Still a problem with virus definitions.
Last week I ran my monthly "everything" scan and this came up:
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [L] Win32:Malware-gen (0)
Notice the directory.
I've used the patching tool from
http://www.lvllord.de/ for some years now without any problems. I remember that sometimes I've used other than the default values for the "half-open connections" with the tool (maybe your new virus definitions exclude only the default value used by this tool?).
My system has 19 different tcpip.sys files and only the above one is flagged.
Virus definitions: last week scan detected with 121212-0, 12.12.2012, and now: 121217-0.
Virustotal:
Avast Win32:Malware-gen 20121217
GData Win32:Malware-gen 20121217 (uses avast defs)
Ikarus Win32.Malware 20121217
(uses avast defs)TrendMicro-HouseCall TROJ_GEN.F47V1213 20121217
Do you want me to upload the file to you somewhere? Or attach it here to this post?
EDIT: Fixed Ikarus claim. Thanks Asyn.. I fast-googled earlier and misread some text I found, sorry.