Remove Helper. Uninstall PUA.OpenCandy (Update 2019)

Remove Helper. Uninstall PUA.OpenCandy

Savefrom also known as is a website that promotes the helper application compatible with widely-used browsers. The application is designed to download videos directly from Youtube, Vimeo, and similar pages. It is can be indeed useful to many users who wish to watch their favorite videos at any time. However, the developers of the program have chosen to use OpenCandy – an advertising network that may have a reputation because of its third party applications module. As you probably suspect, the reason for the collaboration between any developers and OpenCandy is monetary. Continue reading to learn more.

Threat Summary
TypePUP, browser add-on
Short DescriptionThe application provides useful services but may have dubious third party affiliates policy.
SymptomsThe user’s homepage can be changed, multiple files and registry entries can be added to the system.
Distribution MethodBundling, its official page, other freeware pages.
Detection Tool See If Your System Has Been Affected by


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss (OpenCandy) – Update December 2018

There’s new information about and its related add-ons. One particular toolbar has been associated with the name YouTube Downloader. Similar to most fake

YouTube Downloaders, the SaveFrom download app advertises usefulness and easy access:

In reality however, the program shows different types of advertisements and may slow down your PC, plus it may redirect you to dangerous sites which may be either scam- or malware-infested. (OpenCandy) – Update October 2018

The potentially unwanted application (PUA) OpenCandy is continuing to spread with Helper and similar software. It is October, 2018 and it seems that both applications are still in collaboration and are working together to plague users with advertisements. The screenshot displayed below is from the website:

As you can see, there are pop-ups appearing on the site itself, even before trying to download the helper application. The ads seem to detect your country or general region and display ads in your language in order to reel you in deeper. Be careful around that site and everything connected to the applications. You can read more about them in this article. (OpenCandy) – Update November 2017

Systems affected by SaveFrom have decreased in number, but the app itself has been developed to display new forms of advertisements. Multiple different changes have been made to the website of this unwanted application and a Facebook page of it has also been created.


What is OpenCandy?

Because of its description and offers, OpenCandy has been analyzed by several anti-virus programs. This is the description given by Sophos:

→OpenCandy is an advertising software module consisting of a Microsoft Windows library that can be incorporated in a Windows Installer. When a user installs an application that includes the OpenCandy library, it presents offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Is Safe to Use?

Due to the application’s appealing description, many users have decided to download it. Some users may have chosen to use it continuously while others have opted to uninstall it.

One user has shared his concerns regarding a mandatory update issued by the company in April 2014. This is what he has written in a forum post in Yahoo Answers:

→In April 2014,, a video-download browser extension, issued a mandatory update. (If you refuse the update, the helper is disabled within your browser). That update seeks far more permissions to track your Internet browsing activities, including the sites you visit even when you are not using the video-download app. (To urge use of their browser helper, the use of their web-site to download without an app is restricted).

A question that can immediately arise from what is stated above is why the company has adopted that kind of policy. The most obvious reason is the most simple one – to monetize collected user information such as:

  • Surfing habits
  • Website preferences
  • Browsing History

No one is really surprised by the fact that third party companies in various sectors work together for profit reasons. In the field of unwanted software and bundling, developers and advertisers tend to collaborate quite often. Data obtained from the software users is often sold to online advertising agencies to display targeted advertisements.

How to Remove Savefrom ( from My PC?

Even though you may find the application handy and user-friendly, you may want to consider uninstalling it.

This is a screenshot of the app’s installer:

When we downloaded it, the installer had the Opera browser as a recommended option. However, a PUP could have been in its place.

Furthermore, due to the developers’ collaboration with OpenCandy, any third party product can end up in your system:

Security researchers have compiled a list of the files the OpenCandy installer can drop on the system. This is just a small extraction of the files:

    C:\Program Files\CDBurnerXP\cdbxpcmd.exe.config

    C:\Documents and Settings\test user\Local Settings\Temp\is-8JG3T.tmp\sample.tmp

    C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk

    C:\Program Files\CDBurnerXP\zh-CHS\cdbxpp.resources.dll

    C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk

    C:\Program Files\CDBurnerXP\Resources\audio_cover.jpg

    C:\Program Files\CDBurnerXP\Interop.RocketDivision.StarBurnX.dll

    C:\Program Files\CDBurnerXP\bass.dll

    C:\Program Files\CDBurnerXP\StarBurnX12.dll

    C:\Program Files\CDBurnerXP\es-MX\cdbxpp.resources.dll

Additionally, new registry keys are also created such as:


Since Helper may have been accompanied by a troublesome PUP or PUPs (potentially unwanted programs), running a full system scan to clean the system is often advisory.

If you are an expert user, you can refer to the removal steps below the article.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share