Author Topic: System Update kb70007 URGENT HELP!!  (Read 4261 times)

0 Members and 1 Guest are viewing this topic.

drmusic

  • Guest
System Update kb70007 URGENT HELP!!
« on: May 21, 2014, 11:26:21 PM »
Hello, i seem to have a terrible malware that i picked up downloading torrents (never again)
please help me fix this!!
i get add popping all over when in chrome, new tabs get opened on chrome saying that my laptop is in danger that it has a virus and even makes a sound!!,
not only that it also revs my laptop so much that it gets hot and sounds very loud!! (normally it does that when im doing something memory consuming)

my antivirus goes thru and detects ZERO, i downloaded malwarebytes, hitmanpro, adwcleaner
and the problem still persists. i think i found the corrupted folder on C:/program files/MSR cause i didnt
have this folder before and inside it there is a program called PIVOXY, and i got confirmation that this is
definitely malware cause it DOESNT let me delete it, it says that the program is open and wont let me do it,
i started the laptop on SAFEMODE and delete it, but when i switched it back to run normally it messed up my chrome
connection (as other post i saw) enabling my browser on "proxy" so it will not connect online (and had to manually go myself uncheck the proxy option on google configuration in order to get online)

i also downloaded RevoUNInstaller and it shows the NASTY System Update kb70007 which i think is linked with the
MSR folder, tried to delete it with this program but this virus is resistant!!! my question are these:

with Revo Unistaller i tracked the registry on windows folder of SYSTEM UPDATE KB70007, can i delete this folder??
im afraid that if i delete it i will mess up my laptop.
please help me what do i do with this malware.
thanks a lot in advance and GOD BLESS.

 ;) :)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: System Update kb70007 URGENT HELP!!
« Reply #1 on: May 21, 2014, 11:32:06 PM »
attach OTL diagnostic log.    http://forum.avast.com/index.php?topic=53253.0

since it is midnight in europe now you may not recive any reply from log experts before tomorrow


drmusic

  • Guest
Re: System Update kb70007 URGENT HELP!!
« Reply #2 on: May 22, 2014, 03:13:39 AM »
First of ALL, thanks for replying, you have no idea how desperate i was.

FINALLY I GOT THIS strong malware out of my system, and im going to explain step by step for other users like me.
ive been always a little geek in computer stuff and this saved me. im going to tell MY EXPERIENCE, i am NO EXPERT, but i think that from my experience i can help others, please professionals of the forum correct me if any of the steps were wrong to do, i cannot garantee this will work, but it did FOR ME:

its a HELL of a malware/virus let me tell you, i AM NEVER GOING TO download torrents again, what a risk!!

the virus name is System Update kb70007 and you can know you have it by looking at your installed programs, or in my case
it didnt show up and i FOUND OUT i had it by downloading RevoUninstaller and this program (kb70007) showed up which it DIDNT in control panel.
so i came to the conclusion this was the corrupted file, and i tried to uninstall it with RevoUninstaller and the freakin virus wouldnt be uninstalled.

HOW TO GET RID OF IT:
What is the virus?


The virus is actually two different programs.

First, the virus reroutes your IP to a server using privoxy (which is actually a legitimate program for using vpns) so it doesn't get picked up by malware scanners after it has installed itself. This server will inject ads into all of your internet browsers.

The second program runs in the background as a fake windows update process that constantly scans your browser's default proxy settings. It will change your proxy settings to coincide with the privoxy configuration.

TO DELETE IT:
do these steps carefully and read them well

1. FIRST we need to get the virus OUT, then we can go with deleting privoxy, so you are going to delete the virus in SAFE MODE
and before going on SAFE MODE TURN OFF the internet.
2. in SAFE MODE go to MY Pc and then on the upper blank part where "MY PC" is and type this: C:\Windows\Microsoft
this is the directory where the VIRUS is located, then this folder will contain files or folders that say kb70007 in it. The folder should not exist at all. Delete the contents of the folder. Now be careful because c:\windows\microsoft.net SHOULD exist and is needed to run many programs. Don't get them mixed up. Deleting this folder should stop your proxy settings in your browsers from being changed over and over again.

3. after you delete the virus go to CONTROL PANEL and delete pivoxy, if you are not able to do so (like in my case) i went down to C:/program files/MSR/Privoxy and deleted it myself (the folder)

4. GO TO your recycle bin and make sure these bugs are KILLED by deleting everything the recycle bin has (or can do it so with the next step with ccleaner)
i did this and then ran ccleaner, just to make sure.

5. STILL ON SAFE MODE run CCleaner, clean the registry and clean the PC
6. I also ran HITMAN after this.

then i restarted my laptop and VOILA it was gone!! (all this took me half a day) but finally got through with this.

this is another post that helped me and i got most of the info out of it: http://www.overclock.net/t/1490256/raising-awareness-about-the-kb70007-privoxy-port-8118-ip-address-127-0-0-1-virus-that-is-going-around
« Last Edit: May 22, 2014, 04:38:53 PM by drmusic »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: System Update kb70007 URGENT HELP!!
« Reply #3 on: May 22, 2014, 03:37:13 AM »
Hi drmusic

Can you tell me the exact torrent file you have download that got you infected?
Can you post here the link (note! brake the link [ aka. from http: enter the hxxp] and create some the red warning). When I download the file you can edit the post and delete the link...


I am trying to catche the live droper file (malware file that install active malware on board) and that info would help. The file from posted forum doesn't want to execute.

Thanks.

drmusic

  • Guest
Re: System Update kb70007 URGENT HELP!!
« Reply #4 on: May 22, 2014, 04:36:49 PM »
hi magna86
the torrent link is: hxxp://thepiratebay.se/torrent/10137048 (DONT DOWNLOAD THIS, DONT GO HERE, MALWARE ALERT)

i know i probably did something wrong (like pressing next without reading carefully) cause i
immediately saw that like 2 or 3 programs got installed after i did this.
bottom of line im not even going to try to download torrents again.
good day and hope you find the link useful.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: System Update kb70007 URGENT HELP!!
« Reply #5 on: May 22, 2014, 07:20:46 PM »
Hi drmusic and thanks for posting. Unfortunately, that torrent file is legit. yup, I sad that  ;D

In that torrent package there is no any executable file, only videos.

Even the bundled offer software named as StartDownload.exe (it is instalation for DownLite) is legit per se. I can't find the malware there.
« Last Edit: May 22, 2014, 07:23:53 PM by magna86 »

drmusic

  • Guest
Re: System Update kb70007 URGENT HELP!!
« Reply #6 on: May 22, 2014, 10:57:24 PM »
i did this as follows:
CLICKED on "get this torrent" which redirected me to other page, there i pressed next and next
or something like that, like i mentioned i think it was my mistake not reading while i was pressing "next".
Notice that when it redirects you to the page it asks you to continue the installation + some program to be
installed (im thinking this was my mistake)
it really was my first time with torrents, so i didnt quite knew where to click on, i think i tried "get this torrent"
and tried like 3 other things on there to get the file (which i wanted so bad) and one of them was my terrible situation
from yesterday. but is sure is there somewhere.

after this all my problems began so im sure that this thing was where it all came from.