Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Recent Virus is breaking TCP/IP.SYS

  • Please log in to reply
No replies to this topic

#1 DevNullTech


  • Members
  • 3 posts
  • Local time:11:59 PM

Posted 14 March 2012 - 09:14 AM

Recently I have seen several posts on bleeping computer and several computers come in to my shop with a virus that when removed terminates TCP/IP connectivity.

The machine typically generates an error when trying to obtain an IP of

ipconfig, internal error occured
ipconfig command gives the following error.
Windows IP Configuration

An internal error occurred: A device attached to the system is not

Please contact Microsoft Product Support Services for further help.

Additional information: Unknown media status code.

Please let me know, if any solution

Several measures can always be performed however these tools (most of which are not designed to resolve this problem I know) cannot fix this issue.

1) Checking for proxies
2) Running Malware bytes
3) Combofix
4) Minitoolbox
8) 5) Fubar Service Scanner
6) Rkill
7) Hijackthis
8) Spybot
9) Super-AntiSpyware
10) Running Winsock fix.

In the event that you receive the above error please result back to an old school fix.

I just managed to fix this identical problem on a clients computer. What is causing it is the TCPIP.SYS file in C:\windows\system32\drivers is a fake that is nailed into place by some jiggering of the FAT database or something in the NTFS low level format. This forum and others helped me get past the blind alleys, so I'm returning the favor.

To fix the problem, you have to replace TCPIP.SYS with a good copy. Reinstalling Windows will not allow you to replace it. Starting in Safe Mode Command Prompt won't give you the ability to rename or delete TCPIP.SYS. Starting Windows from the CD and using the Repair Console will also fail unless you follow this set of steps.

1. Get a copy of TCPIP.SYS by searching "TCPIP.SYS" on your machine, looking in hidden files and folders. You'll get a bunch of hits. Right click the files and check the preferences to get the most recent version that has Revision data from Microsoft. The one in C:\windows\system32\drivers is not gonna have any file data associated with it, even though it is exactly the same size as the good file.

2. Put the copy of TCPIP.SYS on the root of your C: drive. I had a problem when I made a folder for it, so I recommend just copying it directly to root.

3. Restart your computer with a Windows XP CD (WIN2000 would also work, I think) and select the Repair console function. Log in as Administrator (better know your administrator password!).

4.Navigate to C:\windows\system32\drivers. You will be able to see the TCPIP.SYS file there is you type in DIR, but you won't be able to delete or rename it.

5. Type in "CHKDSK /P". This runs a disk check on your hard drive and fixes errors whether the System thinks you need it or not.

6. Type "del TCPIP.SYS" and press Return.

7. Type in "CHKDSK /P" and run the disk check again (yes, I tried to do do this without this step the first time and it didn't work).

8. Type in "copy C:\TCPIP.SYS". You should get a message that this completed correctly.

9. Type in "CHKDSK /P" one last time just to be sure (I didn't confirm that this was required, but why waste all the previous effort?)

10. Type in "Exit" and let the computer restart. Your internet access should be restored, the Windows Firewall will work, and ipconfig should be able to config IP.

After performing the fix above, you should have internet Then you should be able to run any additional scanners. Some users have noted using a product named "windows enabler" will allow you to go into windows and unistall the TCP/IP Protocol from the TCP/IP Properties however I have not confirmed this method.

I just wanted to take the time to give something back to the community and thank all of the bleeping computer staff for their help. This should save several hours on a resolution for some.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users