Jump to content
mihailsolovey

HEUR:Trojan.Win32.Generic [Solved]

Recommended Posts

Hello!

 

Login and password were sent via PM.

 

Thank you!

Hi,

 

Would appreciate if you could send to me too.

 

Thanks!

Share this post


Link to post
Hello!

 

Login and password were sent via PM.

 

Thank you!

 

Thank you very much. I will try it !

Share this post


Link to post
You are welcome!

 

We are now waiting for the results!

 

Thank you!

 

 

We have managed to fix around 200 machines so far so getting through them slowly. We have about another 800 to check and at least 200 of them we know are broken as they manage to report back, but at least we are getting through them quicker now then when we were using recovery mode.

Share this post


Link to post
We have managed to fix around 200 machines so far so getting through them slowly. We have about another 800 to check and at least 200 of them we know are broken as they manage to report back, but at least we are getting through them quicker now then when we were using recovery mode.

Hello!

 

Thank you for the feedback!

Please kindly check your private messages.

 

Best Regards,

Vitaly Kravtsov.

Share this post


Link to post

Regarding the instructions in case 2 in ftp://data14.kaspersky-labs.com/TCPIPFIX/instruction.txt,

So for the hosts that got affected by this issue and was rebooted afterwards, they will not be reachable on the network since the driver tcpip.sys is missing from C:\Windows\system32\drivers ?

If this is the case, then it won't be possible to install the Utility kaspersky_tcpip_fix.exe remotely on the affected hosts via Kaspersky Administration Server as there is no network connection between the Administration sever and the client computers.

Please advice what would be the best way for starting the utility kaspersky_tcpip_fix.exe on multiple computers? Does the utility has to be started locally on each individual computer one by one?

 

Thanks.

Share this post


Link to post
Regarding the instructions in case 2 in ftp://data14.kaspersky-labs.com/TCPIPFIX/instruction.txt,

So for the hosts that got affected by this issue and was rebooted afterwards, they will not be reachable on the network since the driver tcpip.sys is missing from C:\Windows\system32\drivers ?

If this is the case, then it won't be possible to install the Utility kaspersky_tcpip_fix.exe remotely on the affected hosts via Kaspersky Administration Server as there is no network connection between the Administration sever and the client computers.

Please advice what would be the best way for starting the utility kaspersky_tcpip_fix.exe on multiple computers? Does the utility has to be started locally on each individual computer one by one?

 

Thanks.

 

Hello!

If your PCs have lost connection to the network, unfortunately there is no way of starting this utility remotely.

So the answer is yes, you will have to launch the fix on each PC individually.

We are very sorry for the inconvenience.

Share this post


Link to post

Dear Kaspersky Lab users!

We would like to inform you that we have automated solutions for not yet rebooted (the network works) as well as for already rebooted machines (the network is not available).

Please send a private message to (KL CentralSupport user) in order to get this fix.

Please report back the results.

Thank you for your patience and cooperation!

Share this post


Link to post

KES 8.1.0.1042 was also effected by this on Friday.

 

Result: Detected: HEUR:Trojan.Win32.Generic

Object: C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21027_none_b3c0c6fce0a5263e\tcpip.sys

 

So has Kaspersky fixed this issue? Has it been corrected in a new pattern update?

Share this post


Link to post
KES 8.1.0.1042 was also effected by this on Friday.

 

Result: Detected: HEUR:Trojan.Win32.Generic

Object: C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21027_none_b3c0c6fce0a5263e\tcpip.sys

 

So has Kaspersky fixed this issue? Has it been corrected in a new pattern update?

Yes, the issue with the pattern update was fixed. Correct pattern updates were on the public servers at 16:00 UTC Friday.

 

 

Best regards.

Share this post


Link to post

Dear Kaspersky Lab users!

 

We would like to inform you that we have automated solutions for not yet rebooted (the network works) as well as for already rebooted machines (the network is not available).

 

Please send a private message to (KL CentralSupport user) in order to get this fix.

Please report back the results.

 

Thank you for your patience and cooperation!

Share this post


Link to post

We had this problem with a number of our computers. The fix worked great and we had everyone up and running quickly. However I just discovered the following error in the event log (log is in swedish, english translation below each row) on those computers:

 

---

2013-10-31 07:58:08 DHCPv6-klienttjänsten startas

"DHCPv6 client service is started"

 

2013-10-31 07:58:08 Ett fel uppstod när DHCPv6-klienttjänsten stoppades. Felkoden är 0x5. Avstängningsflaggans värde är 0.

"Error occurred in stopping the DHCPv6 service. Error code is 0x5, Shutdown flag value is 0."

---

 

This error occurs on every computer that had to be fixed. It does not occur on any other computer nor does it occur in the log prior to Kaspersky removing tcpip.sys and it's registry settings. So something is still not working correctly.

 

We are currently not using IPv6, but are planning to do so in the near future and this error does not look good in that regard!

 

Any help is much appreciated!

Share this post


Link to post
We had this problem with a number of our computers. The fix worked great and we had everyone up and running quickly. However I just discovered the following error in the event log (log is in swedish, english translation below each row) on those computers:

 

---

2013-10-31 07:58:08 DHCPv6-klienttjänsten startas

"DHCPv6 client service is started"

 

2013-10-31 07:58:08 Ett fel uppstod när DHCPv6-klienttjänsten stoppades. Felkoden är 0x5. Avstängningsflaggans värde är 0.

"Error occurred in stopping the DHCPv6 service. Error code is 0x5, Shutdown flag value is 0."

---

 

This error occurs on every computer that had to be fixed. It does not occur on any other computer nor does it occur in the log prior to Kaspersky removing tcpip.sys and it's registry settings. So something is still not working correctly.

 

We are currently not using IPv6, but are planning to do so in the near future and this error does not look good in that regard!

 

Any help is much appreciated!

 

Hello,

 

I have provided you instructions in PM. Please provide us a feedback on it.

 

Thank You!

 

Share this post


Link to post
Hello,

 

I have provided you instructions in PM. Please provide us a feedback on it.

 

Thank You!

 

As I wrote, I've already applied the fix. It worked great for IPv4. I also used regextr.exe to extract and restore the backup registry part. The error for DHCPv6 is still ocurring.

Share this post


Link to post
As I wrote, I've already applied the fix. It worked great for IPv4. I also used regextr.exe to extract and restore the backup registry part. The error for DHCPv6 is still ocurring.

 

I am sorry but I had to clarify that you have applied the same solution as it is different from the one described in this article (http://support.kaspersky.com/tcpip). Do I understand correctly that you have also tried to apply file extract.reg created?

Share this post


Link to post
I am sorry bu I had to clarify that you have applied the same solution as it is different from the one described in this article (http://support.kaspersky.com/tcpip). Do I understand correctly that you have also tried to apply file extract.reg created?

 

Yes, that is correct. It was correctly imported in to the registry and after reboot I have verified that indeed there are more values under the TCPIP6-service key in the registry. However, something is obviously still missing or incorrect.

Share this post


Link to post
Yes, that is correct. It was correctly imported in to the registry and after reboot I have verified that indeed there are more values under the TCPIP6-service key in the registry. However, something is obviously still missing or incorrect.

 

Can you please provide us %temp%\kavpatcher.log ?

Share this post


Link to post
There is no such file on the computers. The fix I have used is the one here: http://support.kaspersky.com/tcpip , since that was all that was published when it was needed.

 

I believe Evgeny Medvedev PM'd you a fix that is different from the fix at http://support.kaspersky.com/tcpip.

 

At least that is what he said in a previous reply:

 

I am sorry but I had to clarify that you have applied the same solution as it is different from the one described in this article (http://support.kaspersky.com/tcpip). Do I understand correctly that you have also tried to apply file extract.reg created?

Share this post


Link to post
Sorry, I missed that part! However the links in the PM are truncated so when you click on them they don't work.

 

I would just reply to his PM and ask to send it again. I'm sure there won't be a problem the next time he signs in.

Share this post


Link to post
Sorry, I missed that part! However the links in the PM are truncated so when you click on them they don't work.

 

I just re-sent it, please have a look.

Share this post


Link to post
I just re-sent it, please have a look.

Ok, this time the links worked!

 

However, this is exactly the same kaspersky_tcpip_fix.exe and regextr.exe and procedure as described on http://support.kaspersky.com/tcpip? Just automated. So this is exactly what I did on day 1.

 

Anyway, I've attached the log from running this fix.

 

And of course, since there is nothing new to this procedure, the DHCPv6 error is still occuring after reboot.

kavpatcherlog.txt

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.