Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: tommysze on December 06, 2012, 06:16:33 AM

Title: Avast! delete my tcpip.sys
Post by: tommysze on December 06, 2012, 06:16:33 AM
My Avast! detect my C:\WINDOWS\system32\drivers\tcpip.sys is threat : Win32:Malware-gen, it suggested me to delete it. Now, I can not connect the Internet. What should I do?
Title: Re: Avast! delete my tcpip.sys
Post by: True Indian on December 06, 2012, 06:29:41 AM
Follow the guide: http://forum.avast.com/index.php?topic=53253.0

attach all logs in this topic...
Title: Re: Avast! delete my tcpip.sys
Post by: tommysze on December 06, 2012, 06:49:50 AM
No network connection of my computer. I am using mobile phone.
Title: Re: Avast! delete my tcpip.sys
Post by: Pondus on December 06, 2012, 07:38:11 AM
http://forum.avast.com/index.php?topic=110781.0
Title: Re: Avast! delete my tcpip.sys
Post by: mchain on December 06, 2012, 08:37:26 AM
hi tommysze,

Sorry to say this, but a Windows system file should never be deleted, even if Avast! says it is infected.  Reason is, you cannot recover a deleted file of any kind, including a Windows file, once Avast! is told to delete it.

Options presented on detection and end of scan are four:  Quarantine, Repair, Delete, Ignore.  With a system file, best option is to use Ignore.  With any other file, best option is to quarantine in case of a false positive report.  Repair does not work at times because the file detected may not be actually be a virus, but a worm or Trojan.  In the latter two cases, the entire file is the malicious agent; so there is nothing to repair, and Avast! Repair will fail.

Your options are always to be able to come here for expert assistance in such a case as this one.  essexboy knows how to fix a real infected Windows system file without damaging your system; unfortunately, this C:\WINDOWS\system32\drivers\tcpip.sys file was deleted.  He can still help you, tho.
Title: Re: Avast! delete my tcpip.sys
Post by: hayshays on December 06, 2012, 09:37:35 AM
I have the same problem on different PC in different companies, with windows xp installed. I think the reason of this situation is patched tspip.sys. By default tcpip.sys have 10 connections and with help of some utils, people patch it for exampel 100 connections, this actions i did by my self on all the computers where this problem is. One of this patcher calls Half-open_limit_fix_4.2.exe
(http://www.bayareatechpros.com/wp-content/uploads/2009/10/holmt10.jpg)
Lots of not original windows xp distributives have alreadypatched tcpip.sys.
When I unninstall avast and recover tcpip.sys from file c:\windows\system32\tcpip.copy network doesnt work. I steel try to find a solution, because i dont have a distrubutive of windows now with me to recover from it, i think this comands could be solve a problem
expand X:\i386\tcpip.sy_ c:\windows\system32\tcpip.sys
You make me work hard today to fix this problem, it is easy to kill my self :) , becase I have 150 PC clients, and big mount of them already kill tcpip with avast..
p.s. your captcha make me mad, its very hard to see symbols
Title: Re: Avast! delete my tcpip.sys
Post by: teknobass on December 06, 2012, 09:52:38 AM
I can confirm its a problem of patched tcpip.sys on Windows XP. Multiple sysytems on multiple locations affected. Already tweeted Avast and filled in a ticket on the site.
Title: Re: Avast! delete my tcpip.sys
Post by: PH1987 on December 06, 2012, 09:58:06 AM
I'm having exact the same problem. It all began yesterday - after the latest Avast update. Unforunately, I was dumb enough to remove "infected" file, so it totally messed up my system. I had to format my HDD (system partition only) and reinstall Windows. But again - I've installed the latest version of Avast and it keeps telling me that WINDOWS\system32\drivers\tcpip.sys  is infected. It's ridiculous.

edited

I can confirm its a problem of patched tcpip.sys on Windows XP. Multiple sysytems on multiple locations affected. Already tweeted Avast and filled in a ticket on the site.

Ok, good to know:)
Title: Re: Avast! delete my tcpip.sys
Post by: tommysze on December 06, 2012, 10:13:40 AM
 :'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?
Title: Re: Avast! delete my tcpip.sys
Post by: SpeedyPC on December 06, 2012, 10:29:20 AM
It was an FP on TCPIP.sys it will be corrected on the next stream update

Here the answer from essexboy saying it FP and it will be corrected on the next stream update asap ;)
Title: Re: Avast! delete my tcpip.sys
Post by: PH1987 on December 06, 2012, 10:35:59 AM
:'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?

Yep, looks like it's the only solution if you deleted this file.
Title: Re: Avast! delete my tcpip.sys
Post by: bstambolija on December 06, 2012, 10:53:30 AM
:'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?

Yep, looks like it's the only solution if you deleted this file.

I restored my computer and network worked. Avast is still informing me badly about tcpip.sys, just ignore it untill new avast update.
Title: Re: Avast! delete my tcpip.sys
Post by: KanatBy on December 06, 2012, 11:39:10 AM
So, how to fix problem???? I have't internet conections
Title: Re: Avast! delete my tcpip.sys
Post by: hayshays on December 06, 2012, 11:54:14 AM
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck
Title: Re: Avast! delete my tcpip.sys
Post by: KanatBy on December 06, 2012, 12:41:32 PM
Спасибо, попробую завтра, отпишусь. Я из Казахстана так, что можешь на русском, уркаинский я слабо знаю.
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck
Title: Re: Avast! delete my tcpip.sys
Post by: KanatBy on December 06, 2012, 12:43:43 PM
Thank's
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck
Title: Re: Avast! delete my tcpip.sys
Post by: teknobass on December 06, 2012, 12:47:24 PM
Instead of reinstalling the TCP/IP protocol, you also could  open a command prompt (start -> run -> cmd.exe [enter]) and type at the commandprompt "netsh int ip reset c:\reset.log"
Title: Re: Avast! delete my tcpip.sys
Post by: bstambolija on December 06, 2012, 01:00:13 PM
Windows restore will do the work
Title: Re: Avast! delete my tcpip.sys
Post by: igor on December 06, 2012, 01:12:44 PM
Guys, were those detections caused by an on-demand (i.e. manual) scan, or rather by a shield?

If it was a shield, could someone please open the file
c:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt
search for the relevant entry about tcpip.sys (should be somewhere at the bottom), and paste here the few lines (the detection, plus the subsequent action(s) on the next line)?
Thanks.
Title: Re: Avast! delete my tcpip.sys
Post by: josalmon561 on December 06, 2012, 01:18:19 PM
I found a free tool to recover TCPIP.SYS:
http://greatis.com/unhackme/tcpip-sys-restore.htm
It's worked for me.
Title: Re: Avast! delete my tcpip.sys
Post by: N@URINE on December 06, 2012, 02:12:20 PM
I had the same problem yesterday. I solved it by system restoration.
Title: Re: Avast! delete my tcpip.sys
Post by: MiguelAngelMx on December 06, 2012, 07:50:21 PM
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck


Thank you so much hayshays, I followed you steps and works for me. Just that I don't have the tcpip.copy, and I find it here http://sysfiles-download.com

now all works fine
Title: Re: Avast! delete my tcpip.sys
Post by: Nando_lavras on December 06, 2012, 09:42:30 PM
When the update is live???? I work in a ISP and today is a total caos, many, many machines with the tcpip.sys deleted by a false positive, correct this quickly!!!!!!!
Title: Re: Avast! delete my tcpip.sys
Post by: chris.. on December 06, 2012, 11:42:53 PM
happened too this morning but I have done a start scan and tcpip.sys was deleted on restored point too.
I had tried to copy tcpip.sys by other computer but now nothing is working:
avast shields desactived and nothing to activate again:repair,reinstall  :-[
and now keyboard is afected => windows blocked when I just use keyboard.
I don't know what I can do ?  :-\
Title: Re: Avast! delete my tcpip.sys
Post by: iroc9555 on December 06, 2012, 11:50:26 PM
Try this and report back:

http://forum.avast.com/index.php?topic=110781.msg871435#msg871435
Title: Re: Avast! delete my tcpip.sys
Post by: chris.. on December 07, 2012, 01:31:07 AM
It's ok now , I applied the 2 tools  (recovered tcpip.sys and avastfix.bat).
However I have had to do again a clean install to recovered (I hope) a usefull pc.
Title: Re: Avast! delete my tcpip.sys
Post by: intanet on December 07, 2012, 09:21:58 AM
I can't believe the trouble this has cause me (and others).  Took me 3 hours to get back to normal.  I got this Root kit warning for the TCPIP.sys but cause I know it's related to internet connection, I wasn't quick to let Avast delete it.  After an hour of googling the matter and going to the Avast forum (this happened the other day before this thread was started which seems to have helpful information), I finally decided to delete the file but then I lost the internet althogther after a reboot.  I did a system restore and got the file back and was able to connect to the internet and got the toll free number Avast offers and called.  The tech guy told me, after a look at my "Event Viewer" that I had many system errors and that was the cause of the file being reported as a RootKit and that I could select "Ignore" in the Avast drop down list when the warning came up again.
What a drag this was.
Title: Re: Avast! delete my tcpip.sys
Post by: ayoubafnakar on December 07, 2012, 10:00:56 AM
Did Avast Fix It In Today Update ? Because After I Format My PC Yesterday I Kept The Auto Update Off ? Is It Safe To Run It On Again Now ?  :o
Title: Re: Avast! delete my tcpip.sys
Post by: Nando_lavras on December 07, 2012, 11:44:20 AM
Did Avast Fix It In Today Update ? Because After I Format My PC Yesterday I Kept The Auto Update Off ? Is It Safe To Run It On Again Now ?  :o

Apparently not... we keep getting user complaints today...
Title: Re: Avast! delete my tcpip.sys
Post by: SpeedyPC on December 07, 2012, 01:05:46 PM
Just hang in there and let Avast investigate the problem as it might take a bit long ;)

Edit: Beside I don't have this problem any way because my avast didn't detect my tcpip.sys as a virus because I have XP Pro SP3, so I have no problem at all as mind say it clean.
Title: Re: Avast! delete my tcpip.sys
Post by: Pondus on December 07, 2012, 01:54:03 PM
try doing a manual update now....a new have been released 121207-0
see if that change anything...
Title: Re: Avast! delete my tcpip.sys
Post by: claudiuc on December 07, 2012, 03:28:35 PM
Anyone having this problem, please try this:

Fast download link, translated in english here:
http://www.avastantivirus.ro/suport-tehnic (http://www.avastantivirus.ro/suport-tehnic)  - Fix avast! XP NETWORK
Title: Re: Avast! delete my tcpip.sys
Post by: essexboy on December 07, 2012, 03:47:08 PM
Thank you Claudiuc   I have passed the link to the malware staff at G2G as I had one case post there yesterday where he had deleted rather than chested the file
Title: Re: Avast! delete my tcpip.sys
Post by: rainislovely on December 07, 2012, 03:57:44 PM
I'm on XP.  I think my TCPIP was deleted as well so I found this

To Reinstall TCP/IP

To do this you need a copy of nettcpip.inf.  There is one on the Windows XP CD and there may be one on your hard drive at C:\WINDOWS\inf\nettcpip.inf. Note: To see the inf folder, open My Computer and go to the menu item Tools > Folder Options... > View > and choose Show hidden files and folders.

Right click "My Network Places" select Properties.
Right click the connection(s) and select Properties.
Click Install >Protocol >add >have disk.
Browse to the location of nettcpip.inf .
Select nettcpip.inf then click Open then OK then Internet Protocol (TCP/IP) then OK then Close
Reboot

I just tried it and my internet worked again.  Just sharing.

Title: Re: Avast! delete my tcpip.sys
Post by: SergeyP on December 10, 2012, 09:19:45 AM
1. The easiest way to restore tcpip.sys is to "Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore" (http://support.microsoft.com/kb/306084/en)

2. I am surprised. Several days have passed, but Avast team still didn't fix an issue. My Avast still warn me every morning about suspicious tcpip.sys in Windows XP!
Title: Re: Avast! delete my tcpip.sys
Post by: germangelv on December 10, 2012, 05:24:40 PM
Make Solution
WinXP SP3 TCPIP.SYS Modded, Avast 121205-0 and 121205-1 Problem
http://forum.avast.com/index.php?topic=110828.0
Enjoy!