My Avast! detect my C:\WINDOWS\system32\drivers\tcpip.sys is threat : Win32:Malware-gen, it suggested me to delete it. Now, I can not connect the Internet. What should I do?
Sorry to say this, but a Windows system file should never be deleted, even if Avast! says it is infected. Reason is, you cannot recover a deleted file of any kind, including a Windows file, once Avast! is told to delete it.
Options presented on detection and end of scan are four: Quarantine, Repair, Delete, Ignore. With a system file, best option is to use Ignore. With any other file, best option is to quarantine in case of a false positive report. Repair does not work at times because the file detected may not be actually be a virus, but a worm or Trojan. In the latter two cases, the entire file is the malicious agent; so there is nothing to repair, and Avast! Repair will fail.
Your options are always to be able to come here for expert assistance in such a case as this one. essexboy knows how to fix a real infected Windows system file without damaging your system; unfortunately, this C:\WINDOWS\system32\drivers\tcpip.sys file was deleted. He can still help you, tho.
I have the same problem on different PC in different companies, with windows xp installed. I think the reason of this situation is patched tspip.sys. By default tcpip.sys have 10 connections and with help of some utils, people patch it for exampel 100 connections, this actions i did by my self on all the computers where this problem is. One of this patcher calls Half-open_limit_fix_4.2.exe
Lots of not original windows xp distributives have alreadypatched tcpip.sys.
When I unninstall avast and recover tcpip.sys from file c:\windows\system32\tcpip.copy network doesnt work. I steel try to find a solution, because i dont have a distrubutive of windows now with me to recover from it, i think this comands could be solve a problem
expand X:\i386\tcpip.sy_ c:\windows\system32\tcpip.sys
You make me work hard today to fix this problem, it is easy to kill my self , becase I have 150 PC clients, and big mount of them already kill tcpip with avast…
p.s. your captcha make me mad, its very hard to see symbols
I can confirm its a problem of patched tcpip.sys on Windows XP. Multiple sysytems on multiple locations affected. Already tweeted Avast and filled in a ticket on the site.
I’m having exact the same problem. It all began yesterday - after the latest Avast update. Unforunately, I was dumb enough to remove “infected” file, so it totally messed up my system. I had to format my HDD (system partition only) and reinstall Windows. But again - I’ve installed the latest version of Avast and it keeps telling me that WINDOWS\system32\drivers\tcpip.sys is infected. It’s ridiculous.
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system
if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine
Good Luck
Instead of reinstalling the TCP/IP protocol, you also could open a command prompt (start → run → cmd.exe [enter]) and type at the commandprompt “netsh int ip reset c:\reset.log”
Guys, were those detections caused by an on-demand (i.e. manual) scan, or rather by a shield?
If it was a shield, could someone please open the file
c:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt
search for the relevant entry about tcpip.sys (should be somewhere at the bottom), and paste here the few lines (the detection, plus the subsequent action(s) on the next line)?
Thanks.