Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260609 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    I've not had an AV vendor screw up this bad in 20+ years of being an admin. Lucky, maybe?

    This wouldn't be so bad if 1) it didn't hit too quickly to disable the bits affected (100+ nodes hit in less than a few minutes) and 2) it didn't also do things like quarantine it's own bits. How am I supposed to just call this a false positive when the software is comitting suicide?

    I think this means I get to re-deploy on a hundred or so systems:

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\cidsync.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\cidsync.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\cidsync.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000".



    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swi_update_64.exe.1.000".
    :30253
Reply
  • 0

    I've not had an AV vendor screw up this bad in 20+ years of being an admin. Lucky, maybe?

    This wouldn't be so bad if 1) it didn't hit too quickly to disable the bits affected (100+ nodes hit in less than a few minutes) and 2) it didn't also do things like quarantine it's own bits. How am I supposed to just call this a false positive when the software is comitting suicide?

    I think this means I get to re-deploy on a hundred or so systems:

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\cidsync.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\cidsync.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\cidsync.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000".



    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swi_update_64.exe.1.000".
    :30253
Children
No Data