Hello !
I’ve just turned on my computer, and after the system has started up a warning message from Avast popped up telling me that “ROOTKIT FOUND”.
I think the rootkit has to do with the internet connection, it’s named SVC: Tcpip and is located in “C:\Windows\System32\Drivers\tcpip.sys” the name of the rooktit is “Win32:Malware-gen”.
The AV offers two option “Delete Now (recommended)” or “Ignore”.
and since there’s no option to send it to “the Chest” I wanna delete it, but before I wanna know if that’s gonna affect my internet connection or something else, or I can delete it safely.
Do not delete it
Could you follow the steps here http://forum.avast.com/index.php?topic=53253.0
ok, thanks. I’ll take a look at the link.
I just closed the the window of avast warning message. is that going to delete the rootkit?
I’m experiencing the same thing. Wonder if they’re related somehow
I don’t know yet I will need to look at all the logs to make a determination
Same problem here. Checking on twitter, its a massive problem. Definitely it’s a issue from the update of today or something like that. I delete it like avast suggest and the network crash after that.
Avast guys, FIX IT.
What VPS do you have mine is 121205-1
I am not experiencing this problem on either windows 8 or 7
I’m a windows xp user. Version is 121205-1. Definitely an issue on windows xp.
Are any of you using peerblock ?
Look’s like 100% FP only affecting XP users.
Hello guys,
this was false detection and should be fixed in latest stream update. We really sorry for inconvenience.
Filip Chytrý
Virus analyst
Intriguing, it was not detected on my XP maybe as it was a VM ??
For me, I’m using Windows XP. VPS: 121205-1.
I just closed the window of Avast warning message. Then I was asked to run the boot-scan, but I canceled. afterwards a system warning message appeared saying that I need to insert my Xp CD to repair or install some missing files. I also canceled.
When I restarted my computer, I couldn’t connect to the internet at all.
I restored my computer, and fortunately it worked. but after received the latest VPS: 121205-1. the Avast warning message popped up again.
Update avast manually
I don’t use PEERBLock. I also think it’s an FP.
No update is available so far.
It looks to be if you are not using the standard MS TCPIP i.e a programme you are using has patched it
Avast ругается на файл tspip.sys и предлогает его грохнуть. После удаления файла, инет естественно не работает.
Решение для XP.
Переустановите протокол TCP/IP
1.загрузиться в Безопасный режим с поддержкой сети
2.Пуск-выполнить-regedit и удалить 2 ключа в реестре
Код
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\
3.Идем в папку windows\inf находим файл Nettcpip.inf , открываем, находим раздел [MS_TCPIP.PrimaryInstall] и в записи Characteristics = 0xa0 заменить 0xa0 на 0x80
4.Заходим в Сетевые подключения, правой кнопкой мыши на вашем подключении к сети- Свойства.
Открыть вкладку Общие -нажимаем последовательно Установить, Протокол и Добавить.
В окне Выбор сетевых протоколов щелкнуть Установить с диска
В окне Копировать файлы с диска: ввести C:\Windows\inf и нажмать кнопку ОК.
Выделить пункт Протокол Интернета (TCP/IP) и нажмать кнопку ОК
Возвращаемся на экран свойства подключения по локальной сети, кнопка Удалить теперь активна.
Теперь удаляем Протокол Интернета (TCP/IP)
Перезагрузить компьютер
5. Копируем файл новый tcpip.sys в папки system32\dllcache и system32
6.Зайти опять в Сетевые подключения и установить Протокол Интернета (TCP/IP) заново, используя кнопку Установить с диска и путь c:\windows\inf
И еще раз перезагрузить компьютер
PS. папки system32\dllcache у ВАС может и не быть.
Для тех кому все это сложно обращайтесь в Квадратек. 50 000 исправим.
BER.BY компьютерная техника с доставкой в Полоцк и Новополоцк
решение взято с форума Касперского.
Reinstall the TCP / IP protocol
1.Safe Mode with Networking
2.Pusk-run-regedit and delete the two registry key
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Winsock
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ WinSock2
3.folder windows \ inf find the file Nettcpip.inf, open, find the section [MS_TCPIP.PrimaryInstall] and recorded Characteristics = 0xa0 replace 0xa0 to 0x80
4.Network Connections, right-click on your network connection
Properties.
Open the General tab, click Install series, Protocol, and Add.
In the Select Network Protocols window click Have DiskIn the Copy manufacturer’s files from:
enter C: \ Windows \ inf
and OK.
Select Internet Protocol (TCP / IP) and click OK
Returns to the properties of a connection on a local network, the Delete button is now active.
Now delete the Internet Protocol (TCP / IP)
Reboot the computer
5. Copy the file new tcpip.sys to a folder system32 \ dllcache and system32
6. back to Network Connections and set the Internet Protocol (TCP / IP) again using the Have Disk button and the path c: \ windows \ inf
Again reboot
ber.by