You might be thinking right now that this is a Windows Update not a virus?
Are you thinking right now, should I trust any Microsoft Windows Updates?
The answer is that this virus is not a Windows Update at all and its camouflaged to look like one. You will not receive this in Windows Update Section but rather in an Alternate installer were it asks you to install extra things like Search Conduit, Dolphin, and pretty much any Alternate Search Engines. Next time you're using Softpedia Installer, CNET Installer or TrustedInstaller, make sure to unchecked and decline any of the Ads!
- Changes your Proxy Port Settings, even after you change it, over and over again. This can cause connection issues to the Internet.
- Ad-ware: Makes a great amount of ads pop up on your browser.
- The rest is unknown.
Virus Found 5/25/14 - The Virus is Undetected by ALL Anti-Viruses. Why? Because of the way it camouflages itself in Windows (System Update KB70007). I have submitted a report to the Norton Community & Panda Cloud Anti-virus , so the virus can be detected in the newest updates of the Anti-Viruses databases.
If an Anti-Virus can't detect it as of right now, is there any way to delete it and protect your-self?!
Yes, by manually deleting it and disabling its processes/services. The instructions are listed below. Please READ CAREFULLY!
To remove the virus:
First, unplug your computer from the Internet. I'm not really sure what information this virus sends out, but you are better off getting off-line ASAP. Next, open the task manager (ctrl + alt + delete and click open task manager). End all variations of Microsoft or windows update/updater. I had several processes. If you have difficulty keeping them stopped, disable the services in the msconfig menu by hitting windows and typing msconfig (or run then type in msconfig.exe). Go to the service menu and disable all update services for the time being and any that have KB70007 in the name.
Next, navigate to C:\windows\Microsoft . This folder will contain files that say KB70007 in it. The folder should not exist at all. Delete the contents of the folder. Now be careful because C:\windows\Microsoft.NET SHOULD exist and is needed to run many programs. Don't get them mixed up. Deleting this folder should stop your proxy settings in your browsers from being changed over and over again.
The next step is to remove Privoxy. If you use Privoxy for something else, just re-download it later. To find where the Privoxy installation is (mine was in a really random directory), go to the task manager and find the Privoxy process that is running. It will just be privoxy.exe. Right click and hit open location. Stop the process and delete this folder. This will stop the actual rerouting of your Internet.
Now, all of your browsers will be trying to re-route to privoxy for a proxy server that no longer exists. Steam, origin, and all Internet browsers will not work. In order to fix this, run Internet explorer with administrative privileges. Go to settings: Internet options: connections: LAN settings. Delete all of the information under proxy server and unchecked the box for using a proxy server. This will fix steam, origin, and Internet explorer.
To fix Firefox, go to menu: options: advanced: connection settings: delete everything under proxy configuration and check the box that says no proxy connection.
I believe Google chrome should resolve itself when you fix Internet explorer (it uses Internet explorer's proxy settings).
Finally, I would run an anti-virus scan along with Panda Cloud Anti-virus or something along those lines just to clean up anything else lurking around.
Thank you, just trying to raise awareness to this undetected virus and I read reports about this virus happening to people without a correct solution, be careful of what you download, and don't use risky installers.
Best Regards `tyler1118
Edited by tyler1118, 04 June 2014 - 06:10 PM.