Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260510 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    My workstations reported Sophos trying to quarantine and delete files OUTSIDE the Sophos folder, including Adobe and other locations. Also, the Sophos client broke on every workstation because it was deleting files it could not quarantine. I had everyone shut down their PCs to prevent further damage. Seems to be detecting every file/path with UPDATE in it:

     Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".


    :30047
Reply
  • 0

    My workstations reported Sophos trying to quarantine and delete files OUTSIDE the Sophos folder, including Adobe and other locations. Also, the Sophos client broke on every workstation because it was deleting files it could not quarantine. I had everyone shut down their PCs to prevent further damage. Seems to be detecting every file/path with UPDATE in it:

     Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".


    :30047
Children
No Data