|  | 
|  | TCPIP.SYS Trojan Agent |  | 
|  | 
|  |  | 
| alch Site Admin 
   |  | 
 could you scan C:\WINDOWS\system32\drivers\tcpip.sys file on https://www.virustotal.com  and let us know what other scanners think about it? | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| dshuman552 
   |  | 
 I believe this indicates the file appears to be clean.
 Antivirus Version Last Update Result AhnLab-V3 2007.11.14.0 2007.11.13 - AntiVir 7.6.0.34 2007.11.13 - Authentium 4.93.8 2007.11.14 - Avast 4.7.1074.0 2007.11.13 - AVG 7.5.0.503 2007.11.13 - BitDefender 7.2 2007.11.14 - CAT-QuickHeal 9.00 2007.11.13 - ClamAV 0.91.2 2007.11.14 - DrWeb 4.44.0.09170 2007.11.14 - eSafe 7.0.15.0 2007.11.13 - eTrust-Vet 31.2.5293 2007.11.13 - Ewido 4.0 2007.11.13 - FileAdvisor 1 2007.11.14 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.14 - F-Secure 6.70.13030.0 2007.11.14 - Ikarus T3.1.1.12 2007.11.14 - Kaspersky 7.0.0.125 2007.11.14 - McAfee 5162 2007.11.13 - Microsoft 1.3007 2007.11.12 - NOD32v2 2656 2007.11.13 - Norman 5.80.02 2007.11.13 - Panda 9.0.0.4 2007.11.14 - Prevx1 V2 2007.11.14 - Rising 20.18.11.00 2007.11.13 - Sophos 4.23.0 2007.11.14 - Sunbelt 2.2.907.0 2007.11.14 - Symantec 10 2007.11.14 - TheHacker 6.2.9.127 2007.11.14 - VBA32 3.12.2.4 2007.11.11 - VirusBuster 4.3.26:9 2007.11.13 - Webwasher-Gateway 6.0.1 2007.11.13 - Additional information File size: 359808 bytes MD5: 1dbf125862891817f374f407626967f4 SHA1: a502d0d6c3a4dd995a3554347b04fbb51dd05901 | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| GuitarBob 
   |  | 
 I had the same trojan notice today with tcpip.syswhen I did my c:\Windows scan with ClamWin.  I uploaded it to Jotti, but no AV found anything--including Clam on Jotti.  I submitted a file to Clam with an explanation.  I just noticed that they didn't do anything with it according to a recent signature update report.  I have rescanned my Windows directory a couple of times since then with ClamWin, and t doesn't find anything, so something has changed.  
 I did a ClamWin signature update just prior to scanning the first time, and Jotti probably doesn't update as often as I do, so that might be why Jotti's version of Clam missed the file I uploaded. At any rate, my problem appears to have been corrected. I wonder if the Clam people re-tuned their signature without saying so. I suggest you rescan your files in which ClamWin previously found malware and see what the status is now. It's probably okay. If it isn't, send the Clam people a message--maybe to Luca Gibelli. I think you will get an answer from him. Regards, | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| drgoa.r 
   |  | 
 it seems that we talk about patched tcpip.sys, right?
 i uploaded mine and also the backup of the original file: on patched one ClamAV found the troyan (om virustotal site). anyway - it seems that something went wrong with the last updates, because i patched my tcpip.sys many months ago, and ClamAV/WIN did not find anything since now. database used: till daily-4764 after update - tcpip.sys not reported anymore | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| GuitarBob 
   |  | 
 I think you are right about the patched file, dr...  I did my Windows update yesterday just before I ran the first scan where I saw the infected tcip.sys.  And there could have been other files patched too--one patch I didn't need.  Looks like Clam adjusted something since then--don't get any infected message now.
 Regards, | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| dshuman552 
   |  | 
 Clamwin quarantined the files (tcpip.sys) - 4 versions.  I am rescanning the quarantined files instead of the active ones with https://www.virustotal.com.  I believe quarantined files are skipped in subsequent scans so it is not surprising the problem is not found in subsequent scans. | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| GuitarBob 
   |  | 
 I only scanned the Windows directory, so there was only one file to worry about.  I wouldn't quarantine anything.  I prefer to keep a suspect file where it is and upload it to Jotti/VirusTotal for confirmation.  If you get a false positive on an important system file and quarantine it, you will lose access to Windows--it happened to me once.
 Anyway, the problem has been fixed because subsequent scans don't show any infection since the original infection notice. Regards | |||||||||||
| 
 | |||||||||||||
|  | 
|  |  | 
| drgoa.r 
   |  | 
 yes, i can confirm it too: after few daily db updates - tcpip.sys is no more detected as troyan. | |||||||||||
| 
 | |||||||||||||
|  | 
|  | TCPIP.SYS Trojan Agent |  | 
| 
 | ||
|  | 
|   | 
	Powered by phpBB  © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.







