Jump to content

Possible False Positives? Reboot.exe and Open Candy: PUPs


Recommended Posts



I have not installed anything since my last scan with Malware AntiBytes


I find the folllowing four entries listed as PUPs in this morning scan:


C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken


C:\Documents and Settings\(User Name) \Application Data\OpenCandy\OpenCandy_E943DCC5F2984B908E1C481EE1D4C7BC\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.


C:\Documents and Settings\(User Name)\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.

C:\Documents and Settings\(User Name)\Application Data\OpenCandy\OpenCandy_E943DCC5F2984B908E1C481EE1D4C7BC\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.


I dont know what this reboot.exe is . Nor do I know what Open Cany program is and what it does.


My complete scan with Avira Antivirus doesnt show these.


Any idea what these are?


Is there  a way I can quarantine these files /folders until this is clarified?


I'm using the free version of Malwarebytes with latest update.


Thanks in advance:





Windows XP Pro SP3

Avira Antivirus Premium

Link to post
Share on other sites

I ran a quick scan, saved the Log.     Copied and pasted as followes:


Malwarebytes Anti-Malware

Database version: v2013.09.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: XPS [administrator]

9/4/2013 2:36:35 PM
MBAM-log-2013-09-04 (14-47-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242711
Time elapsed: 11 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\David\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\David\AppData\Roaming\OpenCandy\4DA5A89ACC374C0386A37B3490F60DF8 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\David\AppData\Roaming\OpenCandy\OpenCandy_4DA5A89ACC374C0386A37B3490F60DF8 (PUP.Optional.OpenCandy) -> No action taken.

Files Detected: 0
(No malicious items detected)


Link to post
Share on other sites

  • Staff



I do not see any OpenCandy references on your desktop though.

Malwarebytes detects the following folder: C:\Users\David\AppData\Roaming\OpenCandy

So if mbam has problems with removing, try to remove the OpenCandy folder manually from there.

If you can't find this OpenCandy folder (since by default the appdata\roaming directory is hidden in windows), please see here how to reveal them:


If you're still having problems to remove this OpenCandy folder, try to remove it from Windows safe mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

Link to post
Share on other sites

  • 9 months later...


Please reference: Please read before reporting a false positive
Post #2


If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

If you want to submit a possible False Positive please start your own topic following the guidance in the above referenced URL.
If you need support on the product, please post in; Malwarebytes Anti-Malware Help
If you need help removing malware, please seek assistance in; Malware Removal Help

Thank you for understanding.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.