Author Topic: Just a general query  (Read 19338 times)

0 Members and 1 Guest are viewing this topic.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Just a general query
« Reply #30 on: December 12, 2012, 12:13:47 AM »
hi,

At least we still have time to avert any potential problems here.

Sorry you had problems running sfc /scannow on the XP system.  Suggest going back to your service shop and getting an updated XP Pro or XP home (whichever applies) disc from them (mine was free) that includes SP3 already slipstreamed into the new disc.  sfc /scannow should now work when the service pack on the disc matches what is installed on the system.  If not free, then it would be a nominal cost for you.

You can ask your tech if he modified this tcpip.sys file while it was in the shop.

As for tcpip.sys deletion errors, default settings with Avast! should not automatically delete this file.  At worst, if the file has been modified by your service tech, it should only quarantine it.  If it does quarantine it, you can then restore it from the virus chest.

Here are some possible solutions posted in the following links at the Avast! forums:

http://forum.avast.com/index.php?topic=110804.0  Read the entire thread but pay particular attention to reply # 3.  Clicking that link provided within that post will lead you here:  http://forum.avast.com/index.php?topic=110781.0

Reply # 14 will link to another site by an Avast! reseller for the final fix, should you need it.  File name is Fix avast! XP NETWORK http://www.avastantivirus.ro/suport-tehnic  Even tho this is in a foreign language, this fix will work for you; it is produced as a .zip file and can be downloaded and transferred to/run on the XP system if need be.

Suggest not changing any of the default settings within Avast! except for the opt-in setting to install Google Chrome.  If you run the installation program as is, Avast! will install Chrome for you.  You must opt-out of Chrome install when the opportunity presents itself twice; first time is at the very beginning of the install process, and the second time is after the system is rebooted.  Just untick the two boxes to opt-out of Google Chrome install twice if you do not want it.  If you want Google Chrome, there is nothing to modify here.

Reason for mentioning the above is not to complicate matters here.  Just want the install process to go smoothly and exactly as you expect it to.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #31 on: December 12, 2012, 02:05:42 AM »
Thanks for all that mchain :) I got this PC way back in July 2011, so I doubt the guy in the shop would even remember what he done with it! I won't have time to get into the shop to get another newer CD either, so I'll just have to chance it tomorrow night I reckon and hope for the best :-\ I honestly don't think it has been patched or that any other files on my system are screwed up in some way or other, else surely I'd have noticed by now or had some sorta warning? I did look at the properties of the tcpip file and it said it was from the Microsoft Corporation and it had a date from 2008 sometime connected with it, which would tie in with the release of SP3. I'll post back with the exact detail in the morning.

So, when a detection is made, do you get a pop up asking you what to do with the file? From reading other topics on here, I see some people say they got a pop up with regards to deleting it, but then they chose ignore and to never ask again. Just clarifying as I saw a screenshot in another topic with file system shield settings and there were some options there: 1 move to chest, 2 delete and 3 was no action I think. Can those kinda things be altered, particularly the delete option?

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Just a general query
« Reply #32 on: December 12, 2012, 02:37:03 AM »
So, when a detection is made, do you get a pop up asking you what to do with the file? From reading other topics on here, I see some people say they got a pop up with regards to deleting it, but then they chose ignore and to never ask again. Just clarifying as I saw a screenshot in another topic with file system shield settings and there were some options there: 1 move to chest, 2 delete and 3 was no action I think. Can those kinda things be altered, particularly the delete option?
Best option is to enter the "Real-Time Shield" section in Avast! GUI first and then go to File System Shield>Expert Settings tab.  You then will see the picture displayed below.  Modify your settings as shown:  Ask option will let you decide what you want to do.  Repair does not work if the infectious agent is a worm or Trojan.  Repair will/should work if a file is infected by a virus agent only.

Default action by Avast! is set thusly:  Automatically quarantine infected agent; if it fails, then it will Ask; if that fails, then it will do nothing.

Best to modify this setting before you connect to the Internet for the first time after a successful install of Avast!

Any problems, major or minor, please come back to this thread for the help you require.
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #33 on: December 12, 2012, 05:40:57 AM »
So I can alter the shield settings before I've registered?

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #34 on: December 12, 2012, 08:20:47 AM »
Here's the properties of my tcpip.sys file that I searched for: file version 5.1.2600.5625 (xpsp_sp3_gdr.080620-12-49) Copyrighted to Microsoft Corporation. The date it was modified was 20th June 2008, so presumably, if the guy in my local PC shop had modified it somehow, it would show a date in July 2011 I would've thought?

I've also now had some automatic updates for my system now pop up for me to download. Can I still continue with removing my current AV and installing Avast later and just wait to download these later?
« Last Edit: December 12, 2012, 08:30:01 AM by em1500uk »

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #35 on: December 12, 2012, 01:25:56 PM »
Is anyone able to confirm whether or not that file is the original Windows file please? I'm guessing not, but this is of a great concern to me. I know I ain't even changed anything yet, but I am a bit of a worrier as you might have guessed! It would be nice to know if this tcpip.sys file FP was actually fixed...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85595
  • No support PMs thanks
Re: Just a general query
« Reply #36 on: December 12, 2012, 01:48:17 PM »
We can't confirm if it is an original file from your information or not. Whilst it appears to be an original (but the date differs from mine, but that isn't unusual) you need to calculate the MD5 hash # to confirm if anything has been changed in the file.

Mine on XP Pro SP3:
MD5 hash = 9aefa14bd6b182d61e3119fa5f436d3d
Also see image for other properties.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #37 on: December 12, 2012, 01:59:03 PM »
Oh damn :(

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #38 on: December 12, 2012, 02:16:04 PM »
Reply # 14 will link to another site by an Avast! reseller for the final fix, should you need it.  File name is Fix avast! XP NETWORK http://www.avastantivirus.ro/suport-tehnic  Even tho this is in a foreign language, this fix will work for you; it is produced as a .zip file and can be downloaded and transferred to/run on the XP system if need be.
When would this fix need to be run if I needed it? Only if the tcpip.sys was deleted?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71801
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just a general query
« Reply #39 on: December 12, 2012, 02:20:41 PM »
When would this fix need to be run if I needed it? Only if the tcpip.sys was deleted?

Yes.
Win 8.1 [x64] - Avast PremSec 21.8.6586.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #40 on: December 12, 2012, 03:14:56 PM »
And also, while I'm at it, how do I restore the file from the virus chest and tell Avast to ignore it (if I encounter such issues).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85595
  • No support PMs thanks
Re: Just a general query
« Reply #41 on: December 12, 2012, 03:38:44 PM »
You should never Ignore (avira term), exclude a file without fully investigating if a detection is false. Acting in haste could mean you are allowing malware to run. This can be checked on sites like virustotal (below) with 40+ scanners scanning the file you upload.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select 'Extract' it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

####
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

@@@@
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #42 on: December 12, 2012, 04:27:11 PM »
Thanks for that DavidR. I've printed it out for reference just in case. Will I still be able to access the internet if tcpip.sys gets placed in the chest? Just curious as if I can't access the internet, then I'm not sure how I'd be able to carry out an online virus scanner on it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Just a general query
« Reply #43 on: December 12, 2012, 04:36:47 PM »
If avast has not alerted on the TCPIP by now then it never will...  From what I have seen it only affects modified TCPIP and not the standard MS one

Offline em1500uk

  • Jr. Member
  • **
  • Posts: 48
Re: Just a general query
« Reply #44 on: December 12, 2012, 04:51:45 PM »
If avast has not alerted on the TCPIP by now then it never will...  From what I have seen it only affects modified TCPIP and not the standard MS one
I'm still to install Avast essexboy. I'm going to give it a go later tonight and just hope for the best. As I've said before, I do worry about all this kinda stuff as I'm not exactly very technical when it comes to PCs.