Jump to content
mihailsolovey

HEUR:Trojan.Win32.Generic [Solved]

Recommended Posts

Hi,

 

Please find a fix asap!

 

As I said previously, we are working on it right now.

As soon as we get one, i`ll inform you immediately.

Share this post


Link to post

We have around 400 PCs effected by this and is going to be a major headache.

 

Once Kaspersky has detected this we have found machines stop working with TCP services such as DNS, cause a lot of the system not to be usable.

 

We have found the following fix to restoring the TCP Stack

 

1. Remove the AV Agent

2. Restart the machine, and once hit the windows logo boot screen, hard reset the machine to force a Start-up Recovery on Next boot

3. Run the start-up recovery and click yes to system restore

4. Once this has complete you machine should be back on the network

 

All other forms of repair or system restore seems to fail, but the Start-up recovery repair seems to work.

 

Please note we have had some machine lose their Trust relationship whilst doing this.

 

You can put AV back on if you have the exclusions set up correctly.

 

Hope someone comes up with a better fix as this is going to take us a long time to get around all these machines!

Share this post


Link to post
Is KAV 6 the only affected version? What definition update time/number causes this?

 

Our sites that are running later version 8 have not experience the problems, so from our point of view it looks like just 6.

Share this post


Link to post
What definition update time/number causes this?

The update was 25.10.13 at 10:08:56 MSK

 

Is KAV 6 the only affected version?

Yes, we were informed only about KAV6.

If you have such an issue with other productsplease let us know.

Share this post


Link to post
We have around 400 PCs effected by this and is going to be a major headache.

 

Once Kaspersky has detected this we have found machines stop working with TCP services such as DNS, cause a lot of the system not to be usable.

 

We have found the following fix to restoring the TCP Stack

 

1. Remove the AV Agent

2. Restart the machine, and once hit the windows logo boot screen, hard reset the machine to force a Start-up Recovery on Next boot

3. Run the start-up recovery and click yes to system restore

4. Once this has complete you machine should be back on the network

 

All other forms of repair or system restore seems to fail, but the Start-up recovery repair seems to work.

 

Please note we have had some machine lose their Trust relationship whilst doing this.

 

You can put AV back on if you have the exclusions set up correctly.

 

Hope someone comes up with a better fix as this is going to take us a long time to get around all these machines!

 

 

Thank you for the information!

Could you please confirm that you use KAV6 WKS?

Share this post


Link to post
Thank you for the information!

Could you please confirm that you use KAV6 WKS?

 

Yes KAV6 MP4 WKS 6.0.4.1611

Share this post


Link to post
Yes KAV6 MP4 WKS 6.0.4.1611

Thank you for the info, I have transferred it to the team working on the fix.

Share this post


Link to post
Thank you for the info, I have transferred it to the team working on the fix.

 

The issue seems to be related to HKLM\System\CurrentControlSet\Services\TcpIP

 

On a broken machine this no longer has any entries, but I have not found any other way to get it back yet.

Share this post


Link to post
The issue seems to be related to HKLM\System\CurrentControlSet\Services\TcpIP

 

On a broken machine this no longer has any entries, but I have not found any other way to get it back yet.

 

Hi imperimus!

We are working on automatic solution for this issue.

 

Share this post


Link to post
On a broken machine this no longer has any entries, but I have not found any other way to get it back yet.

We are still working to solve the issue.

The solution will be available in a few hours.

 

Thank you for cooperation.

Share this post


Link to post

That will only work for those computers not managed by the administration server. After rebooting, the task will remove tcpip.sys again.

Share this post


Link to post
File AV should be disabled, or new updates should be downloaded.

 

New databases have been released since this morning, so as long as the updates are run before scan, the issue won't recur.

Share this post


Link to post
the group task for virus scan runs after rebooting after system restore.

 

Temporarily set the schedule to "Manually" and uncheck "Run missed tasks".

Share this post


Link to post
but the computer won't get the new policy.

 

so do system recovery. then reboot. then what?

1. System Restore to previous day

2. Reboot (networking will be working)

3. Update AV databases

Share this post


Link to post

Hi,

 

5 machines from my network are having the same problem.

 

I have KAV 6 WKS 6.0.4.1424.

 

I´ve try to restore the file but didn't work.

Share this post


Link to post

I've had success fixing broken machines with the following steps. Restoring the file did not work, nor did netsh:

 

1. Uninstall or disable Kaspersky.

2. Open Control Panel > Network and Sharing Center > Manage Network Connections *or* Change Adapter Settings

3. Right click an adapter and click "Properties"

4. Click "Install"

5. Select "Protocol" and click "Add"

6. Click "Have Disk" at the driver installation window (you probably will only see the Reliable Multicast Protocol driver when the window first opens)

7. Enter "C:\windows\inf" in the "Copy manufacturer's files from:" text box

8. Click "OK"

9. Select "Internet Protocol Version 4 (TCP/IPv4)" from the protocol list and click "OK"

10. The protocol will install

11. Close the Networking window and reboot the computer

12. Re-enable Kaspersky with the proper exclusions

Edited by kerard

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.