Author Topic: Avast! delete my tcpip.sys  (Read 38938 times)

0 Members and 1 Guest are viewing this topic.

Offline tommysze

  • Newbie
  • *
  • Posts: 3
Avast! delete my tcpip.sys
« on: December 06, 2012, 06:16:33 AM »
My Avast! detect my C:\WINDOWS\system32\drivers\tcpip.sys is threat : Win32:Malware-gen, it suggested me to delete it. Now, I can not connect the Internet. What should I do?

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 712
  • A Good Old Indian!
Re: Avast! delete my tcpip.sys
« Reply #1 on: December 06, 2012, 06:29:41 AM »
Follow the guide: http://forum.avast.com/index.php?topic=53253.0

attach all logs in this topic...

Offline tommysze

  • Newbie
  • *
  • Posts: 3
Re: Avast! delete my tcpip.sys
« Reply #2 on: December 06, 2012, 06:49:50 AM »
No network connection of my computer. I am using mobile phone.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: Avast! delete my tcpip.sys
« Reply #3 on: December 06, 2012, 07:38:11 AM »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5416
  • Spartan Warrior
Re: Avast! delete my tcpip.sys
« Reply #4 on: December 06, 2012, 08:37:26 AM »
hi tommysze,

Sorry to say this, but a Windows system file should never be deleted, even if Avast! says it is infected.  Reason is, you cannot recover a deleted file of any kind, including a Windows file, once Avast! is told to delete it.

Options presented on detection and end of scan are four:  Quarantine, Repair, Delete, Ignore.  With a system file, best option is to use Ignore.  With any other file, best option is to quarantine in case of a false positive report.  Repair does not work at times because the file detected may not be actually be a virus, but a worm or Trojan.  In the latter two cases, the entire file is the malicious agent; so there is nothing to repair, and Avast! Repair will fail.

Your options are always to be able to come here for expert assistance in such a case as this one.  essexboy knows how to fix a real infected Windows system file without damaging your system; unfortunately, this C:\WINDOWS\system32\drivers\tcpip.sys file was deleted.  He can still help you, tho.
Windows 10 Home 64-bit 1909 Avast Premier Security version 20.1.2397 (build 20.1.5069.559) UI version 1.0.460.

Offline hayshays

  • Jr. Member
  • **
  • Posts: 20
Re: Avast! delete my tcpip.sys
« Reply #5 on: December 06, 2012, 09:37:35 AM »
I have the same problem on different PC in different companies, with windows xp installed. I think the reason of this situation is patched tspip.sys. By default tcpip.sys have 10 connections and with help of some utils, people patch it for exampel 100 connections, this actions i did by my self on all the computers where this problem is. One of this patcher calls Half-open_limit_fix_4.2.exe

Lots of not original windows xp distributives have alreadypatched tcpip.sys.
When I unninstall avast and recover tcpip.sys from file c:\windows\system32\tcpip.copy network doesnt work. I steel try to find a solution, because i dont have a distrubutive of windows now with me to recover from it, i think this comands could be solve a problem
expand X:\i386\tcpip.sy_ c:\windows\system32\tcpip.sys
You make me work hard today to fix this problem, it is easy to kill my self :) , becase I have 150 PC clients, and big mount of them already kill tcpip with avast..
p.s. your captcha make me mad, its very hard to see symbols
« Last Edit: December 06, 2012, 10:42:39 AM by hayshays »

Offline teknobass

  • Newbie
  • *
  • Posts: 12
Re: Avast! delete my tcpip.sys
« Reply #6 on: December 06, 2012, 09:52:38 AM »
I can confirm its a problem of patched tcpip.sys on Windows XP. Multiple sysytems on multiple locations affected. Already tweeted Avast and filled in a ticket on the site.

Offline PH1987

  • Newbie
  • *
  • Posts: 2
Re: Avast! delete my tcpip.sys
« Reply #7 on: December 06, 2012, 09:58:06 AM »
I'm having exact the same problem. It all began yesterday - after the latest Avast update. Unforunately, I was dumb enough to remove "infected" file, so it totally messed up my system. I had to format my HDD (system partition only) and reinstall Windows. But again - I've installed the latest version of Avast and it keeps telling me that WINDOWS\system32\drivers\tcpip.sys  is infected. It's ridiculous.

edited

I can confirm its a problem of patched tcpip.sys on Windows XP. Multiple sysytems on multiple locations affected. Already tweeted Avast and filled in a ticket on the site.

Ok, good to know:)
« Last Edit: December 06, 2012, 10:04:22 AM by PH1987 »

Offline tommysze

  • Newbie
  • *
  • Posts: 3
Re: Avast! delete my tcpip.sys
« Reply #8 on: December 06, 2012, 10:13:40 AM »
 :'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3292
  • Avast shall conquer the whole world
Re: Avast! delete my tcpip.sys
« Reply #9 on: December 06, 2012, 10:29:20 AM »
It was an FP on TCPIP.sys it will be corrected on the next stream update

Here the answer from essexboy saying it FP and it will be corrected on the next stream update asap ;)
ASUS G75VX-T4153H - Avast Premium v20.5.5410 - Avast SecureLine VPN - Avast Secure Browser - W8.1 64bit - Firefox 64bit - Thunderbird 64bit - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline PH1987

  • Newbie
  • *
  • Posts: 2
Re: Avast! delete my tcpip.sys
« Reply #10 on: December 06, 2012, 10:35:59 AM »
:'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?

Yep, looks like it's the only solution if you deleted this file.

Offline bstambolija

  • Newbie
  • *
  • Posts: 2
Re: Avast! delete my tcpip.sys
« Reply #11 on: December 06, 2012, 10:53:30 AM »
:'( :'( :'( solution, I want the solution. Must I reinstall the windows XP?

Yep, looks like it's the only solution if you deleted this file.

I restored my computer and network worked. Avast is still informing me badly about tcpip.sys, just ignore it untill new avast update.

Offline KanatBy

  • Newbie
  • *
  • Posts: 3
Re: Avast! delete my tcpip.sys
« Reply #12 on: December 06, 2012, 11:39:10 AM »
So, how to fix problem???? I have't internet conections

Offline hayshays

  • Jr. Member
  • **
  • Posts: 20
Re: Avast! delete my tcpip.sys
« Reply #13 on: December 06, 2012, 11:54:14 AM »
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck

Offline KanatBy

  • Newbie
  • *
  • Posts: 3
Re: Avast! delete my tcpip.sys
« Reply #14 on: December 06, 2012, 12:41:32 PM »
Спасибо, попробую завтра, отпишусь. Я из Казахстана так, что можешь на русском, уркаинский я слабо знаю.
So, how to fix problem???? I have't internet conections
1 I had recovered tcpip.sys from file c:\windows\system32\tcpip.copy, just copy and rename to tcpip.sys
next step:
2 reinstall tcp ip protocol in properties of local area network connection, common\press install button, choose protocol \install from disk\ choose path c:\windows\inf press ok and choose tcp ip internet protocol, reboot system

if you set tcpip.sys in avast settings as exclusion its dosnt help, avast keep on blocking tcpip.sys but will not delete it. when warning about infections apeared, choose ignore and mark never ask again. Then wait for next update of avast.
sorry for my english, i am from ukreaine :)
Good Luck