and impatient, and
click on anything to proceeds through an install as fast as possible
with as little cognitive effort by the user.
I know all about OpenCandy and the Babylon Toolbar. The problem is that
two programs I like are:
Photoscape 3.7 (comes with OpenCandy)
and:
Unlocker 1.9.2 (comes with the Babylon Toolbar)
My version of Unlocker 1.9.2 (Portable) is from MajorGeeks and is not Ad-Supported.
https://www.majorgeeks.com/files/details/unlocker_portable.html
And OF COURSE I know how to avoid having either of those crappy
bundlewares from polluting my computer during setup of either program.
Windows Security has blocked both of those programs. I as able to get
Unlocker installed before WS blocked it, but not Photoscape. I will be
offline and temporarily disable WS the next time I try to install it.
"Some errors you might get that Unlocker Portable can help with include:
Cannot delete file: Access is denied.
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is
not currently in use."
I have indeed gotten those errors before. I'll give the portable
version a try.
"John C." <r9jmg0@yahoo.com> wrote:
I know all about OpenCandy and the Babylon Toolbar. The problem is that
two programs I like are:
Photoscape 3.7 (comes with OpenCandy)
and:
Unlocker 1.9.2 (comes with the Babylon Toolbar)
And OF COURSE I know how to avoid having either of those crappy
bundlewares from polluting my computer during setup of either program.
Windows Security has blocked both of those programs. I as able to get
Unlocker installed before WS blocked it, but not Photoscape. I will be
offline and temporarily disable WS the next time I try to install it.
I've used Unlocker in the past, but gave up on it. Been way too many
years since I dropped Unlocker to remember why I gave up on it, but
recall something about it hanging. When I used it back then, OpenCandy
was not yet bundled with it. Its author might've implemented that
dastardly trick after I dropped Unlocker. The last update to Unlocker
was back in 2013.
There is a portable version of Unlocker that is ad-free (no OpenCandy).
While it is listed at:
https://www.majorgeeks.com/files/details/unlocker_portable.html
a portable version is not listed at the author's site of:
http://www.emptyloop.com/unlocker/#download
which shows the latest 1.9.2 version was released back in 2013. That
there is a portable version makes me wonder if someone gleaned the crap
out of Unlocker, and stuck it inside a PortableApps environ (https://portableapps.com/). That requires running their environ
manager (PortableApps Platform) to then run the portable-ized app.
Since the OpenCandy and toolbar were gleaned out of the portable
version, you could try using that, but then you don't need to install.
I don't know how a portable-ized app is going to add context menu
entries into File Explorer, like right-clicking on a file to see
Unlocker in the context menu. That level of integration requires installation (well, a registry edit) that portable apps are not supposed
to implement. Perhaps you have to run the portable-ized Unlocker app to
then use it to browse to the file you want to unlock, or delete on a
reboot (if you can't delete it within Windows).
The comparison table at his web site is just as old, so what
alternatives do or do not support compared to Unlocker is outdated.
Since LockHunter has done everything I asked of it, and replaced how I
used Unlocker, I have not since been motivated to look into other alternatives.
As a replacement to Unlocker, I moved to LockHunter.
https://lockhunter.com/
Even Piriform, at one time for one or two versions, had bundled
OpenCandy with their CCleaner product. There was a big stink, lots of
users were recommended to move to alternatives (e.g., Bleachbit), and it didn't take too long (a few months) before Piriform amended their bad behavior by removing OpenCandy from their installer. However, Piriform
got acquired by Avast who then implanted their ad campaign code into Ccleaner. Every 6 months, or so, CCleaner would popup some campaign to
sell something from Avast, like the payware version of CCleaner.
The
freeware version has no need for network connections, so I simply added outbound rules in the Windows Firewall to block CCleaner (ccleaner.exe, ccleaner64.exe, ccupdate.exe) from connecting out to Avast's ad server.
https://www.ghacks.net/2012/08/06/opencandy-explained-what-you-need-to-know-about-the-technology/
That's dated 2012, so ancient. Notice CCleaner was listed back then. Unlocker is also listed, but I'd have to check now to see if it still
bundled OpenCandy.
The article mentions trying the /nocandy command
line argument, but that only works if whomever wrote the installer
honored that argument. My recollection is that I downloaded the full installer (not a stub installer that connects to the Web), disconnected
from the network, and ran the installer (with the /nocandy arg) which circumvented getting stuck with OpenCandy. Plus, I always use a custom installed, if offered, and read each install screen. Many times on a
custom install, many components are listed that I don't recognize, and
have to research before I continue with the installation to know what it
all is to know what the hell they're pushing at me.
Some might be stuff
the author thinks is important to the function of their software, but
perhaps is bloatware as it is not needed in my setup.
I disconnect from the Internet during an install of anything polluted
with OpenCandy, because I don't want the install screens polluted with
ads which can mislead the user to make incorrect decisions. OpenCandy
is a nuisance mostly during the install. I'd rather just install the
program than bother with ads during its installation. As I recall, the
user was always prompted to whether or not to install anything of
OpenCandy. It wasn't a subvert install; however, possibly you had to
choose a custom install to see the choice.
I recall something of OpenCandy getting installed (copied) into the
%temp% folder; however, if you ever do disk cleanup, wiping the temp
folder should be part of the cleanup. If it installed elsewhere, should
be easy to find by looking for folders named OpenCandy, like using
voidtools' Everything to search. Same for searching the registry.
For Photoscape, I'd try adding the /nocandy command line arg to see if Defender stops detecting Photoscape as having a PUP (Probably Unwanted Program) or PUA (Probably Unwanted Application) payload. I see at:
https://en.wikipedia.org/wiki/OpenCandy
Photoscape is listed as OpenCandy infected, and links to:
https://photoscape.en.lo4d.com/virus-malware-tests
That was for Photoscape 3.7 tested back in 2014. Apparently that was
the last version of Photoscape according to:
https://en.wikipedia.org/wiki/PhotoScape
I take it that placing the installer .exe files in a folder, and then
adding an exclusion in Defender on those .exe files did not work.
When Defender detects a PUA (Probably Unwanted Applications, like an OpenCandy polluted installer, it doesn't give you choices?
https://learn.microsoft.com/en-us/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus#to-disable-pua-protection
That mentions using Powershell to run a command that disables PUA
protection in Defender. Not sure that is different than going to
Settings -> Update & Security -> Windows Security -> App & browser
control -> Reputation-based protection settings, and disabling
Potentially unwanted app blocking. Personally, I'd first try adding an exclusion to see if Defender ignores the polluted installer, and the
program runs without interferrence (or you get a prompt letting you
allow always), then delete the installers, or shove them into a .zip to
hide from Defender finding them again. If that didn't work, then you
might have to disable PUA protection in Defender, but that means never knowing when something else unknown or untrusted is foisting crapware on
your computer.
This isn't just Windows Defender protecting you against PUAs. Every reputable anti-malware product has PUA protection. Some will show
prompts asking if you want to block, allow once, or allow always, but
the result is adding an allow-exclusion as does Defender.
Alternatively, you can install 3rd-party anti-malware to perform scans,
and have it remove the crap. Just don't elect to run the real-time (on-access) scanner while Defender is running its on-access scanner.
You only want only one on-access AV scanner running at a time no matter
how many AVs you install to provide overlapped protection. For example,
you could install MalwareBytes AntiMalware (MBAM) as a second-opinion on-demand scanner (you choose to run a scan) to eradicate OpenCandy, if
it really did get installed (and not just show ads during the
installation which isn't possible without an Internet connection). Or, install a 3rd-party AV that usurps (replaces) Windows Defender if you
prefer a non-Microsoft solution with different behavior and features.
Valid AVs must register (in the registry) that they are replacements for Defender, but the major AVs should do that. If you want a simple AV, Bitdefender Free is good, but I found it slightly slowed disk I/O on my setup. I had Avast for a long time, but it was too ad-ridden. Avast
bought AVG, so using AVG means using Avast-ware. If you want some
comparison on coverage detection rates and false positives on AVs, you
can look at:
https://www.av-comparatives.org/consumer/
At one time, Defender was just an anti-spyware product, so its pest
coverage was low. Then Microsoft took their Endpoint client to rename
to Defender, so Defender became an enterprise-grade AV, and its ratings
went way up. No AV is absolutely perfect either in detection or in
behavior, and why some folks will install 2, or more, AVs to provide overlapped coverage; however, those AVs rated above 98% really won't
provide much additional detection when overlapped with another 98% AV.
Plus, you need to decide which *one* AV will have an active on-access
scanner running, and the other AVs are second-opinion on-demand scanners
that you manually run.
If you don't like Windows Defender, there are other good alternatives.
OpenCandy claimed "OpenCandy is technically not installed on a computer,
does not collect personally identifiable information and in most cases
allows the user to choose whether or not to install advertised software recommended by the vendor." Yet they will deposit files in a folder
named OpenCandy, and users reported entries added to their hosts file
that pointed to OpenCandy [sub]domains. They claim they don't install anything, yet they do leave behind a presence. OpenCandy was a means
for authors to monetize their software with ads during the installation,
but those won't appear without an Internet connection. Of course,
OpenCandy disclaims any responsibility for the content of the ads, like misleading users into clicking the wrong button in the installer which results in installed unwanted and unexpected other-party software. Donationware doesn't work, so authors wanted some means to get revenue
for their efforts.
John C. wrote:
"Some errors you might get that Unlocker Portable can help with include:
Cannot delete file: Access is denied.
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is
not currently in use."
I have indeed gotten those errors before. I'll give the portable
version a try.
Sometimes it is File Explorer that still has a handle on the file.
You
go into File Explorer, double-click a file, a handler might open the
file, you exit the handler, but File Explorer still has a hold on the
file. I have a shortcut named "Kill & Reload Explorer" in a Taskbar
toolbar that runs a batch file with the following commands:
@echo off
taskkill.exe /im explorer.exe /f
start explorer.exe
exit
It kills (forces) all instances of explorer.exe which is both the
desktop manager and file manager. The desktop will disappear when explorer.exe is killed. Then it starts a new instance of explorer.exe.
The new instance won't have a handle on the problematic file. If you
don't want to use the batch script, open a command prompt with admin privelges, open Task Manager, kill all explorer.exe instances, navigate
to the folder or file in the command prompt to use the 'del' command,
and use Task Manager's File menu to "Run new task" to load explorer.exe
again at which point the desktop reappears (but the systray may not get
all icons reloaded).
I use the kill-Explorer method as an initial check if I can delete the
file.
Except for the last condition noted above, Unlocker's action (and those
by similar tools) is to delete the file on a reboot of Windows. They
write an entry into the registry that has Windows delete, rename, or
move the specified file(s) before anything tries to access them. They
add to the PendingFileRenameOperations registry key that Windows looks
at during boot. You could edit the registry itself, but easier to let
the tools do the registry edit. You need to have the tool add the
registry entry, and then you have to reboot, so Windows will look at the registry entry on boot to perform what action was specified on the
file(s).
https://qtechbabble.wordpress.com/2020/06/26/use-pendingfilerenameoperations-registry-key-to-automatically-delete-a-file-on-reboot/
This feature has been available in Windows so long that I cannot tell
you when it first appeared. I thought it was available back in Win9x.
It provided a means to delete files that were inuse, like they had a
write lock on them by some process wanted to edit them. Installers use
this trick to replace system or driver files are are inuse when the
installer was ran.
You won't find the PendingFileRenameOperations registry key unless it
was added to perform the rename, move, or delete action on Windows boot. After Windows has commited the actions, it should delete this key. For example, normally this registry key is missing, but OneDrive just
performed an update in the background. It added several files to this
key to delete its update files, or the replaced files. If the registry
key doesn't disappear after a reboot, a service is already using the
file (the pending delete is too late in the boot process), or the
rename, move, or delete action failed.
Unlocker and similar tools aren't performing magic to act on locked
files. They're just using a feature already in Windows. It's easier to
let the tools manage the registry key than for you to edit the registry
while knowing what is the syntax for the files in the list. The
arguments in PendingFileRenameOperations will have a single line to
specify a file to delete (no destination is specified), or have a second
line specifying the destination (for a move or rename).
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 508 |
| Nodes: | 16 (3 / 13) |
| Uptime: | 226:00:53 |
| Calls: | 9,979 |
| Calls today: | 10 |
| Files: | 13,833 |
| Messages: | 6,359,322 |
