Tcpip.sys wrongly identified!!!!

File tcpip.sys has been wrongly identified as as threat.
It's a patched file from nlite program (www.nliteos.com), and is not a virus.
Please update your virus definitions to stop further marking of this file as a virus, because when nod/ess deletes a file, all the network traffic is disabled.

 

Patched system files are classified correctly as a virus. If they were classified as trojans, they would be removed automatically which would most likely render the OS unstable or certain network functionalities would not work at all.

 

Be serious with that message - i patched my tcpip.sys too (myself) - and: none.
Eset moans less about false positives - but if - you should not ignore it.
Test the file yourself -> http://www.virustotal.com/

PS have you created the new ISO yourself? Or just downloaded?
You should think about that some of those images are infected with purpose!

 

Everything was working fine until some 10 days ago when nod was starting to complain about patched.bg virus in tcpip.sys.
System was stable, no anomalies, no hangups, everything is fine.
I scanned the file via www.virustotal.com and says nothing, except for :

~Virus Total results removed per Policy.~


everything else is clear!

I made the windows xp + sp2 instalation myself, and it's in revision 5 by now, some 3 years have passed with no problems at all.
Everything is done by me, manual and analog methods only, I'm in it/network business for 12 years now.
For me it's false alarm and it should be removed from threat list.

 

Ok - i'm using SP3 - the update to SP3 is strongly recommend...

to the scan - i have several files here patched - but a2 doesn not moan any
(a2 uses ikarus engine so the result is same)

so i think your file is infected and there is no other reason to change my mind.
although you cannot find other infections there may other you cannot find.
or the infection is so specific - and you have no knowledge how to sniff
additional traffic you dont see.

finally recommend - save important data, format and reinstall windows

PS the result was found before:~Virus Total results removed per Policy.~

the latest know tcpip.sys (SP2) for me has this checksum (unpatched)
b2220c618b42a2212a59d91ebd6fc4b4|tcpip.bak
as on SP3 there may an update after that build (5.1.2600.2892, (xpsp.060420-0256), 12. Oktober 2006)

 

Hello,

I did not see a complete message from a log file or screen shot showing how the threat was found and categorized, but ESET has a knowledgebase which contains several articles explaining how to exclude certain objects from being scanned by ESET's software:

ESET KB #0139, How do I exclude certain files or folders from the On-demand scanner? (3.0)
ESET KB #0560, How do I exclude certain files or folders from real-time scanning? (3.0)
ESET KB #2152, How do I exclude certain files or folders from the On-demand scanner? (4.0)
ESET KB #2153, How do I exclude certain files or folders from real-time scanning? (4.0)

Depending upon how the threat was categorized, this may allow you to prevent further messages from being displayed about it.

Regards,

Aryeh Goretsky