Jump to content

Adware: win32/opencandy and a Trojan


Recommended Posts

Computer was freezing up after a few hours. I tried to run Malwarebytes but was unable, showed many infections then freeze.

A blue screen first showed KERNAL_DATA_INPAGE_ERROR



Technical Information:

***STOP: 0X000000 7A(oxE1E4F6c8,OXC00000B5,oxBF8D470,OX5976F860)

***win32k.sys - Address BF8D0470 baseat BF800000,DateStamp 521ea476



I then ran Microsoft security scanner which found the Adware: win32/opencandy and was partially removed.



I tried Malwarebytes again it froze and got blue screen again showing PROCESS1_INITALIZATION FAILED


Technical Information:

*STOP: 0X00000002, OX00000000, 0X00000000


I tried malwarebytes chameleon it show many infections and a trojan. When I clicked on 'remove' computer froze and wouldn't let them be removed. 


Tried again but froze again.

When computer was turned back on get this blue screen:



Technical information

*STOP: 0X000000, (0X00000001, 0X00000000, 0X00000000, 0XBA4F7D24

Link to post
Share on other sites

Hello cecejo and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.


Link to post
Share on other sites

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Never moved past stage 1 of 3. Going to try the repair windows xp next.


In the mean time I wanted to ask if my external hard drive from the infected pc would be alright to attach here on the Toshiba Satellite laptop as I need files stored there. I just worry that it may infect this laptop. Malwarebytes showed it to have the win32 open candy and partially removed it.  The trojan was on C: of the infected Dell.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.