Win32 CandyOpen

Win32 CandyOpen

Win32 CandyOpen is a software component that possesses many traits that are typical for an adware app – it can spam the browser with ads. Win32 CandyOpen normally gets installed without the user knowing it and it may try to open new pages and tabs during browsing sessions.


The Win32 CandyOpen Virus

However, as we have just mentioned, in many cases the users who get Win32 CandyOpen on their computers do not realize it until the ads start to show on their screen. This is because the majority of adware apps tend to get distributed as additional components bundled with other programs that are more desirable. This is called file bundling and is a very popular method of distributing potentially unwanted software such as adware. The key to avoiding this is to always have a look at the Advanced setup options for any program installer. As far as the removal of adware apps like Win32 CandyOpen or PUA InstallCore is concerned, the following guide will give you instructions on how you can uninstall the invasive adware application.

The Win32 CandyOpen Virus

All in all, the Win32 CandyOpen virus is a pretty irritating piece of software that we wouldn’t recommend installing on your computer. If you are struggling with an annoying issue with your browser where your screen is constantly getting bombarded with invasive advertisements most probably the Win32 CandyOpen virus application installed in your browser that’s responsible for all the intrusiveness.

The purpose of adware apps is just that – to show you different ads, banners, pop-up messages, to redirect you to different pages and so on and so forth as means of making money for their creators. The effects of adware can be experienced in any browser – Chrome, Firefox, Edge, Opera. Even Safari users on Mac machines oftentimes complain about the presence of some weird add-on like app inside the browser that is spamming the screen with obnoxious and highly irritating ads.

Some protection tips

Every computer user needs to be well aware of the fact that many ads throughout the Internet may be unsafe and may represent potential security hazards for their computers’ safety. The same could be said about the commercial materials that Win32 CandyOpen may show on your screen. In itself, Win32 CandyOpen is not a software intended to cause harm. Unlike a Trojan or a Ransomware or some other nasty malware program, this adware is probably not going to attempt to carry out some malicious activity in your system. However, if you wish to protect your computer and prevent it from getting exposed to Trojans, Ransomware Rootkits, Worms and other similar dangerous programs, we advise you to minimize your interaction with the ads that you are likely to see getting spammed on your screen while the adware is still active. Obviously, the best course of action in this case would be to uninstall the adware and that is why we once again need to remind you to make use of the guide that is present on this page and with its help remove the undesirable software app that has been bothering you lately.


Name Win32 CandyOpen
Type  Adware
Detection Tool

Remove Win32 CandyOpen Virus

The easiest method of removing Adware is to delete the adware extension from the affected browser. In some cases of adware infections, there isn’t an Adware extension in the browser and then you’d need to go through other steps to rid your PC of the unwanted software. However, if you see an Adware extension in the browser and delete it like you would delete any other browser extension, this may be all that it takes to resolve your problem with the undesirable app so we suggest you try this first and go to the more complex and time-consuming steps from this guide if removing the Adware extension doesn’t work for you.

  1. The first thing you will have to do is open the browser that has had Adware added to it and go to its Extensions page. This is done differently for different browsers but you’d usually need to select the browser menu and click on the Extensions option. For Chrome, you must select More Tools and then you will see the Extensions option from the sub-menu.
  2. Once you enter the Extensions page of the browser, you must find  the one that carries the name of the Adware. In the current case, you must look for a Win32 CandyOpen extension. However, it is possible that the Adware extension is present there under a different name, in which case you must look for extension items you do not normally use and/or that seem to have been automatically added to the browser without your permission.
  3. Once you find the extension that you think is behind the disturbances you have been experiencing in your browser, select the Remove button next to it to remove it. If this doesn’t remove the extension or if the latter gets re-added to the browser immediately after its removal, disable the extension (click on the toggle button under the extension if you are using Chrome) and then quickly select Remove again.
    Suspicious Extension Chrome
  4. If other browsers on the computer have been affected by Win32 CandyOpen, complete Steps 1 – 3 for them too.

In some instances when there isn’t an Adware extension in the browser, it is possible that the ads you are facing are coming directly from the Adware’s site in the form of unwanted notifications that you have unknowingly permitted without realizing so here is one other thing you can try in order to clean your browser from Adware without the need to perform any of the more complex steps:

  1. Open the browser’s Settings (Browser Menu – Settings) and type Permissions in the search field at the top.
  2. From the found results, look for a category of settings labeled Notifications or something similar and click on it.
    Opera Notifications3
  3. In the Notification settings window, you must scroll down to see what sites are permitted to show notifications in the browser. If there are sites in that list that you don’t want to show notifications in your browser, select the settings icon next to each site (a three-dot icon on Chrome) and click on Block. If you don’t want any site to be able to show you notifications, do this with all of them.
    Opera Notifications
    Opera Notifications2
  4. Next, if you want, you can prevent any site from asking for permission to show notifications in the browser by scrolling back up to the top of the Notifications settings and disabling the Sites can ask to send notifications option (which is something we advise you to do). If you don’t do this, then at least be careful when a certain site asks for your permission to display notifications in the browser and be sure to select the Block option unless, of course, you do want notifications from that site.
    Opera Notifications4

If you weren’t allowed to complete any of the above mentioned steps or if even after completing them the problem with the Adware continued, you should continue with this guide and complete the following instructions.


It is strongly recommended that you troubleshoot this software problem with Safe Mode enabled on your PC which could help with the removal process of the Adware. To learn how to start your PC in Safe Mode, you can use this instructional guide.


Go to your PC’s Task Manager using the Ctrl + Shift + Esc key combination and find the Adware process in the Processes tab. If you don’t see a process with the Win32 CandyOpen name, then look for other entries that seem to be related to an unfamiliar app or program and/or that are using significant amounts of Processor time and RAM memory. In some cases, an OS process may look suspicious and have high resource expenditure so you should also look up the names of the processes you suspect of being linked to the Adware so that you can be sure that they are not actually linked to your OS.


If you find the Win32 CandyOpen process or single out another one that looks mistrustful, right-click on it and choose Open File Location. The files from that folder need to be scanned for malware code and we offer you our free online scanner posted below for the scanning of the suspicious files. 

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Once you are done with the scans and if any of the files was flagged as malware, go to the suspicious process in the Task Manager and quit it by clicking on it and then selecting the End Process button.


    For this next step, go to Control Panel > Programs > Programs and Features and see if you can find Win32 CandyOpen in the list of programs. If you see it in there, select it and click on Uninstall at the top, then follow the prompts from the uninstallation wizard to complete the removal process. If you didn’t find Win32 CandyOpen in there, look for and uninstall other items that could be related to the Adware. Ones that have been installed recently and/or without your knowledge are most likely to be behind the browsing problems that you have been having lately.

    Uninstall A Program

    In case during the installation you see a screen similar to the one from this next image, click on the NO option. If you click on yes, more malware/adware will probably get installed on your PC. In general, be sure to read everything carefully during each step of the uninstallation so that you don’t accidentally allow the installation of more unwanted software.



    Next, go to System Configuration (you can search for it in the Start Menu) and disable all items from the Startup tab that could be linked to the Adware as well as the ones you don’t recognize and/or that have “Unknown” listed in the Manufacturer column.


    Click on Apple + OK/ OK to save the changes and close the System Configuration window and then type this in the Start Menu search bar: notepad %windir%/system32/Drivers/etc/hosts. Select the notepad file that gets found and see if there is any text written below “Localhost“. If there are any sketchy-looking IPs written there, send them to use in the comments down below. IPs present below Localhost could mean that the Hosts file has been hacked by mawlare/adware but we must first have a look at the specific IPs to be able to tell you for sure.

    hosts_opt (1)

    If in our reply to your comment we tell you the IPs are likely from the Adware, you must delete them from the Hosts file and Save the file afterwards.


    Next, search for Network Connections in the Start Menu, open the first result, right-click on the network that is currently in use, and go to Properties. From the Properties Window, select Internet Protocol Version 4 (ICP/IP) and then click on the Properties button. Look at the Obtain DNS server automatically option and if it is disabled, enable it and then select Advanced. In the next section, remove all addresses from the DNS server addresses list and finally click Ok on all open windows to save the changes that you have just made.



    For this final step, use the Start Menu again to search for the Registry Editor by typing regedit and clicking on the regedit.exe icon. You will be required to provide Admin permission for the app to make system changes so do that by clicking on Yes. Now you are in the Registry Editor – there are many sensitive settings related to the OS in here and you will have to delete certain items so be very careful with what you delete and if you are not sure if a certain item must be removed, we suggest that you first consult us through the comments down below.

    Press the Ctrl + F keys to open the search box for the Registry and type the name of the Adware in it. Click on Find Next to search for items that contain the name of the Adware and if anything shows up, select it, press the Del key, and click on yes to confirm the deletion. The select Find Next again from the search box and delete the next item. Rinse and repeat until there are no more items in the Registry with the Win32 CandyOpen name.

    Next, find these directories in the Registry:

    • HKEY_CURRENT_USER/Software/
    • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/
    • HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main/

    In them, you must look for folders with odd, unusual names – ones that are long and consist of random series of characters (letters and numbers). If you see anything that matches this description or anything else you consider suspicious or potentially related to the Adware, delete it. If you are not certain, again, contact us through the comments for advice so that you don’t end up deleting something that you are not supposed to.

    Final Notes

    Following the guidelines from this article should typically be enough to rid you of Win32 CandyOpen but in case you still have the Adware after having complete the guide, we suggest you try out the powerful removal tool we have shared throughout this post and use it to delete the unwanted software from your PC. If you have any questions related to the topic of this article and its guide, we will be glad to answer them down below in our comments section.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1