False detection on file tcpip.sys at October 25, 2013

On Friday, October 25, 2013, Kaspersky Lab has released anti-virus databases, which was mistakenly added detection system file tcpip.sys. This anti-virus databases detected as a malicious file tcpip.sys in Kaspersky Anti-Virus 6.0 for Windows Workstations running under Windows 7 Service Pack 1 (32-bit), put the file in Quarantine and delete the registry keys that refer to the file.

At 20-00 (GMT +4:00) October 25, 2013 Kaspersky Lab released a fixed antivirus databases.

Kaspersky Lab recommends update anti-virus databases and apologizes for any inconvenience caused.

Also for resolving the problem, use one of the following methods:

Method 1: The computer has not been restarted, the network works:

  1. Update anti-virus databases, make sure it is done and applied.
  2. Run kaspersky_tcpip_fix.exe with administrator permissions.
  3. Check if file tcpip.sys has been restored in folder C:\Windows\system32\drivers.
    • If file has not been restored, manually restore it from Quarantine.
  4. If your network uses special settings (does not apply through DHCP), then:
    • Run regextr.exe <path to the backup of the SYSTEM hive – usually %windir%\system32\config\Regback\SYSTEM> <output reg-file e.g. extract.reg> with administrator permissions.
    • Run (apply) file extract.reg.
  5. Reboot PC.

Method 2: The computer has rebooted, the network is not available:

  1. Disable anti-virus protection in case to exclude detection of file again.
  2. Run kaspersky_tcpip_fix.exe with administrator permissions.
  3. Check if file tcpip.sys has been restored in folder C:\Windows\system32\drivers.
    • If file has not been restored, manually restore it from Quarantine.
  4. If your network uses special settings (does not apply through DHCP), then:
    • Run regextr.exe <path to the backup of the SYSTEM hive – usually %windir%\system32\config\Regback\SYSTEM> <output reg-file e.g. extract.reg> with administrator permissions.
    • Run (apply) file extract.reg.
  5. Reboot PC.
  6. Update anti-virus databases, make sure it is done and applied.
  7. Enable anti-virus protection.