Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    ktremain wrote:

    Unfortunately, you'll first need to restore the files that were moved. Perhaps a VB script that can extract the files/paths of the files in question from the sav.txt log, then copy just those files form the infected folder back to the original source. Or use PSEXEC to run a batch file across all affected systems to restore the files that were moved.

    Sorry, but thats not possible.  These machines are NOT on one site OR network.  They are on our customer sites updating over the internet to our datacentre.  There is NO way to run any scripts on them all centrally.  Some machines are even overseas.  Whats the status on Sophos releasing a "Fix-It" tool that our helpdesk can instruct users to run that will repair this mess?

    Unfortunately, such a tool is not in the works at the moment. Would something like the following be an option for you?

    1. Obtain copies of the endpoint files flagged with this FP

    2. Create a batch file to perform the file copies

    3. Use a tool like winrar to create a self extracting zip of the files that executes the batch file once extraction completes.

    4. Email sfx to users with instructions

    :30661
Reply
  • 0
    ktremain wrote:

    Unfortunately, you'll first need to restore the files that were moved. Perhaps a VB script that can extract the files/paths of the files in question from the sav.txt log, then copy just those files form the infected folder back to the original source. Or use PSEXEC to run a batch file across all affected systems to restore the files that were moved.

    Sorry, but thats not possible.  These machines are NOT on one site OR network.  They are on our customer sites updating over the internet to our datacentre.  There is NO way to run any scripts on them all centrally.  Some machines are even overseas.  Whats the status on Sophos releasing a "Fix-It" tool that our helpdesk can instruct users to run that will repair this mess?

    Unfortunately, such a tool is not in the works at the moment. Would something like the following be an option for you?

    1. Obtain copies of the endpoint files flagged with this FP

    2. Create a batch file to perform the file copies

    3. Use a tool like winrar to create a self extracting zip of the files that executes the batch file once extraction completes.

    4. Email sfx to users with instructions

    :30661
Children
No Data