Hmm, one of my machines contained OpenCandy – Wikipedia as found by Malwarebytes (software) – Wikipedia:
Tracking back the installation, revealed it came with ImgBurn 2.5.8.0, which is now on my black-list.
In my case this was how to remove it:
rd /s /q %AppData%\OpenCandy
This is not universal; you might need to take additional measures like in [WayBack] How to Remove PUP.Optional.OpenCandy (Removal Guide).
I use this batch-file to get the most recent Malwarebytes and Chameleon:
:: redirects to something like wget https://data-cdn.mbamupdates.com/web/mb3-setup-consumer/mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
wget --content-disposition https://downloads.malwarebytes.com/file/mb3/
:: redirects to something like wget https://data-cdn.mbamupdates.com/web/mbam-chameleon-3.1.33.0.zip
wget --content-disposition https://downloads.malwarebytes.com/file/chameleon/
If you do not have wget on your system, then try this PowerShell alternative (which does not show progress) via [WayBack] Windows batch file file download from a URL – Stack Overflow
:: in case you do not have wget:
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://downloads.malwarebytes.com/file/mb3/', 'mb3.exe')"
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://downloads.malwarebytes.com/file/chameleon/', 'chameleon.exe')"
:: note these do not show progress!
:: https://stackoverflow.com/questions/4619088/windows-batch-file-file-download-from-a-url
Related: [WayBack] Jeroen Pluimers on Twitter: “What if the most recent @Malwarebytes on a Windows 8.1 x64 VM (all patches installed) on ESXi backed by NVME hangs for hours on one file with hardly any CPU usage? Screenshots of mbam.exe, mbamservice.exe and mbamtray.exe thread usage below.
–jeroen