Info about OpenCandy's lost folder and secret connections...

Advertisement

Ricardo
Donor
Ricardo avatar
Joined:
Posts:
107

Info about OpenCandy's lost folder and secret connections...

Here's just an extra information about the "OpenCandy" folder that stays in the system after installing WinSCP...

I just installed another program that comes with OpenCandy.
After installing, it also keeps the OpenCandy folder with a DLL and a TXT file inside.

The text file is named "OpenCandy_Why_Is_This_Here.txt"

This is what it says:

What is this folder, its contents, and why is it here?

This (OpenCandy) folder, the OCSetupHlp.dll file and this text file are
here because the software publisher whose application you installed is
part of the OpenCandy network.

The OpenCandy network enables software publishers to recommend other
software or services they believe you may find valuable. The
recommendation occurs during installation of the publisher’s software.

The OCSetupHlp.dll provides the following functionality:

* Provides the ability to show recommendations during installation of the
publisher's software.

* Launches the OpenCandy download manager if you accept a recommendation,
in order to download the recommended software's installer.

* Enables us to provide publishers with AGGREGATE ANONYMOUS statistics
such as number of initiated installs, completed installs, uninstalls
(optional), country and language, and how their recommendations are
performing (based on whether they are accepted or declined). This
information helps publishers understand and improve their installation
process and experience.

The OCSetupHlp.dll file does not have any standalone functionality (it
only runs during installation and uninstallation of the publisher's
installer it was integrated with).

OpenCandy DOES NOT collect or store any personally identifiable
information. Our privacy policy is located here:
<dead link removed>

If you wish, you can delete the OpenCandy folder and its contents at any
time. Or, if you decide to uninstall the application that included it,
this folder and its contents will be removed during the uninstallation
process.

If you want to find out how OpenCandy is working to revitalize and spur
innovation in the software community please visit our website at
<dead link removed>. If you have any questions, please don’t hesitate
to contact us <dead link removed>

Thank you.

- The OpenCandy team
Last edited by Ricardo on 2009-08-04 05:42; edited 1 time in total

Reply with quote

Advertisement

Ricardo
Donor
Ricardo avatar
Joined:
Posts:
107

About the unhappy program I installed...

The program I installed was the open-source MediaCoder...
[For people reading this, I suggest not installing it. Use this as an alert!]

Soon after installing, I noticed that when the main program (mediacoder.exe) is executed it makes some external connections...
After some investigations, I found it open connections from 'System Process' to some strange hosts like 220-94.hostmonster.com, 185-131.amazon.com, some from Google and some numeric IPs.

Every time mediacoder.exe is launched, it opens Internet Explorer and a localhost page with links to different localhost ports. Looking at that, we can be sure it creates a local web server, used to connect to external hosts without the user's knowledge. That web server is possibly created using the MiniWeb thing the installer automatically installs.

It binds itself to system processes like svchost.exe, but uses mainly Internet Explorer to connect to those hosts.
Also intriguing is that just after launching the installer, it opens connections to amazon.com hosts [You don't need to do anything for that to happen]. And also to the fact I didn't choose to install the OpenCandy spyware during the installation.
Last edited by Ricardo on 2009-08-07 00:37; edited 1 time in total

Reply with quote

Ricardo
Donor
Ricardo avatar
Joined:
Posts:
107

WinSCP time...

The installer for WinSCP 4.2.2 is also opening connections when started...
> 185-195.amazon.com:80
> 67.192.173.235:80
Installers of prior versions don't do that.

I think a good thing for Prikryl to do is remove OpenCandy from the package.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: WinSCP time...

Ricardo wrote:

The installer for WinSCP 4.2.2 is also opening connections when started...
> 185-195.amazon.com:80
> 67.192.173.235:80
Installers of prior versions don't do that.
It connects to the latter to choose advertisement and to the first to download it. I have added this information to the documentation.

Reply with quote

Advertisement

You can post new topics in this forum