Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


VIRUS: System Update KB70007 (False Positive)

  • Please log in to reply
2 replies to this topic

#1 tyler1118


  • Members
  • 2 posts
  • Local time:02:06 PM

Posted 04 June 2014 - 05:06 PM

You might be thinking right now that this is a Windows Update not a virus?
Are you thinking right now, should I trust any Microsoft Windows Updates?
The answer is that this virus is not a Windows Update at all and its camouflaged to look like one. You will not receive this in Windows Update Section but rather in an Alternate installer were it asks you to install extra things like Search Conduit, Dolphin, and pretty much any Alternate Search Engines. Next time you're using Softpedia Installer, CNET Installer or TrustedInstaller, make sure to unchecked and decline any of the Ads!
Symptoms - 
  1. Changes your Proxy Port Settings, even after you change it, over and over again. This can cause connection issues to the Internet.
  2. Ad-ware: Makes a great amount of ads pop up on your browser.
  3. The rest is unknown.
Virus Found 5/25/14 - The Virus is Undetected by ALL Anti-Viruses. Why? Because of the way it camouflages itself in Windows (System Update KB70007). I have submitted a report to the Norton Community & Panda Cloud Anti-virus , so the virus can be detected in the newest updates of the Anti-Viruses databases.
If an Anti-Virus can't detect it as of right now, is there any way to delete it and protect your-self?!
Yes, by manually deleting it and disabling its processes/services. The instructions are listed below. Please READ CAREFULLY!
To remove the virus:
First, unplug your computer from the Internet. I'm not really sure what information this virus sends out, but you are better off getting off-line ASAP. Next, open the task manager (ctrl + alt + delete and click open task manager). End all variations of Microsoft or windows update/updater. I had several processes. If you have difficulty keeping them stopped, disable the services in the msconfig menu by hitting windows and typing msconfig (or run then type in msconfig.exe). Go to the service menu and disable all update services for the time being and any that have KB70007 in the name.
Next, navigate to C:\windows\Microsoft . This folder will contain files that say KB70007 in it. The folder should not exist at all. Delete the contents of the folder. Now be careful because C:\windows\Microsoft.NET SHOULD exist and is needed to run many programs. Don't get them mixed up. Deleting this folder should stop your proxy settings in your browsers from being changed over and over again.
The next step is to remove Privoxy. If you use Privoxy for something else, just re-download it later. To find where the Privoxy installation is (mine was in a really random directory), go to the task manager and find the Privoxy process that is running. It will just be privoxy.exe. Right click and hit open location. Stop the process and delete this folder. This will stop the actual rerouting of your Internet.
Now, all of your browsers will be trying to re-route to privoxy for a proxy server that no longer exists. Steam, origin, and all Internet browsers will not work. In order to fix this, run Internet explorer with administrative privileges. Go to settings: Internet options: connections: LAN settings. Delete all of the information under proxy server and unchecked the box for using a proxy server. This will fix steam, origin, and Internet explorer.
To fix Firefox, go to menu: options: advanced: connection settings: delete everything under proxy configuration and check the box that says no proxy connection.
I believe Google chrome should resolve itself when you fix Internet explorer (it uses Internet explorer's proxy settings).
Finally, I would run an anti-virus scan along with Panda Cloud Anti-virus or something along those lines just to clean up anything else lurking around.
Thank you, just trying to raise awareness to this undetected virus and I read reports about this virus happening to people without a correct solution, be careful of what you download, and don't use risky installers.
Best Regards `tyler1118

Edited by tyler1118, 04 June 2014 - 06:10 PM.

BC AdBot (Login to Remove)


#2 tyler1118

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:06 PM

Posted 04 June 2014 - 06:30 PM

One last request: Can you stick this thread, to raise awareness around our communities, thank you.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,773 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 06 June 2014 - 07:20 PM

System Update kb70007 is a Potentially Unwanted Program, not a virus.

Anti-virus programs general scan for infectious malware which includes viruses, Trojans, worms, rootkits and bots. Potentially Unwanted Programs (PUPs), Potentially Unwanted Applications (PUAs) and Potentially Unsafe Applications do not fall into any of those categories and that is the primary reason some anti-virus programs do not detect or remove them.

A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. That fact adds to confusion and a lot of complaints from end users asking why a detection was not made on a particular file (program) they are having issues with.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

BTW, there is a removal guide here.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users