Windows XP users: Problem with avast! and tcpip.sys

[Tomaso]

There's just been a major problem for avast! users that's running WinXP.
For many users, avast! detected tcpip.sys as a threat ("Win32:Malware-gen").
This is a false positive and happens on systems where tcpip.sys has been patched to increase the half-open connections limit.

Most of us P2P folks has patched this file, so this means that there's probably quite a lot of affected people out there.
Of course, if you delete tcpip.sys, you'll be left without an internet connection!

I got the prompt by avast! myself yesterday, but I assumed that it was a false positive and chose to ignore the warning.
..However, when I was surfing today, avast! still popped up a couple of messages about blocking the file (without any noticable effect).

The problem seems to have been fixed in the latest virus definitions (v121207-0), but if you've been really unlucky and deleted tcpip.sys, the avast! team has upped a fix that will restore the file for you here ("Fix avast! XP NETWORK"):
http://www.avastantivirus.ro/files/avastfix.zip
..Just follow the instructions in "readme.rtf".

[Dayman]

Never trust your AV
http://news.cnet.com/Kaspersky-inadvert ... 23836.html

[Tomaso]

LOL! In a way, I've kinda quarantined Windows Explorer myself..
Since it's got pretty much the same rights as Internet Explorer, I've blocked all internet access for those processes on my system.

[Peter]

I remember when Avast started deleting files randomly due to a stupid update.
But it's bound to happen. Remember when MSE detected Chrome as a malware?

ps.: I'm using Avast too.

[sirisiri]

I have Avast and no problems so far You all should change any "delete immediately" option to "ask first"

[DarrellGood]

I know, I had issues with them too, every once in a while avast would recognize a legit program as a virus and delete it. I got frustrated and deleted it.
I'm now using Unthreat Antivirus and so far so good, it hasn't deleted any legit programs and I haven't had a virus since I got it.

[Peter]

"Unthreat antivirus"... even the name sounds like a malware. You sure it's not a rogue?

[loki]

I'm sure it's a fine program but just sounds like one of those "free antivirus" programs that they advertise on tv.
They say phrases like, "Wow, my computer runs so fast now!" or "It was so easy to use it automatically found all the viruses on my computer, and removed them!"

[Peter]

By the way... I would run a ESET live scan from your browser after this threat unthreat.
I always check my PC with Comodo's Cleaning Essentials and ESET, but Avast seemingly protects me.

I did have BSODs back then, but it was due to Wuala's CBFS module. They somehow conflicted and things went boom. Since CBFS fixed the issue, no BSODs.
One thing I really hate that I can't buy a monthly subscription for an AV. I would use Avast at the company for example, if I wouldn't have to pay a year in advance.

[Avelon]

I recently switched to the free Comodo Internet Security and so far it's the best. But it goes with the saying 'It's a nanny for your apps, not for you' and it's true. It has and needs a lot of configuration. But it runs low on ressources and offers a very good protection.
Once you figured out how to protect the file you just changed by a script... it's awesome. Took me some time to look into it. Never knew why my beloved file got deleted or why even as an administrator I couldn't prevent the change of ownership of it Good firewall and good antivirus. If that doesn't help, there's Defense+. A guardian for your apps, not for you

[Tomaso]

Yet another serious AV issue. Webroot this time:
http://news.softpedia.com/news/Anti-Vir ... 5655.shtml