A significant group of Russian users complaint that they lost internet connection and even damaged their WinXP systems after 121205-0 update: http://forum.avast.com/index.php?topic=110770
Avast signaled they have some viruses and they deleted the suspicious files. After that they lost all settings for internet connection.
I advise them to send messages to Avast support but I can’t help them with anything more substantial. I think Avast experts should pay attention to the thread.
They “aren’t sure”. One of them deleted svhost.exe and “some other files”. By the way half of the posters in the thread work in support departments of internet providers. I think they work in the same company.
And could you ask them directly in the thread? Write them in English and I’ll try to translate.
I have just advised the users to restore their systems and to re-install Avast. To tell the truth it was a real avalanche of complaints in the middle of the night. Sorry but I have to go to bed because it’s half past one here and I must get up at half past five.
I have the same problem on different PC in different companies, with windows xp installed. I think the reason of this situation is patched tspip.sys. By default tcpip.sys have 10 connections and with help of some utils, people patch it for exampel 100 connections, this actions i did by my self on all the computers where this problem is. One of this patcher calls Half-open_limit_fix_4.2.exe
Lots of not original windows xp distributives have alreadypatched tcpip.sys.
When I unninstall avast and recover tcpip.sys from file c:\windows\system32\tcpip.copy network doesnt work. I steel try to find a solution, because i dont have a distrubutive of windows now with me to recover from it, i think this comands could be solve a problem
expand X:\i386\tcpip.sy_ c:\windows\system32\tcpip.sys
You make me work hard today to fix this problem, it is easy to kill my self , becase I have 150 PC clients, and big mount of them already kill tcpip with avast…
p.s. your captcha make me mad, its very hard to see symbols
При установлении сегодня 6.12.12 обновлений аваст на операционной системе XP выдал ошибку и подключение к интернету не происходит. Провайдер Твое TV перенаправил к Авасту, сообщив, что можно вызвать мастера. Подскажите, что делать? Санкт-Петербург.
Problem does still occur with virusdatabase 121206-2 . Avast still finds tcpip.sys infected. The file tcpip.sys has been patched with this tool http://www.lvllord.de/
to increase the number of maximum half-open connections.
Hope you can fix this, a lot of people with problems world-wide
3 hours troubleshooting this problem from the time I first got the alert of the rootkit in the tcpip.sys file. Because I am aware that tcpip has to do with the internet I hesitated to have Avast delete the file. I recently got FIOS installed so I thought maybe Avast was reporting a false positive as does happen at times so I ran some searches on google and the avast forum but, after reading for an hour or so, I eventually allowed Avast to delete the file and then let them reboot. But after reboot, I had no internet service and parts of Avast were disabled (web scanner and email scanner). So I did a system restore which reinstalled the tcpip.sys file and I got the Avast warning window again about it being a rootkit but I just told Avast to ignore it. I went to Avast website and got their telephone number to call (toll free) and I called customer care and the tech guy said my PC had a lot of errors and that’s why it reported that file as being a rootkit and that I could ignore it but, for $99 he would clean my PC. I declined.
Man! what a drag this was. I just download AVG and am thinking of switching.
I’ve used the patching tool from http://www.lvllord.de/ for some years now without any problems. I remember that sometimes I’ve used other than the default values for the “half-open connections” with the tool (maybe your new virus definitions exclude only the default value used by this tool?).
My system has 19 different tcpip.sys files and only the above one is flagged.
Virus definitions: last week scan detected with 121212-0, 12.12.2012, and now: 121217-0.